CYBERSECURITY NEWS V. July – Microsoft Patch Tuesday, 0-day vulnerability in Android, Millions of Twitter user accounts were sold

News FYI

More than 5.4 million Twitter user accounts are being sold online for $30,000

The hacker hacked and stole the data of more than 5.4 million Twitter users and put them up for sale on the dark web for $30,000.

The leaked data includes public Twitter profile information along with the phone numbers and/or email addresses used to log in.

The leak contains lines with information from the accounts of various companies, random users and world celebrities.

Experts believe that an attacker could have downloaded this data using a vulnerability in the Twitter mobile app for Android, which was fixed in January 2022.

Apple fixed 39 vulnerabilities in its products

Apple has released fixes for 39 vulnerabilities in macOS Catalina, iOS, and iPadOS. The updates address memory safety flaws, some of which may lead to remote code execution.

In the fact sheet, Apple did not confirm exploitation of 0-day vulnerabilities in the wild. The company urged iPhone and iPad users to urgently upgrade to iOS 15.6 due to the risk of dangerous cyber attacks. 39 vulnerabilities have been fixed across a wide range of iOS/iPadOS components, including:

AppleAVD;

AppleMobileFileIntegrity;

Apple Neural Engine;

coretext;

ImageIO;

webkit.

The vulnerabilities are also fixed in Apple update 2022-005 Catalina. In addition, the company published macOS Big Sur 11.6.8 with fixes for 32 vulnerabilities and macOS Monterey 12.5 update with 56 fixes. Apple has also released security patches for watchOS 8.7 and tvOS 15.6.

Millions of WordPress sites can be taken over by a single plugin

A massive campaign has been uncovered that scanned about 1.6 million WordPress sites for a vulnerable plugin that allows uploading files without authentication.

The attackers are targeting the Kaswara Modern WPBakery Page Builder plugin, which was abandoned by its author until the critical vulnerability CVE-2021-24284 was fixed. The vulnerability allows an unauthorized cybercriminal to inject malicious JavaScript code into websites using any version of the plugin, and download and delete files, which can lead to a complete takeover of the site.

1,599,852 unique websites were hacked, only a small part of them use the vulnerable plugin. The attacks have been ongoing since July 4, averaging 443,868 attack attempts each day. Attacks are carried out from 10,215 different IP addresses, with some of them generating millions of requests, while others are limited to fewer.

The attackers send a POST request to "wp-admin/admin-ajax/php" in an attempt to use the AJAX function of the "uploadFontIcon" plugin to upload a malicious payload containing a PHP file. This file invokes the NDSW Trojan, which injects code into JavaScript files present on the target sites in order to redirect visitors to phishing and malware sites.

Users should remove the Kaswara Modern WPBakery Page Builder Addons plugin from their WordPress sites. If the plugin is not used, users are still advised to block malicious IP addresses.

Microsoft Fixes 52 Privilege Escalation Vulnerabilities on Patch Tuesday

On July 12, Microsoft July 2022 Patch Tuesday, the company fixed 1 commonly exploited zero-day vulnerability and 84 other bugs. 4 out of 84 vulnerabilities are classified as "critical" because they allow remote code execution. The number of bugs in each category of vulnerabilities is listed below:

52 privilege escalation vulnerabilities;

4 security bypass vulnerabilities;

12 RCE vulnerabilities;

11 information disclosure vulnerabilities;

5 denial of service (DoS) vulnerabilities.

For information about updates, you can check out these Windows 10 KB5015807 and KB5015811 and Windows 11 KB5015814 patch pages.

0-day vulnerability in Android allows to take full control of the device

A 0-day Android vulnerability has been discovered affecting Google Pixel 6, Samsung Galaxy S22 and other devices. Even devices with the latest security update from July 2022 are at risk.

The vulnerability affects part of the Android kernel, allowing an attacker to get:

• random access for reading and writing;
• superuser privileges;
• the ability to disable SELinux;
• full access to the OS;
• the ability to manage built-in security services.

The threat affects all devices running Linux 5.10 kernel, including Google Pixel 6 Pro and Samsung Galaxy S22. The exact details of the vulnerability have not been made public.