Show vulnerabilities with patch / with exploit
6 July 2020

Weekly security roundup: July 6, 2020


Weekly security roundup: July 6, 2020

Last week, we saw several large technology companies issue security advisories disclosing serious vulnerabilities in their products. Firstly, Palo Alto Networks disclosed a security vulnerability affecting PAN-OS, the operating system that powers its next-generation firewalls. The vulnerability, tracked as CVE-2020-2021, could allow unauthenticated network-based attackers to bypass authentication.

The issue has been fixed in PAN-OS 8.1.15, PAN-OS 9.0.9, PAN-OS 9.1.3, and all later versions.

Palo Alto Networks said it is not aware of attacks exploiting this vulnerability, however, US Cyber Command has warned that foreign ATP groups will likely attempt to exploit unpatched Palo Alto firewalls.

Microsoft released two out-of-band security updates to address a couple of vulnerabilities affecting Microsoft Windows Codecs Library.

Tracked as CVE-2020-1425 and CVE-2020-1457, the both security bugs are remote code execution issues that exist in the way that Microsoft Windows Codecs Library handles objects in memory. By exploiting the CVE-2020-1425 flaw an attacker could obtain information to further compromise the user’s system. In the case of CVE-2020-1457, the exploitation of this flaw could lead to remote code execution.

On Wednesday, F5 has released a security advisory describing a Remote Code Execution (RCE) vulnerability (CVE-2020-5902) that affects the BIG-IP's Traffic Management User Interface. Successful exploitation of the flaw allows to execute arbitrary system commands, create or delete files, disable services, and/or execute arbitrary Java code.

Of note, security researchers have already detected attacks targeting vulnerable F5 BIG-IP networking devices.

In what appears to be one of the largest law enforcement operations to date, European police in cooperation with Europol and Eurojust dismantled EncroChat, an encrypted phone network widely used by criminal networks.

Over the last few months the law enforcement agencies have been intercepting messages exchanged between criminals to plan serious crimes. By infiltrating the encrypted communications platform the police across Europe gained access to millions of messages leading to arrests of hundreds of suspects in several countries including France, Netherlands, the UK, Norway, and Sweden.

Ransomware operators are continuing to launch ransomware attacks against large companies accross the world. For example, last week the malicious actors behind the Maze ransomware said they have breached the systems of U.S. printing giant Xerox Corporation and stolen more than 100GB of files that they are planning to leak if the company refuses to pay the ransom.

Also, reports emerged about the Sodinokibi (aka REvil) ransomware gang compromising the Brazilian-based electrical energy company Light S.A and demanding a $14 million ransom in exchange for a tool to restore encrypted files.

A hacker group known as “Cl0ud SecuritY” is compromising discontinued LenovoEMC (formerly Iomega) network-attached storage (NAS) devices, deleting files and leaving ransom notes behind with ransom demands varying from $200 to $275.

The attacks have been occurring since last month and appear to target only LenovoEMC/Iomega NAS devices with exposed management interface. The intrusions appear to be the work of an unsophisticated attacker that does not use complex exploits and targets devices, which are already exposed on the internet.


Back to the list

Latest Posts

Vulnerabilities in Gmail and iCloud allow hiding the sender

Vulnerabilities in Gmail and iCloud allow hiding the sender

Manipulating email header fields allows for various types of attacks to deceive the addressee.
6 August 2020
Iranian APT Oilrig becomes the first group to weaponize DNS-over-HTTPS

Iranian APT Oilrig becomes the first group to weaponize DNS-over-HTTPS

Oilrig members have added a new DNSExfiltrator utility to their hacking arsenal.
5 August 2020
Hacker published passwords for over 900 corporate VPN servers

Hacker published passwords for over 900 corporate VPN servers

The list was published on a Russian-speaking hacker forum frequented by different ransomware operators.
5 August 2020