Cyberattacks are an everyday struggle, and to stay ahead of the latest attack vectors, we must be updated on the latest security loopholes and patches. To help you stay abreast of the latest cybersecurity happenings, here are this week’s major cyber news headlines:
Adobe Fixed 25 Security Vulnerabilities
Adobe recently released patches for around 25 security vulnerabilities affecting macOS and Windows users. The most severe of these flaws involve the Adobe Acrobat and Reader software. These are used to view, create and manage PDF files across different platforms. Successful exploitation of these flaws would lead to memory leaks and arbitrary code execution.
Therefore, the Adobe Reader and Acrobat bulletin mentions seven vulnerabilities causing memory safety issues. While Adobe has no evidence of any of the flaws being exploited, it has released patches for all the flaws nonetheless. Along with the seven memory safety flaws, patches were also released for seven bugs in the Adobe Commerce and Magento Open Source online shopping software.
Arbitrary code execution, security bypass, and privilege escalation are the primary issues that can occur if these flaws are not patched. The bulletin also contained patches for security flaws in the Adobe Illustrator 2022 software. Some flaws in the Adobe FrameMaker and Adobe Premiere Elements were also fixed. Adobe has made the patches available for macOS and Windows users to ensure cybersecurity against such memory leaks and arbitrary code execution.
Malicious Apps Detected in Google Play Store
Cybersecurity experts recently found Google Play Store loaded with a set of malicious Android apps containing malicious code and adware. With over 10 million downloads, these malicious apps were presented as virtual keyboards, image-editing tools, wallpaper changes, and system optimizers.
The apps were found to subscribe to premium services, push intrusive ads, and steal social media accounts. Once installed by a user, these malicious apps ask permission for overlay windows and get added to the battery saver’s exclusion list. Neon Theme Keyboard is one such malicious adware app still accessible on the Play Store. With over a million downloads, this app received a poor rating of 1.8 and many negative reviews.
Since it’s so easy to fall prey to adware and malicious code, cybersecurity experts ask users to be very cautious while downloading apps. It’s always advised to verify the source and authenticity of an app by checking the ratings and reviews before allowing device permissions.
IBM Patches High-Severity Flaws
IBM recently released patches for various high-severity vulnerabilities affecting its products like Voice Gateway, Netezza for Cloud Pak for Data, and SiteProtector. These vulnerabilities affected the Golang packages used by IBM and were resolved in the IBM Netezza for Cloud Pak for Data. With a CVSS rating of 7.5, two flaws have been rated as ‘high severity vulnerabilities. Reportedly, all these three bugs were denial-of-service (DoS) vulnerabilities in Golang and could be misused via specially crafted content.
The Netezza for Cloud Pak for Data versions 11.2.1.0 to 11.2.1.5 were affected by vulnerabilities. These issues get fixed in the 11.2.1.6 version of the platform. In addition, IBM has announced patches for five Node.js vulnerabilities in Voice Gateway, two of which were tagged ‘high severity, and could facilitate arbitrary code execution or privilege escalation.
The three other vulnerabilities, with a medium severity of risk, were identified as HTTP request smuggling flaws that could lead to firewall protection bypass, cross-site scripting (XSS) attacks, or web cache poisoning. These flaws mainly affect Voice Gateway 1.0.7, 1.0.7.1, and 1.0.8 versions. Users are advised to get the latest update released by IBM – Voice Gateway 1.0.8.x images to ensure cybersecurity against these five flaws.
Further, six vulnerabilities in the SiteProtector system also receive patches. All of these vulnerabilities affect the Apache HTTP Server, and the most severe of these flaws was reportedly a high-severity request smuggling bug. Affecting IBM Security SiteProtector system version 3.1.1, these issues get fixed in the 3.1.1.19 version of the appliance.
Microsoft Suspects Connection Between Raspberry Robin Malware and Evil Corp
Cybersecurity experts at Microsoft suspect a connection between the Russian cybercrime group – Evil Corp and the Raspberry Robin malware. The experts found that the FakeUpdates malware was transmitted through the Raspberry Robin infections. Known as DEV-0243 and DEV-0206, Evil Corp is an unnamed access broker, and Microsoft researchers have reasons to doubt a possible link between Raspberry Robin, DEV-0206, and DEV-0243. In the past, Evil Corp has used Raspberry Robin’s DEV-0243 access to enterprise networks to spread Dridex malware.
Microsoft detected the presence of Raspberry Robin on networks belonging to customers in the technology and manufacturing sectors. Raspberry Robin is a Windows malware that spreads through USB drives. It is a powerful threat actor because hundreds of infected USB devices are out there, and these can easily be used to download arbitrary payloads from hundreds of domain names – a menial task for adversaries.
Kaspersky Patched Vulnerability in its VPN Secure Connection
Cybersecurity researchers recently found a local privilege escalation flaw in Kaspersky’s VPN Secure Connection for Microsoft Windows. Tracked as CVE-2022-27535, this vulnerability enables adversaries to access Arbitrary Folder Delete to SYSTEM EoP and gain an escalation of privileges (EoPs). Kaspersky notified stakeholders that its experts had patched this vulnerability allowing adversaries to delete files in the system. The vulnerability could result in removing important system files or even device malfunction.
To successfully exploit this flaw, adversaries have to create a specific file and ask users either to “Delete all service data and reports” or “Save report on your computer.” To ensure ransomware protection against this vulnerability, Kaspersky asks users to update the latest version of the app. All Kaspersky VPN Secure Connection app versions before 21.6 should be updated soon.
Twitter Fixes Security Issue Exposing 5.4M Accounts
Twitter recently patched a security vulnerability that facilitated the compilation of over 5.4 million Twitter accounts. This information was listed for sale on the dark web. Owing to this vulnerability, anybody could enter an individual’s email address or phone number and check if it is associated with any existing Twitter account. This was a threat to regular Twitter users and those with pseudonymous accounts.
Twitter patched the bug in January after introducing it in its codebase six months ago. The flaw was discovered by a cybersecurity researcher who was awarded a $6,000 bug bounty for identifying the issue. Unfortunately, the security researcher’s warning came late because adversaries had already exploited the loophole. The threat actors had created a database of 5.4 million Twitter accounts using phone numbers and email addresses compromised in previous attacks.