Cybersecurity News V. 2.19 – New malware: made in North Korea, app for US election, Huawei espionage

Voatz app not ready for 2020 election

Voatz voting app, which was supposed to be used in the 2020 Presidential elections, turned out to be vulnerable to numerous security flaws. MIT Researchers found out that the application of a certain version could "alter, stop, or expose a user’s vote, including a sidechannel attack in which a completely passive network adversary can potentially recover a user’s secret ballot." The developers claim to use blockchain to enhance the app’s security, but that would be of no help in case servers or devices are compromised. The researchers reverse-engineered the Android version of the app and proved that the attacker could observe, suppress, or even alter the vote from the compromised voter’s phone.

North Korean hackers use new malware

A new hacking campaign by the North Korean group named Hidden Cobra was revealed by the US officials. Malware arsenal analysis showed details on new types of malware from RATs to implants and loaders, including Artfulpie, Bistromath, Buffetline, Crowdedflounder, Hoplight, Hotcroissant, and Slickshoes. Hoplight was reported earlier in 2019 and has been updated and modified since then. The officials also warned that the samples of malware are already in use and could lead to phishing and remote execution attacks. 

Microsoft monthly patches and fixes

A scripting engine memory corruption vulnerability (CVE-2020-0674) in Internet Explorer, which is believed to have been largely exploited in the wild, has been patched by Microsoft. The patch is available for Internet Explorer versions from 9 to 11 with mitigation steps provided for Explorer on Windows Servers from 2008 to 2019. The overall amount of fixes in this monthly Microsoft security package reaches 100, which makes this patch one of the most significant in Microsoft history.

Adobe February security updates

A total of forty-two vulnerabilities received necessary patches from Adobe last Tuesday. The list products that got security updates include Framemaker (with 21 of the 42 fixed vulnerabilities, some of which are marked as “critical”), Flash Player, Reader, Acrobat, Digital Editions, and Experience Manager. 

INTEL-SA-00307 firmware patch

Intel has released a security update that addresses a security flaw in the CSME subsystem. The vulnerability could lead to privilege escalation, denial of service, and information disclosure via improper authentication. The vulnerability affects CSME systems versions 12.0 through 12.0,48, 13.0 through 12.0.48, 13 through 13.0.20, and 14.0 through 14.0.10. 

Huawei faces intellectual property lawsuit

Huawei is accused of a decade-long conspiracy to steal the intellectual property of US companies. Huawei representatives claim that the charges against the company are baseless regardless of the presented evidence. It has been proven that Huawei can get access to mobile phone networks unnoticed.

Hundreds of malicious Chrome extensions removed

A one-year research program helped Google find and take down more than 500 malicious extensions from its store. The research was initiated when a large-scale campaign of malicious extensions was uncovered. The extensions were part of a malvertising and click-fraud network that infected Chrome users and exfiltrated their data while evading the web store’s anti-fraud algorithms.