Services
Research
Blog
Help
Pricing
Download
hexway » Blog » CYBERSECURITY NEWS V. 13.11 - Adobe patches, Apple 0-day vulnerabilities, New ransomware Pay2Key
13 November 2020

CYBERSECURITY NEWS V. 13.11 – Adobe patches, Apple 0-day vulnerabilities, New ransomware Pay2Key

hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates with comments from our experts

News for discussion

Emergency patches for Adobe Acrobat and Adobe Reader

Adobe has released updates for Adobe Acrobat and Adobe Reader products. The company has patched 14 vulnerabilities in Acrobat DC for Windows and macOS, Acrobat Reader DC, Acrobat 2020, Acrobat Reader 2020, Acrobat 2017, and Acrobat Reader 2017. Four critical bugs (CVE-2020-24435, CVE-2020-24436, CVE-2020-24430, and CVE-2020-24437) are related to heap buffer overflow, out-of-bounds writing, and use-after-free problem. All of these vulnerabilities can be exploited to execute arbitrary code. However, Adobe says it is not aware of any attacks exploiting these vulnerabilities.

hexway commentary:

As any news about critical vulnerabilities in popular products, this case has to make us ask ourselves: Am I using this product? If so, then I'll go and install the latest updates. We highly recommend doing that since cybercriminals could very often exploit vulnerabilities in Adobe Acrobat and Adobe Reader by sending malicious emails to penetrate the holy of holies of any company – its internal network.

News FYI

Apple patches three zero-day vulnerabilities in iOS and macOS

Apple introduced iOS 14.2, where they fixed three zero-day vulnerabilities that had been actively exploited by hackers. The Google Project Zero team discovered the vulnerabilities. Google has yet to publish the details, but the attacks are similar to the recently disclosed zero-day vulnerabilities in Windows and Chrome. CVE-2020-27930 is an RCE in the iOS FontParser component; CVE-2020-27932, an iOS kernel privilege escalation vulnerability, allows attackers to run malicious code with kernel-level privileges; finally, CVE-2020-27950 is an iOS kernel memory leak. All three bugs were likely used together, allowing attackers to hack iPhones remotely.

New ransomware Pay2Key encrypts corporate networks in under an hour

The new Pay2Key ransomware targets organizations in Israel and Brazil. Attackers use the Remote Desktop Protocol (RDP) to gain access to victims' computers. Once they have infiltrated a victim's networks, they quickly begin encrypting the systems and spreading the ransomware across the entire network, which takes less than an hour. Having penetrated the local network, hackers install a proxy server on one of the devices to ensure communication with the C&C server. The payload (Cobalt.Client.exe) is launched remotely with the PsExec utility. Once encryption is complete, ransom notes remain in the compromised systems. The ransom usually amounts to 7-9 bitcoins. Pay2Key is written in C ++ and has no analogs. It encrypts files with an AES key and uses RSA keys to communicate with the C&C server. A free decryptor for files encrypted with Pay2Key is not available yet.

RansomExx now encrypts Linux systems

RansomEXX is a relatively new ransomware strain first discovered in June. It poses a particular threat because it is human-operated. These attacks are often much more dangerous than the automated ones: cybercriminals, as a rule, use completely legitimate means to move inside the attacked network, thereby remaining unnoticed by standard protective equipment. The Linux version of the ransomware is an ELF executable file called "svc-new". It generates a 256-bit key to encrypt all files on the server using the AES block cipher in ECB mode when launched. In turn, the AES key is encrypted with an RSA-4096 public key embedded in the malware code; then, it is added to all encrypted files.

Data of 34 million users stolen from 17 companies on sale

The Cybercrime Forum sells a database of 34 million user entries. The seller claims to have stolen it from 17 different companies. The details of these attacks are still unknown. The database contains emails, passwords, phone numbers, usernames, credit card data, and IP addresses. All these records were obtained in 2020. The largest leak occurred at Geekie.com.br, where 8,100,000 records were stolen. The most famous affected company is the Singapore-based RedMart (1,100,000 entries). Notably, none of the 17 companies have previously reported any security issues or data breaches. As of today, only RedMart is investigating the leak.

Popular
25 February 2021
cybersecurity-news-v-25-02-silver-sparrow-watchdog-mines-cryptocurrency-kia-motors-america-hit-by-doppelpaymer
Read
17 February 2021
cybersecurity-news-v-17-02-0-day-in-webkit-avaddondecrypter-12-year-old-bug-in-windows-defender
Read
10 February 2021
cybersecurity-news-v-10-02-morse-code-in-malicious-urls-chrome-update-cd-projekt-red-hit-by-ransomware
Read
26 June
2020
CYBERSECURITY NEWS V. 06.26 –...

hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates with […]

11 January
2020
CYBERSECURITY NEWS V. 1.11. –...

Citrix ADC CVE-2019-19781 – exploits revealed A recently found vulnerability in Citrix Application Delivery Controller ADC (former NetScaler ADC) and […]

11 February
2020
Cybersecurity News V. 2.11 –...

Severe WhatsApp vulnerability patched Facebook has released a patch for WhatsApp vulnerability (CVE-2019-18426). WhatsApp Desktop prior to version 0.3.9309 allowed […]

Subscribe to be notified about our updates and new research

    © Hexway
    Privacy policy
    Contacts
    How to get started with Hive
    You’re one step away from the Hive

      We need it to send the guide
      I agree to the processing of my personal data
      Your mail is send!
      Thank you for trust!
      Back
      Contact us

        I agree to the processing of my personal data
        Your mail is send!
        Thank you for trust!
        Back
        Contact us

          I agree to the processing of my personal data
          Your mail is send!
          Thank you for trust!
          Back