SECURITY REPORT
APRIL 2020
SECURITY REPORT
APRIL 2020
Stay up to date with some of the most dangerous exploits currently in the wild.
These are our top recent vulnerabilities for priority patching.
For a comprehensive list of vulnerabilities, check the NIST Database regularly.
CVE | Product Affected | Description | CVSS Score (Version 3.1) |
CVE-2020-0796 | Microsoft | Windows SMB is a protocol used by PCs for file and printer sharing, as well as for access to remote services. Recently, SMB attacks have been on the rise. The latest involves a potentially wormable bug that could result in a remote code execution attack on a targeted SMB server or client. As a workaround, users can disable SMBv3 compression. | V3.1: 10.0 Critical |
CVE-2020-3264 | CISCO | Cisco released a series of patches for its SD-WAN cloud scale architecture. They are all caused by insufficient input validation and could potentially have a high impact. | V3.1: 7.1 High / 7.8 High / 7.8 High |
CVE-2020-3848 / CVE-2020-3849 / CVE-2020-3850 | Apple | Apple released patches to fix bugs in its Core BlueTooth that may allow a remote attacker to cause unexpected application terminations or arbitrary code executions. Fixes have been released for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6 and macOS Catalina 10.15.2. | V3.1: 9.8 Critical |
CVE-2020-3808 | Adobe | Adobe has released a security update for the Adobe Creative Cloud Desktop Application for Windows. Affecting versions 5.0 and earlier, they have a time-of-check to time-of-use (toctou) race condition vulnerability. This update addresses this critical vulnerability. Successful exploitation could lead to arbitrary file deletion. | V3.1: 5.9 Medium |
CVE-2020-3950 | VMWare | VMware Fusion, VMRC for Mac and Horizon Client for Mac contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges. | V3.1: 7.8 High |
CVE-2020-8467 / CVE-2020-8468 | Trend Micro | Trend Micro has released Critical Patches (CP) for Trend Micro Apex One and OfficeScan XG that resolve multiple vulnerabilities in the product. These include a vulnerability which could allow remote attackers to execute arbitrary code on affected installations and a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. | V3.1: 8.8 High |
CVE-2020-0550 | Intel | A flaw was found in the Intel CPU’s cache coherency mechanism. A microarchitectural (hardware) implementation issue that could allow an unprivileged local attacker to bypass conventional system security controls to infer on-CPU Level 1 cache contents is present. | V3.1: 5.6 Medium |
CVE-2020-6009 | WordPress | LearnDash WordPress plugin version below 3.1.6 is vulnerable to Unauthenticated SQL Injection. | V3.1: 9.8 Critical |
Microsoft is warning users that a new critical remote code execution bug is in the wild and actively being exploited with no patches available yet.
Located in the Windows Adobe Type Manager Library, the bug affects Windows versions 7, 8.1, RT 8.1 and 10, which are all susceptible to the remote code executions.
This is in addition to Windows Server 2008 service pack 2 onwards, where the default Enhanced Security Configuration does not mitigate against the vulnerability.
Until patches become available, Microsoft suggests 3 possible workarounds:
Source
www.itnews.com
Microsoft recently disclosed a vulnerability in its Server Message Block (SMB) version 3.1.1 protocol. The critical vulnerability is so severe, it has been assigned a maximum score of 10 on the Common Vulnerability Scoring System (CVSS).
It is widely being referred to as EternalDarkness, in reference to earlier SMB exploits such as EternalBlue and EternalRomance.
This latest vulnerability is believed to be ‘wormable’, meaning it could automatically propagate or ‘worm’ through other computer systems without any user interaction. Wormable bugs have been used in the past to devastating effect.
Microsoft released an out-of-band update to fix the remote code execution vulnerability. Administrators should apply the patch urgently or implement workarounds for systems that cannot be updated right away, including disabling SMBv3 compression in your SMB Server and blocking SMB traffic in your firewall.
Source
www.cyber.gov.au/
In response to the significant increase in COVID-19 related hacking, 400 leading cybersecurity experts formed an international group: CTI League.
Hailing from more than 40 countries, the group includes senior representatives from companies including Amazon and Microsoft.
Cybersecurity for hospitals and healthcare facilities are the top priority. For some time, health data has been highly valued by hackers. With medical institutions buckling under the weight of COVID-19, there is significant concern that they will be more susceptible to ransomware attacks and other cyber-threats.
Marc Rogers, a founding member of the CTI League, stated that the group had already seen successes in fighting the spread of malicious software. This collaboration will undoubtedly help in the effort to keep organisations safe from the threat of cyber-crime.
Source
www.crn.com.au
Two new Zero-Day exploits in Zoom, the popular video conferencing application, have been published.
Once again, it appears Zoom contains many vulnerabilities. Organisations should be extremely cautious about using Zoom for any teleconferencing purposes that require confidentiality.
Former National Security Agency staffer Patrick Wardle found that the app dodges consent during installation by using an application programming interface that Apple says should not be used by developers. Zoom has therefore created a serious privilege escalation vulnerability that could be exploited by local, non-admin users to gain root access.
The second exploit allows malicious code to be injected into the process space that handles Zoom’s access to the microphone and camera on Macs. The upshot of this being that these could be accessed without users receiving warning prompts.
Zoom founder Eric Yuan revealed that this design was intended to make video conferencing easier for Mac users. However, he has admitted the need for remediation.
Whilst no timeframe has been given for the fixes, the installer and client are currently being updated to ensure that security concerns are mitigated.
The Australian Signals Directorate has issued a warning to users of video conferencing apps, suggesting that if video conferencing traffic heads offshore, as it does with Zoom, it could be intercepted and harvested by foreign spies and criminals.
Any teleconferencing service provider that claims ownership over your conversations and data should be avoided.
Hackers are taking advantage of people’s fears by launching a wave of COVID-19 themed phishing attacks.
Typically, these attacks deliver malicious links or attachments to people purporting to be from trusted organisations. Sometimes they claim to be from healthcare organisations, at other times from financial institutions or even government agencies such as the Australian Taxation Office.
Delivered via email, SMS, voice message, or other communications platforms such as Zoom and Microsoft Teams, they create a sense of urgency to dupe unsuspecting people into clicking the link or opening the attachment.
Even downloadable apps aren’t always secure. Recently, a trojan was discovered in an Android app which claimed to track the global number of COVID19 cases. However, once the app was installed, it locked the mobile device and demanded $100 worth of bitcoin in order to unlock it. If the ransom was not paid, the attackers threatened to delete all the victim’s data within 24 hours.
Once the recipient a recipient clicks a malicious link or opens an attachment, malware can be installed on the computer or mobile device.
The most common purpose of these attacks is credential harvesting. Hackers seek to steal confidential login and password details to online banking platforms, email or social media accounts. This enables them to engage in identity theft and financial fraud.
In an age of remote working, people are particularly vulnerable. When working from home, the sorts of security measures within the corporate environment don’t exist. People use weaker home wi-fi networks, whilst remotely accessing the enterprise network from outside heightens the risks to an organisation’s valuable corporate, financial, customer and staff data.
Users are strongly advised to take additional precautions when receiving files from unknown senders, when opening attachments and clicking on links, particularly where they contain special urgent news or safety information, as well as lookalike domains containing spelling errors.
Heightened awareness is key given the scale of threats and the increased possibility that one click could lead to your system’s compromise.
A national public health crisis, such as the current COVID-19 pandemic, makes coordination between a range of government departments and agencies more urgent than ever.
This necessitates the exchange of personal information in ways that wouldn’t be required under normal circumstances.
It’s a reality that has been recognised by the Office of the Australian Information Commissioner (OAIC).
Whist privacy laws at the Federal, State and Territory levels contain mechanisms to permit the exchange of critical data in such circumstances, it is essential to ensure that personal information is “protected and handled in a way that is reasonable, necessary and proportionate”.
As such, a National Covid-19 Privacy Team has been set-up to coordinate the response of privacy regulators across Australia.
The new body maintains that, even under present conditions, an individual’s privacy remains a key consideration. They are therefore emphasising the importance of conducting short-term Privacy Impact Assessments to manage, minimise or eliminate privacy impacts.
You can learn more about conducting Privacy Impact Assessments here.
The OAIC is also reminding Australian organisations that the Australian Privacy Principles must continue to be adhered to, even under conditions where remote working is occurring.
With the mass move to remote working, an unprecedented amount of employers’ data is moving from professionally managed corporate networks to home Wi-Fi setups, often protected with basic passwords. Hackers are already looking to take advantage of this reduced security to infiltrate corporate networks.
Cybersecurity professionals are warning about the implications of making access to critical corporate data easier.
The Australian Cyber Security Centre (ACSC) is encouraging Australian organisations to remain vigilant and ensure their Virtual Private Networks (VPNs) and firewalls are up to date with the most recent security patches
Hackers are seizing this new opportunity to increase the sophistication of phishing attacks with coronavirus themed alerts, warnings or apps. Australian organisations should be wary of a surge in malicious emails, such as health advice from hackers masquerading as trusted bodies like the World Health Organisation, or the Australian Medical Association.
At a time when all responsible bodies should be seeking to increase community awareness around the importance of password security, the practice of Screen Scraping is sending precisely the wrong message.
The Commonwealth Bank is the latest organisation to publicly repudiate the controversial practice, which involves individuals handing over their login and password credentials to 3rd party financial organisations when applying for financial products from them.
The practice allows a financial organisation to login to a potential customer’s existing bank accounts with other institutions, in order to investigate their credit-worthiness. The practice puts the customer at all kinds of risk and may invalidate their ability to receive compensation in the event that they are subjected to financial fraud.
In its submission to a Senate Committee review of Consumer Data Rights, the CBA argued that customers engaging in this practice could double their chance of experiencing digital fraud.
Concerns surrounding Screen Scraping are shared by many mainstream financial institutions, as well as cybersecurity experts, including CyberCX.
Source
www.itnews.com.au
Australia rose 12 places, up to 15th in the latest Comparitech cybersecurity ranking.
Comprising 76 countries, the rankings evaluate susceptibility to a number of cyber-threats, including the percentage of devices infected with malware and the prevalence of financial cyber-attacks.
Despite Australia’s stronger position, room for improvement exists. The report found over confidence in security readiness amongst Australian businesses.
Chubb’s latest SME cyber preparedness report reveals that 32 per cent of senior business leaders believe their companies will never experience a cyber incident, whilst 79 per cent expressed confidence they could overcome a breach by sophisticated hackers within 24 hours.
Source
ia.acs.org.au
This Information Security Report is brought to you by Shearwater Solutions.
The Information Security Report is a monthly summary, compiled by Shearwater’s experienced cybersecurity professionals, to highlight the vulnerabilities and new attack vectors in some of the latest active threats, exploits and breaches and share recommendations to help you protect your data and stay a step ahead.
Whatever your Information Security challenge, we’re here to help you find the right solution.