CYBERSECURITY NEWS V. 10.09 – Vulnerability in Cisco Jabber, New Trojan PyVil, Joker malware
hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates with comments from our experts
News for discussion
Critical vulnerability in Cisco Jabber for Windows
Cisco Jabber for Windows has a critical RCE vulnerability with a severity rating of 9.9 (CVE-2020-3495). It is caused by incorrect validation of incoming messages and can be used for creating a worm. It could be exploited by sending crafted XML-based Extensible Messaging and Presence Protocol (XMPP) messages to the Jabber client. Three vulnerabilities of medium severity were also found: protocol handler command injection (CVE-2020-3430), information disclosure (CVE-2020-3498), and Universal Naming Convention link handling vulnerability (CVE-2020-3537). Cisco is not aware of any of these vulnerabilities being exploited; all of them are now fixed.
What do we have:
- CVE-2020-3495, has a severity rating of 9.9 out of 10
- recommendations are immediately patched
- many mentions in the press.
Let's figure it out a bit. Found vulnerability - XSS! Yes, just XSS. As is often the case for desktop applications, XSS simply flows into RCE. As a result, we have a fairly trivial vulnerability with a rather serious impact.
Well, some thoughts out loud.
Do I need to patch? Well, of course!
Is it a trivial bug? Even some!
The question is, why was it found only now (after all, we all know the love of script kiddies for such vectors)? We have at least two answers to this question:
1. Cisco Jabber for Windows is a product of little interest, used by 1.5 people and 2 universities, as a result of which the first information security researcher who came across immediately came across such an obvious bug
2. The Cisco Jabber for Windows development team spent no more than 7 minutes of their time auditing the code and did not notice such a simple vulnerability
Cisco Jabber for Windows? Well, come on.
WhatsApp fixed six flaws
WhatsApp has fixed six flaws that were found during code review and through Facebook's bug bounty program. The company has also created a security advisory page to keep users informed about bugs and updates. CVE-2020-1890 is a URL validation issue in the Android versions of WhatsApp (before v2.20.11) and WhatsApp Business (before v2.20.2). Exploited through sending a sticker message with deliberately garbled data, it could make the recipient download an image from a URL controlled by the attacker without user interaction. Another vulnerability, CVE-2020-1894, is a write stack overflow that could allow arbitrary code execution when a specially crafted PTT message is played.
Six Android apps contain Joker malware
Six applications containing Joker (also known as Bread) spyware have been removed from the Google Play store. Joker is a billing scam malware family that appeared in 2017 and started growing in 2019. At least 200,000 users have fallen victim to it by downloading the following applications: Convenient Scanner 2, Separate Doc Scanner, Safety AppLock, Push Message-Texting & SMS, Emoji Wallpaper, and Fingertip GameBox.
Critical vulnerability in WordPress File Manager allowed website hijacK
Hackers have been exploiting a severe RCE allowing them to download scripts and execute arbitrary code on WordPress sites running vulnerable versions of the File Manager plugin. Attackers are trying to download a malicious script hardfork.php that allows them to inject malicious code into /wp-admin/admin-ajax.php and / wp-includes / on WordPress sites. user.php scripts. Although the vulnerability has been fixed in the new version of the plugin (6.9), more than 90% of websites remain vulnerable by not installing the update.
New Trojan PyVil
PyVil is a new Python-based RAT developed by the Evilnum APT Group and designed to target FinTech organizations. The Trojan allows an attacker to secretly steal corporate information by using keyloggers and taking screenshots and collect information about the infected system, including OS version, installed AV software, and connected devices. Companies in the UK, Australia, and Canada have already become victims of PyVil.