Security news weekly round-up - 17th July 2020

Habdul Hazeez - Jul 17 '20 - - Dev Community

Cover photo by Jazmin Quaynor on Unsplash.

Introduction

Welcome to the weekly round-up of security news from around the Web. I hope your week was fine.

This week it is mostly about software flaws and hacking.


Digicert revokes a raft of web security certificates

Digicert is among the top certificate authority (CA) and they recently revoked some certificates as indicated in the linked story title.

Excerpt from the article:

If you run a website and your certificate has been revoked, you’ll probably realise when you or any of your customers try to visit it, because you will see a security warning.

But you may as well check the validation chain on your certificate anyway, and one easy visual way to do this is with the Firefox browser.

Cisco fixes critical pre-auth flaws allowing router takeover

The title says it all.

Excerpt from the article (numerical date addition is mine):

Cisco today (July 15, 2020) has released security updates to address critical remote code execution (RCE), authentication bypass, and static default credential vulnerabilities affecting multiple router and firewall devices that could lead to full device takeover.

Several High-Profile Accounts Hacked in the Biggest Twitter Hack of All Time

Twitter accounts getting hacked to perform bitcoin scams is not a new thing. This time, it happened on a massive scale due to the popularity of the accounts compromised.

Excerpt from the article:

A number of high-profile Twitter accounts, including those of US presidential candidate Joe Biden, Amazon CEO Jeff Bezos, Bill Gates, Elon Musk, Uber, and Apple, were breached simultaneously in what's a far-reaching hacking campaign carried out to promote a cryptocurrency scam.

The broadly targeted hack posted similar worded messages urging millions of followers to send money to a specific bitcoin wallet address in return for larger payback.

New Android Malware Now Steals Passwords For Non-Banking Apps Too

Computer malware does not seem to be disappearing anytime soon. In regard to android malware they are quite popular because they steal banking details from user using techniques that can steal a user OTP (One Time Password) meant to complete a banking transaction or the password to the user account itself.

This time, the malware in question now steals password from banking and non-banking applications.

Excerpt from the article:

Dubbed "BlackRock" by ThreatFabric researchers, which discovered the trojan in May, its source code is derived from a leaked version of Xerxes banking malware, which itself is a strain of the LokiBot Android banking trojan that was first observed during 2016-2017.

Chief among its features are stealing user credentials, intercepting SMS messages, hijacking notifications, and even recording keystrokes from the targeted apps, in addition to being capable of hiding from antivirus software.

A New Flaw In Zoom Could Have Let Fraudsters Mimic Organisations

It is 2020 and in my opinion, Zoom needs no introduction.

Excerpt from the article:

The said vulnerability resides in Zoom's customizable URL feature dubbed Vanity URL, aiming to let companies create a custom URL on its subdomain and branded landing page, such as "yourcompany.zoom.us," where the invitation link to a meeting then looks like https://organization_name.zoom.us/j/##########, instead of regular https://zoom.us/j/########## format.

CheckPoint team found that due to improper account validation, any meeting ID could have been launched using any organisation's Vanity URL, even if a meeting was set up by a separate individual account.

Iranian Hackers Accidentally Exposed Their Training Videos (40 GB) Online

No system is safe.

Excerpt from the article.

An OPSEC error by an Iranian threat actor has laid bare the inner workings of the hacking group by providing a rare insight into the "behind-the-scenes look into their methods."

IBM's X-Force Incident Response Intelligence Services (IRIS) got hold of nearly five hours worth of video recordings of the state-sponsored group it calls ITG18 (also called Charming Kitten, Phosphorous, or APT35) that it uses to train its operators.

17-Year-Old Critical 'Wormable' RCE Vulnerability Impacts Windows DNS Servers

Remote Code Execution is bad news for any software.

Excerpt from the article:

The 17-year-old remote code execution flaw (CVE-2020-1350), dubbed 'SigRed' by Check Point, could allow an unauthenticated, remote attacker to gain domain administrator privileges over targeted servers and seize complete control of an organization's IT infrastructure.

A threat actor can exploit SigRed vulnerability by sending crafted malicious DNS queries to a Windows DNS server and achieve arbitrary code execution, enabling the hacker to intercept and manipulate users' emails and network traffic, make services unavailable, harvest users' credentials and much more.


That's it for this week, I'll see you next Friday.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .