Security news weekly round-up - 3rd July 2020

Habdul Hazeez - Jul 3 '20 - - Dev Community

Cover photo by Jazmin Quaynor on Unsplash.

Introduction

Welcome to the weekly round-up of security news from around the Web. I hope your week was fine.

This week it's all mostly about vulnerabilities.


e-Commerce Site Hackers Now Hiding Credit Card Stealer Inside Image Metadata

This is really crafty. EXIF data on a normal day contains data about an image like when it was taken, the camera type, light exposure e.t.c. In this case the perpetrators found a way to embed JavaScript code in the EXIF data in order to steal credit card details from infected websites.

Excerpt from the article:

Every image comes embedded with information about the image itself, such as the camera manufacturer and model, date and time the photo was taken, the location, resolution, and camera settings, among other details.

Using this EXIF data, the hackers executed a piece of JavaScript that was concealed in the "Copyright" field of the favicon image.

"As with other skimmers, this one also grabs the content of the input fields where online shoppers are entering their name, billing address, and credit card details," the researchers said.

Driver Vulnerabilities Facilitate Attacks on ATMs, PoS Systems

In today's' modern world Automated Teller Machine and Point Of Sale systems needs no introduction.

Excerpt from the article:

According to Eclypsium, vulnerabilities affecting the drivers running on ATMs or PoS devices could allow attackers to escalate privileges and gain “deeper access” into the targeted system.

“By taking advantage of the functionality in insecure drivers, attackers or their malware can gain new privileges, access information, and ultimately steal money or customer data,” Eclypsium explained.

Palo Alto Networks patches critical vulnerability in firewall OS

The title says it all.

Excerpt from the article:

Palo Alto Networks disclosed a critical vulnerability found in the operating system (PAN-OS) of all its next-generation firewalls that could allow unauthenticated network-based attackers to bypass authentication.

Windows Codecs Library Vulnerabilities Allow Remote Code Execution

Excerpt from the article:

Both of these vulnerabilities are related to the manner in which the affected Windows component handles objects in memory and both feature a CVSS score of 7.3.

Despite that, however, Microsoft considers one to be critical severity, while the other is assessed as being important.

The reason for that is likely the fact that exploitation of the more severe of these issues, which is tracked as CVE-2020-1425, could allow an attacker to harvest data that can be used for further system compromise.

Zoom Got Big Fast. Then Videobombers Made It Rework Security

Remember Zoom and some of its security issues? The story highlights why they had to take security seriously when they became popular.

Excerpt from the article:

And just as quickly as Zoom became a household name for connecting work colleagues, church and school groups, friends, family, book clubs and others during stay-at-home lockdowns, it also gained a reputation for lax security as intrusive “videobombers” barged into private meetings or just spied on intimate conversations.

Critical Apache Guacamole Flaws Put Remote Desktops at Risk of Hacking

According to the official website of Apache Guacamole:

Apache Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH.

Now, there is flaw that could put Remote Desktops at risk.

Excerpt from the article:

The reported flaws could potentially let bad actors achieve full control over the Guacamole server, intercept, and control all other connected sessions.

Cisco Discloses Details of Chrome, Firefox Vulnerabilities

Update your Firefox and Chrome browsers before proceeding. If you are from the future and Firefox and Chrome are still popular like they in 2020, you should still update your browser.

Excerpt from the article:

The vulnerability, described as a memory corruption issue, impacts PDFium, the open source PDF renderer used by Chrome and other applications. An attacker could exploit the weakness for remote code execution in the browser by getting the targeted user to open a specially crafted document that contains JavaScript code.

“PDFium supports execution of Javascript scripts embedded inside PDF documents. As Chrome itself, PDFium uses V8 as its Javascript engine. This vulnerability lies in a way V8 in a specific configuration processes regular expressions,” Talos explained.

As for the Firefox vulnerability, Talos disclosed the details of CVE-2020-12418, a high-severity issue related to the URL mPath functionality, which can be exploited to obtain information that could allow the attacker to bypass ASLR and execute arbitrary code. Exploitation involves getting the targeted user to access a web page containing a specially crafted URL object.


That's it for this week, I'll see you next Friday.

Edit July 10, 2020: Add cover photo credit.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .