Security News > 2020 > August

Researchers have discovered an attack on the Voice over LTE mobile communications protocol that can break its encryption and allow attackers to listen in on phone calls. Dubbed ReVoLTE, the attack - detailed by a group of academic researchers from Ruhr University Bochum and New York University Abu Dhabi - exploits an implementation flaw in the LTE cellular protocol that exists at the level of a mobile base station.

Researchers found a built-in cross-site scripting flaw in TinyMCE, due to content not being correctly sanitized before being loaded into the editor. George Steketee, Senior Security Consultant with Bishop Fox, told Threatpost that in a real-world attack a web forum may utilize TinyMCE to provide an interface for creation of formatted text.

More specifically, we can learn when to follow a plan, and when it may be time to reconsider, revise, or discard the plan. Have a plan and stick to it, until it's not time to stick to the plan anymore.

A potentially serious cross-site scripting vulnerability affecting the TinyMCE rich text editor can be exploited - depending on the implementation - for privilege escalation, obtaining information, or account takeover. Researchers at Bishop Fox discovered in April that TinyMCE is affected by an XSS vulnerability whose impact depends on the application using the editor.

FireEye this week announced that its Bugcrowd-powered bug bounty program has become public, for all registered researchers to participate. The program, which has been running privately on the crowd-sourced bug hunting platform for a while, welcomes all Bugcrowd researchers interested in identifying vulnerabilities in a broad range of FireEye websites, including those of subsidiaries and localized domains.

UPDATE. Vulnerabilities in Amazon's Alexa virtual assistant platform could allow attackers to access users' personal information, like home addresses - simply by persuading them to click on a malicious link. Researchers with Check Point found several web application flaws on Amazon Alexa subdomains, including a cross-site scripting flaw and cross-origin resource sharing misconfiguration.

Microsoft failed to properly address an elevation of privilege vulnerability in the Windows Local Security Authority Subsystem Service, the Google Project Zero researcher who discovered the issue says. "LSASS doesn't correctly enforce the Enterprise Authentication Capability which allows any AppContainer to perform network authentication with the user's credentials," Project Zero security researcher James Forshaw noted in May. At the time, the researcher explained that the issue is related to a legacy AppContainer capability providing access to the Security Support Provider Interface, likely meant to facilitate the installation of line of business applications within enterprise environments.

76% of security professionals state they have difficulty maintaining security configurations in the cloud, and 37% said their risk management capabilities in the cloud are worse compared with other parts of their environment. 93% are concerned about human error accidentally exposing their cloud data.

What's more, in most of the cases, an attacker did not need to do much, beyond gaining an initial foothold, to command full internal network access: in 68 per cent of the trials, the infiltrators only needed to take one or two steps to have the entire organization at their fingertips. Network compartmentalization, and access controls limiting who can see what, may have helped minimize intruders' reach.

The attack doesn't exploit any flaw in the Voice over LTE protocol; instead, it leverages weak implementation of the LTE mobile network by most telecommunication providers in practice, allowing an attacker to eavesdrop on the encrypted phone calls made by targeted victims. Thus, the new ReVoLTE attack exploits the reuse of the same keystream by vulnerable base stations, allowing attackers to decrypt the contents of VoLTE powered voice calls in the following scenario.