Cyberattacks have manifolded over the years, and now email security service is not a matter of privileged cybersecurity investment but a necessity for all businesses, organizations, and individuals. In this post, we mention the top cyber headlines from this past week
Ten-Year-Old Flaw In PHP Composer Fixed
A cybersecurity researcher recently identified a critical vulnerability in a popular PHP package – Composer. The vulnerability (CVE-2021-29472) existed in the source code of Composer and could be exploited to run arbitrary commands, compromise all PHP packages, and cause a supply-chain attack.
The vulnerability existed since November 2011 and was only spotted on 22nd April this year (imagine the damage that could have been caused!). However, the maintainers took remediation cybersecurity measures soon after. It is believed that URLs were inadequately handled for the repos in root composer .json files, which led to the security lapse. But the good thing is, the maintainers were proactive in fixing the parameter injection across all Composers, and the issue has now been resolved!
Why Is This Chinese Military Unit Buying Anti-Virus Products In English Version?
The Chinese People’s Liberation Army (PLA) Unit 61419 purchased a range of antivirus products from western companies such as Trend Micro, McAfee, Kaspersky, Avira, Dr. Web, Bitdefender, Sophos ESET, and Symantec in early 2019. But cybersecurity researchers at Recorded Future’s Insikt Group suspect that these so-called purchases were made in English and not the localized versions (which increase our suspicions because the English versions would be inconvenient for Chinese system operators). They suspect that Unit 61419 purchased the antivirus products to look for zero-day and other exploitable vulnerabilities.
The Japanese authorities accuse Unit 61419 of being linked to the cyber-espionage group Tick. They substantiate their stand by citing the example of the 2019 attack on the Japanese company Mitsubishi Electric where the Tick group abused a zero-day in the Trend Micro antivirus. Software supply chain attacks characterize Chinese APT behavior, and this incident marks a cyber-espionage campaign existing for years now.
Chrome Adopts Windows 10 Security Feature
Google Chrome 90 has incorporated the new Windows 10 Hardware-enforced Stack Protection security feature, which safeguards against Return-Oriented Programming (ROP) attacks. The Hardware-enforced Stack Protection uses CPU hardware to protect the application’s code, which provides added cybersecurity protection in Chrome 90 on Windows 20H1, Intel 11th Gen, or AMD Zen 3 CPUs. Intel and Microsoft have been using Control-flow Enforcement Technology (CET) to fight ROP attacks for years now.
CET’s shadow stacks, used for control transfer operations, are deemed problematic for some of the software existing on the Google Chrome platform. This is because the software that loads itself into Chrome may not always be compatible with CET’s mitigation measure. Since ROP attacks are risky, Google has instructed developers to debug specific problems in Chrome’s shadow stack.
Avaddon Ransomware Gives NSW Labor Party 240 Hours To Pay Up
The Russian ransomware group Avaddon recently attacked the NSW Labor Party, and they are now threatening the company to comply with ransom demands within ten days (240 hours) to avoid data leaks. The data compromised in this major attack include the driver’s licenses, passports, confidential contracts, employees’ details, and employment contracts of users.
Avaddon is known for launching distributed denial-of-service attacks against victims who don’t comply with ransom demands. Cybersecurity researchers Matthew Westwood-Hill says that Avaddon remains within a network for quite some time before installing the ransomware. While the Australian Federal Police is aware of the malicious tactics of Avaddon, it isn’t doing anything about it. This recent Avaddon attack is one of the many that have hit the Australian cyber landscape in recent times.
Are Recycled Phone Numbers Safe?
A study carried out by Princeton University’s Prof. Arvind Narayanan, and Kevin Lee suggests that recycled phone numbers come with several security risks. These include phishing attacks, account takeovers, hindrance in signing up for online services, etc. The study examined 259 recycled numbers, 66% of which were still associated with the previous owner and his/her online presence on various websites.
An attacker can easily surf through online number change interfaces to look for numbers associated with previous users’ online accounts in such a scenario. They can then retrieve these numbers, reset account passwords, use SMS-based multi-factor authentication and OTPs to log in. Some numbers even displayed the linked email addresses which had been compromised before. Over 171 of the surveyed numbers were accessible on people search services like BeenVerified, exposing the sensitive information of prior users.
Two U.S. telecom service providers- T-Mobile and Verizon Wireless, were involved in the study, and none of them have altered their email security tools and strategies following this study. They have put up a post on their support page asking people to update their numbers on any linked accounts before deactivating a number.
Dell Finally Resolves A 12-Year-Old Vulnerability.
Dell has patched a 12-year-old vulnerability (CVE-2021-21551) in its Dell DBUtil driver, and millions of Dell users now need to get the update. The bug existed in DBUtil 2.3 and let the OS interact with the computer’s hardware and BIOS. Exploiting the bug, the adversaries could access driver functions and introduce malicious code. However, the vulnerability cannot be exploited online; the adversaries can take over a compromised PC via a privilege escalation vulnerability.
Dell was informed about this bug three times in the past, but it’s only now that it has done something to ensure ransomware protection for users. The company hopes to make the proof-of-concept code for CVE-2021-21551 accessible by 1st June. Users are advised to get the Dell DBUtil updates by then.