Security Snacks #9 – FireEye hacked, Amnesia:33 & A device-bricking UEFI malware

By Anna Hammond

December 11, 2020

Security Snacks is a weekly digest of the most notable InfoSec news.
Its purpose is to provide a one-stop source for getting a high-level view of the state of security and hacking.

Click here to subscribe

FireEye, one of the world top cybersecurity firms, was hacked probably by a nation-state actor. Researchers found vulnerabilities impacting millions of smart and industrial devices. A pesty malware capable of remotely bricking devices was seen. Plus a whirlwind of Covid-19 related attacks. And interesting findings on the security of Docker images. What a strange week…

Notable Security News

FireEye Shares Details of Recent Cyber Attack, Actions to Protect Community

The cybersecurity firm FireEye was hacked and had its Red Team tools stolen by “a highly sophisticated state-sponsored attacker utilizing novel techniques”. The tools in question do not include zero-day exploits, but only scripts and frameworks leveraging public techniques. So, FireEye released its Red Team Tool Countermeasures to help organizations in case the stolen tools are used in the wild. This story shows that anyone can be hacked and, when it happens, transparency is admirable.

One of the Internet’s most aggressive threats could take UEFI malware mainstream

TrickBot, the malware Microsoft and others are relentlessly trying to take down, came back with a nasty new module. TrickBoot, as it is called, has the rare capability of attacking the boot process. It can inspect the UEFI/BIOS firmware of targeted systems, bypass security controls, check for well-known vulnerabilities and remotely brick a device by erasing its firmware. This last feature is the worst as it could be used by ransomware gangs as revenge against victims who refuse to pay them.

Android devs: If you’re using the Google Play Core Library, update it against this remote file inclusion CVE. Pronto

CVE-2020-8913 is a serious vulnerability (local arbitrary code execution) in Google Play Core Library that was disclosed in August. It shouldn’t have made the news again since Google patched it in April months before its disclosure. The problem is that many apps are still running the vulnerable version of the library. Check Point found out this was surprisingly the case for Cisco Teams, Viber, Grindr, Booking, Edge and others.

Amnesia:33 vulnerabilities impact millions of smart and industrial devices

Amnesia:33 is a set of 33 vulnerabilities affecting four open source TCP/IP stacks used by millions of connected devices from more than 150 vendors. This includes all sorts of smart and industrial devices, with a range of impacts from denial of service, information leaks, memory corruption, or remote code execution. The vulnerable stacks are so widely used that it is difficult to assess the impact, and to identify and patch all vulnerable devices.

Analysis of 4 Million Docker Images Shows Half Have Critical Vulnerabilities

The cybersecurity company Prevasio scanned 4 million container images hosted at Docker Hub. Dynamic analysis showed that 51% had critical vulnerabilities, 6432 were malicious/potentially harmful images, and 44% of these malicious images had crypto-miners. The report has more eye-opening results. Developers and users of container images must be aware of these risks.

Other Interesting News

Cybercrime

Vulnerabilities

Reports

Responsible disclosure

Tech

Misc.

Intigriti News

Intigriti – Deloitte Fast 50 Rising Star winner 2020

You may also like