CYBERSECURITY NEWS V. 17.09 – BLURtooth vulnerability, Adobe patches, New victims of Netwalker
hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates with comments from our experts
News for discussion
Bluetooth-enabled devices are susceptible to man-in-the-middle attacks
A Cross Transport Key Derivation flaw (CVE-2020-15802) in Bluetooth could allow man-in-the-middle attacks. For a successful attack, the attacker should be within the range of the vulnerable Bluetooth device. All devices using Bluetooth versions 4.0 to 5.0 are vulnerable. No patches are available at this time. The only way to protect yourself is to control the environment in which Bluetooth devices are paired.
We at hexway like Bluetooth attacks, and especially we like Bluetooth attacks that have practical applications (for example, during a RED Team). BLURtooth is hardly like that. Is there a vulnerability? Yes, there is a bug. Is this attack dangerous for ordinary people? well, nooo. The attacker should manage to intervene in the pairing process between devices in order to carry out the attack.
Summary. Excellent academic reseach? Yes! Is the world a little safer? Well, of course! Will real attackers use this? Nope. This is probably why vendors are in no hurry with fixes 🙂
Adobe patches critical vulnerabilities in Experience Manager, InDesign, and Framemaker
Weave Scope used in attacks against Docker and Kubernetes infrastructures
Weave Scope is an open-source visualization and monitoring software that allows users to observe running processes and container network connections in cloud environments. The program allows administrators to run shells in clusters as root and does not require authentication by default. Attackers could gain access to all information about the victim's server environment, as well as the ability to control installed applications. Once inside, hackers create a new privileged container that runs a clean Ubuntu. They configure the container to connect its file system to the file system of the victim server and gain access to files on the server. Then they instruct the container to download and launch cryptocurrency miners. Finally, try to elevate their privileges and ultimately install Weave Scope.
Intel fixes a critical bug that allows privilege escalation
Intel has fixed the CVE-2020-8758 critical privilege escalation vulnerability, which is rated at 9.8 out of 10 on the CVSS scale. The vulnerability is related to the Active Management Technology (AMT) part of the Intel vPro platform, which is used for remote out-of-band PC management. The vulnerability is caused by incorrect buffer limits in the networking subsystem. All versions of Intel AMT and Intel ISM before 11.8.79, 11.12.79, 11.22.79, 12.0.68, and 14.0.39 are vulnerable. Intel is not aware of any exploits in the wild and advises users to patch.
New victims of Netwalker
Three large organizations fell victim to Netwalker ransomware this week: K-Electric, the only electricity supplier in Karachi, Pakistan; Equinix, a large data center and colocation provider with over 50 locations worldwide, and Immigration Agency of Argentina (Dirección Nacional de Migraciones). Netwalker ransomware is a relatively new version of the ransomware family. It is distributed via phishing emails using VBScript and, if the infection is successful, spreads on the victim's Windows network. It shuts down Windows services and processes and encrypts files on all available drives. For decryption, the attackers demand a multi-million-dollar ransom. For example, Dirección Nacional de Migraciones has to pay $ 4 million, and K-Electric $ 3,850,000. If the ransom is not paid within a week, it will increase to $ 7.7 million. The ransom for Equinix is 4.5 million dollars, and the attackers threaten to double it.