Watch Out Wednesdays

From The Research Team

Watch Out Wednesdays

No threat facing businesses and individuals has grown quite like that of cyber threats. They appear in all forms, from phishing emails to exploited vulnerabilities in software.

Starting July 2020, this “Watch Out Wednesdays” blog will be updated weekly to include the latest vulnerabilities and large-scale hacks that you should Watch Out for. While this list is updated weekly, it does not contain a full list of vulnerabilities or hacks, the list will only contain the largest data breaches, hacks, and security vulnerabilities that have been released to the public.

Looking to improve your cyber security monitoring practices and reduce vulnerabilities? Take a look at CyNtell’s Continuous Monitoring or Cyber Security Protection packages.

July 2020

27-2 July/August

Cisco Read-Only Path Traversal Vulnerability:
– Security Advisory released by Cisco for the actively exploited Read-Only Path Traversal vulnerability (CVE-2020-3452). This vulnerability is located in the interface of Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software, researchers found over 85,000 ASA/FTD internet-accessible devices. If the vulnerability is exploited, a remote attacker will be able to read sensitive files on the device as well as carry-out directory traversal attacks. Read the Cisco Security Advisory here.

7.5m Records of Dave.com Users Leaked:
–  Security breach of analytics platform Waydev, former partner of Dave.com, allows over 7.5 million Dave.com users personal data to be leaked. While Dave.com was notified of the breach in early July, user data was found on a website for hackers weeks later. Read more about the breach and release of data from the hackers here.

Orange Confirms Ransomware Attack:
– Orange, the fourth largest mobile phone operator in Europe, confirmed that the organization was a victim of a ransomware attack the night of July 4th. Nefilim, new ransomware actors, have claimed they are behind the attack that affected the business services division of the company. Read more about the Orange ransomware attack here.

GRUB2 Vulnerabilities for Linux & Windows Systems:
– Multiptle vulnerabilities affecting billions of devices that run on Windows or Linux; including laptops, servers, workstations, and even IoT devices. If this vulnerability was to be exploited it would allow the operating systems booting system to be compromised to carry out arbitrary code. As of Aug 5th, patches have been released to secured the vulnerability but booting issues remain after the patch has been utilized. Learn more about the patching issues here.

20-26 July

Garmin Hit with Ransomware:
– Garmin suffered a global outage on their website Garmin.com, Garmin Connect product, as well as navigation and flight plan services for aircraft nav systems. Early reports also say their phone systems, email, and chat applications were also affected. After suffering for two days of outages and much speculation from their customers, media, and global cyber community, Garmin was hit with a $10m Ransom. This confirms many suspicions that the company was hit with the WastedLocker ransomware. As of July 27th, Garmin.com has a note at the top of the site mentioning the outage and inability to communicate with customers, though articles say Garmin is in the final stages of recovery. Follow the latest in the Garmin ransomware attack here.

Microweber CMS Critical Security Vulnerability:
– A per-authentication flaw was found in the controller.php script “leftover from the early days of Microweber’s development” according to a penetration tester at Rhino Security Labs. This critical vulnerability leaked administrator credentials deemed “easy-to-crack” and a variety of other user information. Read the full details on the vulnerability here.

Adobe Critical Bugs Fixed In Second Round of Patches:
Only a week after releasing critical patches, Adobe has released another set up of patches that addresses 13 vulnerabilities. The in a second round of patches, 12 of the vulnerabilities are critical out-of-bounds read or write flaws in Prelude, Photoshop, or Bridge; the 13th bug affects the mobile reader for Android apps. Access the latest and all Adobe patches here.

13-19 July

Zoom Zero-Day Critical Vulnerability Allows RCE:
– The latest Zoom vulnerability allows an attacker to execute remote code on the victim’s system without triggering a security warning. The flaw has been found in all versions of Zoom for Windows but it can only be exploited in Windows 7 or older versions of Windows with system-specific configurations. As of 15 July, Zoom has patched the vulnerability. Learn more details of the vulnerability here.

Microsoft Releases Security Bulletin Address 123 Vulnerabilities:
– Microsoft’s July Patch Tuesday security updates has been released. A total of 123 vulnerabilities were addressed; 18 showed as critical; 105 as important. All of the critical bugs are RCE and EoP that can be found in Internet Explorer, Windows, Microsoft Lync Server, Microsoft SharePoint, and Visual Studio Code, and more. There were no publicly disclosed zero-day, vulnerabilities, or live attacks with the Patch Tuesday release. See the full list of patches here.

Twitter Bitcoin Scam:
– Over 100 accounts with a high volume of followers were hacked and sent out the same message for Bitcoin requests. The tweets that went out asked for $1000 in Bitcoin to be deposited to a specific wallet that would later send back $2000 in Bitcoin to all that participated. It appears that the hack was done on Twitter directly with the help of an employee that had access to the Twitter admin panel. The hackers seemingly walked away with over $120,000 in Bitcoin before Twitter shuttered accounts that were targeted. As of, 17 July this is still a developing story, learn more about the hack and developments here.

6-12 July

A New Round of Citrix Bugs:
– Citrix has just announced they have found 11 more vulnerabilities in their software. While it took them a month to create a patch for the critical vulnerability they found in January 2020; this time they have patches ready to go for the new-found vulnerabilities. The latest vulnerabilities, to all appearances, won’t create the same panic as the new year vulnerabilities but they still need to be addressed.  Check out the latest on the Citrix vulnerabilities here.