Services
Research
Blog
Help
Pricing
Download
hexway » Blog » CYBERSECURITY NEWS V. 17.09 - BLURtooth vulnerability, Adobe patches, New victims of Netwalker
17 September 2020

CYBERSECURITY NEWS V. 17.09 – BLURtooth vulnerability, Adobe patches, New victims of Netwalker

hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates with comments from our experts

News for discussion

Bluetooth-enabled devices are susceptible to man-in-the-middle attacks

A Cross Transport Key Derivation flaw (CVE-2020-15802) in Bluetooth could allow man-in-the-middle attacks. For a successful attack, the attacker should be within the range of the vulnerable Bluetooth device. All devices using Bluetooth versions 4.0 to 5.0 are vulnerable. No patches are available at this time. The only way to protect yourself is to control the environment in which Bluetooth devices are paired.

hexway commentary:

We at hexway like Bluetooth attacks, and especially we like Bluetooth attacks that have practical applications (for example, during a RED Team). BLURtooth is hardly like that. Is there a vulnerability? Yes, there is a bug. Is this attack dangerous for ordinary people? well, nooo. The attacker should manage to intervene in the pairing process between devices in order to carry out the attack.
Summary. Excellent academic reseach? Yes! Is the world a little safer? Well, of course! Will real attackers use this? Nope. This is probably why vendors are in no hurry with fixes 🙂

News FYI

Adobe patches critical vulnerabilities in Experience Manager, InDesign, and Framemaker

Adobe has fixed 18 flaws in the latest updates. The patches affect InDesign, Framemaker, and Experience Manager and fix flaws that could lead to arbitrary JavaScript execution in the browser or disclosure of confidential information due to unnecessary privileges. Two critical vulnerabilities (CVE-2020-9726 and CVE-2020-9725) in Adobe Framemaker for Windows versions 2019.0.6 and earlier leading to arbitrary code execution are fixed. Five critical flaws allowing arbitrary code execution in the context of the current user were fixed in Adobe InDesign for Windows and macOS. These flaws (CVE-2020-9727, CVE-2020-9728, CVE-2020-9729, CVE-2020-9730, CVE-2020-9731) affect versions 15.1.1 and earlier. In Experience Manager, 11 bugs were fixed, 5 of which (CVE-2020-9732, CVE-2020-9742, CVE-2020-9741, CVE-2020-9740 и CVE-2020-9734) are critical and result in arbitrary JavaScript execution in the browser.

Weave Scope used in attacks against Docker and Kubernetes infrastructures

Weave Scope is an open-source visualization and monitoring software that allows users to observe running processes and container network connections in cloud environments. The program allows administrators to run shells in clusters as root and does not require authentication by default. Attackers could gain access to all information about the victim's server environment, as well as the ability to control installed applications. Once inside, hackers create a new privileged container that runs a clean Ubuntu. They configure the container to connect its file system to the file system of the victim server and gain access to files on the server. Then they instruct the container to download and launch cryptocurrency miners. Finally, try to elevate their privileges and ultimately install Weave Scope.

Intel fixes a critical bug that allows privilege escalation

Intel has fixed the CVE-2020-8758 critical privilege escalation vulnerability, which is rated at 9.8 out of 10 on the CVSS scale. The vulnerability is related to the Active Management Technology (AMT) part of the Intel vPro platform, which is used for remote out-of-band PC management. The vulnerability is caused by incorrect buffer limits in the networking subsystem. All versions of Intel AMT and Intel ISM before 11.8.79, 11.12.79, 11.22.79, 12.0.68, and 14.0.39 are vulnerable. Intel is not aware of any exploits in the wild and advises users to patch.

New victims of Netwalker

Three large organizations fell victim to Netwalker ransomware this week: K-Electric, the only electricity supplier in Karachi, Pakistan; Equinix, a large data center and colocation provider with over 50 locations worldwide, and Immigration Agency of Argentina (Dirección Nacional de Migraciones). Netwalker ransomware is a relatively new version of the ransomware family. It is distributed via phishing emails using VBScript and, if the infection is successful, spreads on the victim's Windows network. It shuts down Windows services and processes and encrypts files on all available drives. For decryption, the attackers demand a multi-million-dollar ransom. For example, Dirección Nacional de Migraciones has to pay $ 4 million, and K-Electric $ 3,850,000. If the ransom is not paid within a week, it will increase to $ 7.7 million. The ransom for Equinix is 4.5 million dollars, and the attackers threaten to double it.

Popular
25 February 2021
cybersecurity-news-v-25-02-silver-sparrow-watchdog-mines-cryptocurrency-kia-motors-america-hit-by-doppelpaymer
Read
17 February 2021
cybersecurity-news-v-17-02-0-day-in-webkit-avaddondecrypter-12-year-old-bug-in-windows-defender
Read
10 February 2021
cybersecurity-news-v-10-02-morse-code-in-malicious-urls-chrome-update-cd-projekt-red-hit-by-ransomware
Read
27 November
2020
CYBERSECURITY NEWS V. 27.11 –...

hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates with […]

13 March
2020
Cybersecurity News V. 3.13 –...

Ransomware attacks news Ransomware attacks are getting more sophisticated and rapid. For instance, Evraz North America, a steel producer, fell […]

11 January
2020
CYBERSECURITY NEWS V. 1.11. –...

Citrix ADC CVE-2019-19781 – exploits revealed A recently found vulnerability in Citrix Application Delivery Controller ADC (former NetScaler ADC) and […]

Subscribe to be notified about our updates and new research

    © Hexway
    Privacy policy
    Contacts
    How to get started with Hive
    You’re one step away from the Hive

      We need it to send the guide
      I agree to the processing of my personal data
      Your mail is send!
      Thank you for trust!
      Back
      Contact us

        I agree to the processing of my personal data
        Your mail is send!
        Thank you for trust!
        Back
        Contact us

          I agree to the processing of my personal data
          Your mail is send!
          Thank you for trust!
          Back