By Anna Hammond
December 11, 2020
Security Snacks is a weekly digest of the most notable InfoSec news.
Its purpose is to provide a one-stop source for getting a high-level view of the state of security and hacking.
FireEye, one of the world top cybersecurity firms, was hacked probably by a nation-state actor. Researchers found vulnerabilities impacting millions of smart and industrial devices. A pesty malware capable of remotely bricking devices was seen. Plus a whirlwind of Covid-19 related attacks. And interesting findings on the security of Docker images. What a strange week…
FireEye Shares Details of Recent Cyber Attack, Actions to Protect Community
The cybersecurity firm FireEye was hacked and had its Red Team tools stolen by “a highly sophisticated state-sponsored attacker utilizing novel techniques”. The tools in question do not include zero-day exploits, but only scripts and frameworks leveraging public techniques. So, FireEye released its Red Team Tool Countermeasures to help organizations in case the stolen tools are used in the wild. This story shows that anyone can be hacked and, when it happens, transparency is admirable.
One of the Internet’s most aggressive threats could take UEFI malware mainstream
TrickBot, the malware Microsoft and others are relentlessly trying to take down, came back with a nasty new module. TrickBoot, as it is called, has the rare capability of attacking the boot process. It can inspect the UEFI/BIOS firmware of targeted systems, bypass security controls, check for well-known vulnerabilities and remotely brick a device by erasing its firmware. This last feature is the worst as it could be used by ransomware gangs as revenge against victims who refuse to pay them.
CVE-2020-8913 is a serious vulnerability (local arbitrary code execution) in Google Play Core Library that was disclosed in August. It shouldn’t have made the news again since Google patched it in April months before its disclosure. The problem is that many apps are still running the vulnerable version of the library. Check Point found out this was surprisingly the case for Cisco Teams, Viber, Grindr, Booking, Edge and others.
Amnesia:33 vulnerabilities impact millions of smart and industrial devices
Amnesia:33 is a set of 33 vulnerabilities affecting four open source TCP/IP stacks used by millions of connected devices from more than 150 vendors. This includes all sorts of smart and industrial devices, with a range of impacts from denial of service, information leaks, memory corruption, or remote code execution. The vulnerable stacks are so widely used that it is difficult to assess the impact, and to identify and patch all vulnerable devices.
Analysis of 4 Million Docker Images Shows Half Have Critical Vulnerabilities
The cybersecurity company Prevasio scanned 4 million container images hosted at Docker Hub. Dynamic analysis showed that 51% had critical vulnerabilities, 6432 were malicious/potentially harmful images, and 44% of these malicious images had crypto-miners. The report has more eye-opening results. Developers and users of container images must be aware of these risks.
NSA warns of Russian state-sponsored hackers exploiting VMWare vulnerability
COVID-19 vaccine data has been unlawfully accessed in hack of EU regulator
IBM Uncovers Global Phishing Campaign Targeting the COVID-19 Vaccine Cold Chain
Fake websites and false cures: Interpol warns of Covid-19 vaccine scams
GE puts default password in radiology devices, leaving healthcare networks exposed
Unfixable Kubernetes Security Hole Means Potential Man-in-the-Middle Attacks
Microsoft issues guidance for DNS cache poisoning vulnerability
Disputed bug in Microsoft Teams posed RCE risk, researcher warns
UK Ministry of Defence: We won’t prosecute bug bounty hunters – oh btw, we now have one of those
GitHub offers tighter integration of security to development workflows
Chinese Breakthrough in Quantum Computing a Warning for Security Teams
PasswordsCon 2020: Authentication expert expresses skepticism about ‘passwordless’ future
Oblivious DoH: Cloudflare supports new privacy, security-focused DNS standard
German court forces encrypted email provider Tutanota to create backdoor for blackmail case
Timnit Gebru’s team at Google is going public with their side of the story
UK National Cyber Security Centre’s Zero trust principles – beta release