Cybersecurity News V. 3.13 – data leaks in Asian banks, vulnerability in Linux & nothing about COVID-19

Ransomware attacks news

Ransomware attacks are getting more sophisticated and rapid. For instance, Evraz North America, a steel producer, fell victim to a recent nation-wide cyberattack, which lead to malfunctioning of such systems and services like emails, shipping, product certification, and networks. Not only big companies suffer from ransomware attacks – local governments are also affected. The city and county of Durham, North Carolina, were hit by Ryuk, which forced them to shut down the network with 911 call center and Fire Department services suffering from the disruption.

Credit card data leak in the APAC region

Credit card details leaked online due to a data breach in several top banks in Asian countries, including Malaysia and Singapore. Some of the banks refused to comment, while CIMB Group Holdings stated that no actionable customer data had been compromised from them. Researchers, who discovered the leak, informed CERT. It is believed that the breach compromised hundreds of thousands of credit card details.

Zoho enterprise product vulnerability

Recently, details on a 0-day vulnerability in Zoho was published on twitter. This vulnerability affected ManageEngine Desktop Central, which is an endpoint management solution used by companies to control their devices – smartphones, servers, and workstations. It enabled remote attackers to execute arbitrary code on affected installations without authentication. Later the vulnerability was assigned CVE-2020-10189 and got a fix in Zoho ManageEngine Desktop Central version 10.0.479.

PayPal’s brand new vulnerability. Or is it?

In recent research, there was information on six different vulnerabilities in PayPal’s systems with one serious enough to bypass PayPal’s usual controls using stolen login information and to take over users’ accounts. At the same time, PayPal’s continue to deny there were any threats to their users and that their customers should not need to worry. 

Almost 17-year-old RCE in Linux Systems

A recently found vulnerability with CVE-2020-8597 holds a 9,3 CVE score. It is a 17-year-old critical RCE vulnerability that affects Point to Point Protocol daemon software implemented in almost all Linux-based operating systems. This flaw allows an unauthenticated attacker to remotely execute arbitrary code on the target system and to gain root-level privileges. The list of affected distributions includes but is not limited to Ubuntu, Debian, Fedora, SUSE Linux, Red Hat Enterprise Linux, and NetBSD. Experts recommend applying the necessary patches as soon as possible. 

New types of attacks on AMD processors

AMD processors produced between 2011 and 2019 could be vulnerable to two new attacks. Those attacks target the L1D cache way predictor feature of AMD CPUs. Researchers named Collide+Probe and Load+Reload attacks. Attacks could be launched in real-world scenarios without needing actual physical access to the systems or advanced special equipment. 

Microsoft users are once again at risk of account hijacking

There is a severe risk of account hijack from compromised Microsoft subdomains. In other words, almost six hundred Microsoft subdomains are susceptible to takeover. This means that any user visiting certain Microsoft web domains could be on a malicious domain, thus posing threat to any information shared on those web sites, including user names and passwords. There is no evidence that the security flaw was exploited in the wild, but Microsoft is actively working on the fix.

Google vs. MediaTek rootkit chips vulnerability

Google released a patch for a critical vulnerability in MediaTek rootkit chips. The vulnerability was assigned CVE-2020-0069 and allowed any user to get root access to a device. An easy-to-use exploit was published by a developer and was used to build malicious apps that gained root access on millions of Android devices. Previously, Google MediaTek released a patch attempting to fix a vulnerability, but attackers proceeded the exploitation by installing malicious apps on the devices. MediaTek’s 64-bit chipsets are affected and include devices by Motorola, Sony, Alcatel, Amazon, ASUS, Blackview, Realme, Xiaomi, and others.