6 July 2020

Weekly security roundup: July 6, 2020


Weekly security roundup: July 6, 2020

Last week, we saw several large technology companies issue security advisories disclosing serious vulnerabilities in their products. Firstly, Palo Alto Networks disclosed a security vulnerability affecting PAN-OS, the operating system that powers its next-generation firewalls. The vulnerability, tracked as CVE-2020-2021, could allow unauthenticated network-based attackers to bypass authentication.

The issue has been fixed in PAN-OS 8.1.15, PAN-OS 9.0.9, PAN-OS 9.1.3, and all later versions.

Palo Alto Networks said it is not aware of attacks exploiting this vulnerability, however, US Cyber Command has warned that foreign ATP groups will likely attempt to exploit unpatched Palo Alto firewalls.

Microsoft released two out-of-band security updates to address a couple of vulnerabilities affecting Microsoft Windows Codecs Library.

Tracked as CVE-2020-1425 and CVE-2020-1457, the both security bugs are remote code execution issues that exist in the way that Microsoft Windows Codecs Library handles objects in memory. By exploiting the CVE-2020-1425 flaw an attacker could obtain information to further compromise the user’s system. In the case of CVE-2020-1457, the exploitation of this flaw could lead to remote code execution.

On Wednesday, F5 has released a security advisory describing a Remote Code Execution (RCE) vulnerability (CVE-2020-5902) that affects the BIG-IP's Traffic Management User Interface. Successful exploitation of the flaw allows to execute arbitrary system commands, create or delete files, disable services, and/or execute arbitrary Java code.

Of note, security researchers have already detected attacks targeting vulnerable F5 BIG-IP networking devices.

In what appears to be one of the largest law enforcement operations to date, European police in cooperation with Europol and Eurojust dismantled EncroChat, an encrypted phone network widely used by criminal networks.

Over the last few months the law enforcement agencies have been intercepting messages exchanged between criminals to plan serious crimes. By infiltrating the encrypted communications platform the police across Europe gained access to millions of messages leading to arrests of hundreds of suspects in several countries including France, Netherlands, the UK, Norway, and Sweden.

Ransomware operators are continuing to launch ransomware attacks against large companies accross the world. For example, last week the malicious actors behind the Maze ransomware said they have breached the systems of U.S. printing giant Xerox Corporation and stolen more than 100GB of files that they are planning to leak if the company refuses to pay the ransom.

Also, reports emerged about the Sodinokibi (aka REvil) ransomware gang compromising the Brazilian-based electrical energy company Light S.A and demanding a $14 million ransom in exchange for a tool to restore encrypted files.

A hacker group known as “Cl0ud SecuritY” is compromising discontinued LenovoEMC (formerly Iomega) network-attached storage (NAS) devices, deleting files and leaving ransom notes behind with ransom demands varying from $200 to $275.

The attacks have been occurring since last month and appear to target only LenovoEMC/Iomega NAS devices with exposed management interface. The intrusions appear to be the work of an unsophisticated attacker that does not use complex exploits and targets devices, which are already exposed on the internet.


Back to the list

Latest Posts

Free VPN apps on Google Play turned Android devices into residential proxies

Free VPN apps on Google Play turned Android devices into residential proxies

The threat actor behind this scheme profits by selling access to the residential proxy network to third parties.
28 March 2024
Cyber spies strike Indian government and energy sectors

Cyber spies strike Indian government and energy sectors

The operation involved phishing emails delivering the HackBrowserData info-stealer.
28 March 2024
Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

97 zero-day flaws were exploited in-the-wild in 2023, marking an increase of over 50% compared to 2022.
27 March 2024