CYBERSECURITY NEWS V. 24.09 – Zerologon vulnerability, Bluetooth Spoofing Bug

hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates with comments from our experts

News for discussion

The Zerologon vulnerability could hijack Windows servers

The Zerologon vulnerability, ID CVE-2020-1472, has a maximum severity rating of 10 out of 10 and enables the adversary to escalate to a domain administrator and take over the domain. The bug uses a weak cryptographic algorithm used in the Netlogon authentication process: the attack is carried out by adding null characters to certain Netlogon authentication parameters. The vulnerability is especially dangerous if used to conduct human-driven ransomware attacks, as it allows the adversary entrenched on a single workstation to take complete control of a network in a Windows domain. Microsoft will address the vulnerability in 2 phases. On August 11, a patch in a form of a security update was released. The patch is intended to prevent Windows Active Directory domain controllers from using unsecured RPC communications. The second phase, scheduled for February 9, 2021, as part of the Patch Tuesday updates, will be the enforcement phase.

hexway commentary:

Many words have already been saying about this vulnerability. Its operation is as easy as pentests in 2003. There are questions for Microsoft "How is that?" Well, the vulnerability itself will help out pentesters more than once in the course of work.
There is only one recommendation for system administrators and other information security defenders - to urgently patch!

News FYI

Magento was hit by the largest skimming attack in the company's history

About 2,000 Magento online stores were hit by the largest MageCart-style skimming attack in the company's history. During the series of attacks, adversaries installed a software skimmer on compromised websites that were designed to steal payment information entered by users on the checkout page. The attack is currently being investigated, however, it is speculated that Magento 1 sites may have been compromised with a zero-day vulnerability sold on hacker forums. The exploit runs on the Internet with Magento 1, which expired in June, but 95,000 websites are still using it.

Bluetooth Spoofing Bug leaves billions of devices vulnerable

BLE Spoofing Attacks (BLESA) error occurs due to authentication issues during device reconnection. Successful exploitation of this vulnerability will allow attackers to connect to the device bypassing the reconnect authentication requirements by sending fake data to it. BlueZ (Linux IoT devices), Fluoride (Android), and the iOS BLE stack are vulnerable to BLESA attacks, while the BLE stack on Windows devices is found to be immune. Apple referred the vulnerability to CVE-2020-9770 and patched it in June. Google devices are still vulnerable. BlueZ said it will replace the code that exposes its devices to BLESA attacks with a code that uses the correct BLE reconnect procedures. Billions of devices without a built-in update mechanism will go unpatched.

A bug in the Firefox Android version allowed control of the browser on the same Wi-Fi network.

Mozilla patched a bug that allowed hijacking all Firefox for Android browsers on the same Wi-Fi network. The vulnerability lies in the SSDP browser component. It is with its help that Firefox finds other devices on the same network to share or receive content. A potential attacker could have exploited the bug in a public place by connecting to a Wi-Fi network and running a script on a laptop that floods the network with malicious SSDP packets. Any Android device owner using Firefox in the event of such an attack will be redirected to a malicious site or install a malicious extension. Mozilla recommends that users update the Android version of Firefox to the latest one for security reasons.