Security news weekly round-up - 7th August 2020

Habdul Hazeez - Aug 7 '20 - - Dev Community

Contrary to the tradition of this weekly round-up that always contains seven links, there are ten links in this round-up hence, the five minutes reading time.

Introduction

Welcome to the weekly round-up of security news from around the Web. I hope your week was fine.

This week includes the following:

  • The Twitter hack
  • Malware
  • Bug
  • Information leak
  • Software and Hardware attacks

17-Year-Old 'Mastermind', 2 Others Behind the Biggest Twitter Hack Arrested

We covered the Twitter Hack three weeks ago but apparently some individuals have been arrested in relation with the attack.

Excerpt from the article:

A 17-year-old teen and two other 19 and 22-year-old individuals have reportedly been arrested for being the alleged mastermind behind the recent Twitter hack that simultaneously targeted several high-profile accounts within minutes as part of a massive bitcoin scam.

According to the U.S. Department of Justice, Mason Sheppard, aka "Chaewon," 19, from the United Kingdom, Nima Fazeli, aka "Rolex," 22, from Florida and an unnamed juvenile was charged this week with conspiracy to commit wire fraud, conspiracy to commit money laundering, and the intentional access of a protected computer.

GandCrab ransomware hacker arrested in Belarus

GandCrab is an infamous ransomware that is reported to have earned its creators $2 billion.

Excerpt from article the:

Law enforcement in Belarus has announced the arrest of a 31-year-old man who is alleged to have extorted more than 1000 victims with the infamous GandCrab ransomware in 2017 and 2018.

He apparently demanded payments ranging from $400 to $1500 in Bitcoin.

NodeJS module downloaded 7M times lets hackers inject code

NodeJS is a JavaScript runtime written in C++ and it's used to develop applications.

The NPM (Node Package Manager) library host packages written for NodeJS and apparently a package has a security flaw that could allow attackers perform a DoS attack.

Excerpt from the article:

A Node.js module downloaded millions of times has a security flaw that can enable attackers to perform a denial-of-service (DoS) attack on a server or get full-fledged remote shell access.

Assigned CVE-2020-7699, the vulnerability lies in the "express-fileupload" npm component, which has been downloaded at least 7.3 million times from npm.

The estimate is conservative as it does not take into account downloads from GitHub, mirror websites, and other cloned repositories.

Apple Touch ID Flaw Could Have Let Attackers Hijack iCloud Accounts

The title says it all.

Excerpt from the article:

The central premise of the flaw is as follows. When users try to sign in to a website that requires an Apple ID, a prompt is displayed to authenticate the login using Touch ID. Doing so skips the two-factor authentication step since it already leverages a combination of factors for identification, such as the device (something you have) and the biometric information (something you are).

Researcher Demonstrates 4 New Variants of HTTP Request Smuggling Attack

Hypertext Transfer Protocol is a transfer protocol that is used in information systems. Other protocols used include HTTPS and TLS.

Excerpt from the article:

HTTP request smuggling (or HTTP Desyncing) is a technique employed to interfere with the way a website processes sequences of HTTP requests that are received from one or more users.

A new research has identified four new variants of HTTP request smuggling attacks that work against various commercial off-the-shelf web servers and HTTP proxy servers.

Vulnerabilities related to HTTP request smuggling typically arise when the front-end (a load balancer or proxy) and the back-end servers interpret the boundary of an HTTP request differently, thereby allowing a bad actor to send (or "smuggle") an ambiguous request that gets prepended to the next legitimate user request.

Intel, ARM, IBM, AMD Processors Vulnerable to New Side-Channel Attacks

Here is what I am going to say: No system is safe.

Excerpt from the article:

It turns out that the root cause behind several previously disclosed speculative execution attacks against modern processors, such as Meltdown and Foreshadow, was misattributed to 'prefetching effect,' resulting in hardware vendors releasing incomplete mitigations and countermeasures.

Sharing its findings with The Hacker News, a group of academics from the Graz University of Technology and CISPA Helmholtz Center for Information Security finally revealed the exact reason behind why the kernel addresses are cached in the first place, as well as presented several new attacks that exploit the previously unidentified underlying issue, allowing attackers to sniff out sensitive data.

The new research explains microarchitectural attacks were actually caused by speculative dereferencing of user-space registers in the kernel, which not just impacts the most recent Intel CPUs with the latest hardware mitigations, but also several modern processors from ARM, IBM, and AMD — previously believed to be unaffected.

Intel leak: 20GB of source code, internal docs from alleged breach

We've not seen the last of this leak.

Excerpt from the article:

The cache of secret information is 20GB large and comes from an unknown source. It was announced as the first part in a series of Intel leaks.

According to Tillie Kottmann, a developer and reverse engineer who received the documents from an anonymous hacker, most of the information is supposed to be protected intellectual property. The developer was told that the information was stolen from Intel in a breach this year.

Unpatched bug in Windows print spooler lets malware run as admin

Yet another bug.

Excerpt from the article:

Researchers found a way to bypass a patch Microsoft released to address a bug in the Windows printing services, which gives attackers a path to executing malicious code with elevated privileges.

Tracked as CVE-2020-1048, the initial flaw received an initial fix in May and another one is coming with this month’s rollout of security updates from Microsoft.

Canon confirms ransomware attack in internal memo

Another company suffers a ransomware attack.

Excerpt from the article:

​Canon has suffered a ransomware attack that impacts numerous services, including Canon's email, Microsoft Teams, USA website, and other internal applications. In an internal alert sent to employees, Canon has disclosed the ransomware attack and working to address the issue.

How COVID-19 Has Changed Business Cybersecurity Priorities Forever

The impact of COVID-19 pandemic is what no-one could have predicted a year ago.

Excerpt from the article:

For much of this year, IT professionals all over the globe have had their hands full, finding ways to help businesses cope with the fallout of the coronavirus (COVID-19) pandemic. In many cases, it involved a rapid rollout of significant remote work infrastructure. That infrastructure was called into service with little to no warning and even less opportunity for testing. Needless to say, the situation wasn't ideal from a cybersecurity standpoint.


That's it for this week, I'll see you next Friday.

Cover photo by Jazmin Quaynor on Unsplash.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .