Cybersecurity News V. 3.04 – New Wi-Fi vulnerability, Google upd, Cerberus Android banking Trojan
Kr00k vulnerability found in Wi-Fi chips by Cypress and Broadcom
ESET published a white paper about a vulnerability in Wi-Fi chips that was assigned CVE-2019-15126. It causes vulnerable devices to use an all-zero encryption key to encrypt part of the user’s communication. Thus, it allows an adversary to decrypt some wireless network packets transmitted by a vulnerable device. The vulnerability affects both WPA2-Personal and WPA2-Enterprise protocols, with AES-CCMP encryption. The potentially vulnerable devices are the ones with unpatched Wi-Fi chips by Broadcom and Cypress, which could be found in smartphones, laptops, tablets, IoT devices, and Wi-Fi access points and routers.
Clearview AI in the spotlight again
Clearview AI, a facial recognition company, stated that someone had gained unauthorized access to its list of customers. The unknown intruder also got access to the number of user accounts and search requests made by the company customers. The official statement says that Clearview systems and networks stayed intact during the breach. In January 2020, it was revealed that Clearview collected over 3 billion images from the internet, including sources like Facebook and YouTube, which violates the social networks’ terms of service. Some law-enforcement agencies were among Clearview customers thus making it to the compromised list.
Cerberus banking Trojan for Android evolved
An evolved version of the Cerberus Android banking Trojan, which was found in June 2019, has some new features. The analysis shows that the updated version of the malware had some refactoring of the code base and was enhanced with remote access trojan (RAT) capability. With the new functionality, Cerberus could also steal 2FA codes from the Google Authenticator application by sending the content of the interface to the C2 server. Thus, authentication services that rely on OTP codes could be bypassed.
Google Chrome update ends info stealers
Lots of information stealers were decommissioned by the recent Chrome update to version 80. The new update affected Racoon, KPot, and AZORult. AZORult stealer was abandoned by its developers in 2018 but was still largely in use. In the new version, Chrome stores locally saved passwords in a different format with AES-256 encryption. Since AZORult isn't adapted to the new format and gets no updates, it seems like this stealer is no longer a threat to Chromium-based browsers.
Australian Red Cross suffered from cyberattack
Hundreds of bot-generated applications for bushfire relief grants attacked the Australian Red Cross. Physical examination of properties shown many claims to be fraudulent. Online fraud is a constant challenge for charities who are usually limited in resources, which forces them to improve their cybersecurity.
Ransomware attacks disrupt production
Well-known ransomware families like WannaCry, LockerGoga, MegaCortex, Ryuk, Maze, and the recently discovered SNAKEHOSE (or Snake, or Ekans) have already caused millions of dollars of damage to their victims. The attacks have a similar pattern: they affect OT-related processes among over a thousand IT processes. The researchers believe that this trend will persist since ransomware operators usually target the most critical processes.
Google patches zero-day of high severity