Talos is publishing a glimpse into the most prevalent threats they’ve observed between Sep. 20 to Sep 27. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post summarizes the threats they’ve observed by highlighting key behavioural characteristics, indicators of compromise, and discussing how their customers are automatically protected from these threats.
An iOS hacker and cybersecurity researcher today publicly released what he claimed to be a “permanent unpatchable bootrom exploit,” in other words, an epic jailbreak that works on all iOS devices ranging from iPhone 4s (A5 chip) to iPhone 8 and iPhone X (A11 chip).
Though Russia still has an undiversified and stagnant economy, it was one of the early countries in the world to realize the value of remotely conducted cyber intrusions. In recent years, many Russia hacking groups have emerged as one of the most sophisticated nation-state actors in cyberspace, producing highly specialized hacking techniques and toolkits for cyber espionage.
It’s not a Patch Tuesday, but Microsoft is rolling out emergency out-of-band security patches for two new vulnerabilities, one of which is a critical Internet Explorer zero-day that cyber criminals are actively exploiting in the wild.
Talos is publishing a glimpse into the most prevalent threats we’ve observed between Sep. 6. to Sep 13. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioural characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.
OWASP’s new list of API weaknesses focuses on issues that have caused recent data breaches and pose common security hazards in modern cloud-based applications.
A new threat report from Netscout identifies an increased level of APT activity targeting the airline and airport industries.
Their findings highlight that APT groups from China, Iran and Russia are targeting this sector to gather intelligence data from airports, airlines and aeroplane manufacturers.
The types of intelligence data and outcomes are:
- Logistics about materials and trade;
- Logistics of people and passengers, including travel origins and destinations of VIPs;
- Passenger information and data;
- Business information and data;
- Intellectual property;
- Smuggling of goods, including gemstones, endangered species and luxury items;
- Sabotage, Destruction and Terrorism.
More Detail: Air APT
Unlike previous side-channel vulnerabilities disclosed in Intel CPUs, researchers have discovered a new flaw that can be exploited remotely over the network without requiring an attacker to have physical access or any malware installed on a targeted computer.
It’s monthly Microsoft patching time, with the software giant releasing updates to fix 79 vulnerabilities across their product range, with 17 critical and 61 important.
A couple of these were to fix vulnerabilities with a public exploit. One of these is probably CVE-2019-1235, the privilege escalation in Windows Text Service Framework (TSF), which was disclosed by Google.
Another two fixed vulnerabilities reported as actively exploited in the wild, which are both privilege escalations problems.
They also fixed four remote code execution bugs in the RDP client built-in to Windows (CVE-2019-0787 / CVE-2019-0788 / CVE-2019-1290 / CVE-2019-1291).
Other notable critical patches were for:
- CVE-2019-1280 – RCE in processing .LNK files;
- VBScript (is that still going?)
- Sharepoint server;
- Scripting engine;
- Azure DevOps; and
- Team Foundation Server.
Another busy month for the MS team, and another busy month for operational teams deploying the fixes.
Mozilla has officially launched a new privacy-focused VPN service, called Firefox Private Network, as a browser extension that aims to encrypt your online activity and limit what websites and advertisers know about you.
Firefox Private Network service is currently in beta and available only to desktop users in the United States as part of Mozilla’s recently expunged “Firefox Test Pilot”