Security News > 2020 > December

Millions of connected devices from over 150 vendors are affected by tens of vulnerabilities found in open source TCP/IP stacks, enterprise IoT security company Forescout revealed this week. The Ripple20 flaws disclosed earlier this year and the URGENT/11 bugs made public in 2019 were revealed to render millions of devices vulnerable to remote attacks.

Credit card stealer scripts are evolving and become increasingly harder to detect due to novel hiding tactics. This happened because scanners aren't commonly scanning CSS files for malicious code and anyone looking at the skimmer's trigger script reading a custom property from the CSS page wouldn't give it a second glance.

Russian-speaking hackers behind Zebrocy malware have changed their technique for delivering malware to high-profile victims and started to pack the threats in Virtual Hard Drives to avoid detection. Inside the image were a PDF file and an executable posing as a Microsoft Word document, which Zebrocy malware.

A war of words has erupted between the National Police Chiefs' Council and a British web security pro after a senior cop declared it would be "a waste of public money" to keep discussing security flaws in the body's Cyberalarm product. Paul Moore says he uncovered what he described as a number of serious flaws in Cyberalarm, a distributed logging and monitoring tool intended to be deployed by small public-sector organisations.

Adobe has released security updates to address critical severity security bugs affecting Windows and macOS versions of Adobe Lightroom and Adobe Prelude. In total, the company addressed four security vulnerabilities affecting three products, three of them rated as critical and one as an important severity bug in Adobe Experience Manager and the AEM Forms add-on package.

Microsoft has issued security updates to address a Kerberos security feature bypass vulnerability impacting multiple Windows Server versions in a two-phase staged rollout. The vulnerability impacts only Windows server platforms from Windows Server 2012 up to the latest version Windows Server, version 20H2. Microsoft's security advisory says that there is no evidence of active exploitation of this security bug in the wild or of publicly available CVE-2020-16996 exploit code.

Qualys announced the establishment of a new Cloud Platform in the UAE. With nine locations across the globe, Qualys is expanding its highly scalable Cloud Platform that powers Qualys' suite of integrated IT, security, and compliance cloud apps including its latest VMDR and Multi-Vector EDR solutions. Uniquely, the Qualys Cloud Platform provides real-time visibility across the entire hybrid environment from on premises, endpoints, mobile, containers, cloud(s) and OT and IoT environments via an array of sensors and connectors that bring the telemetry required to provide continuous 2-second visibility across all IT assets.

A Russian threat actor known for its malware campaigns has reappeared in the threat landscape with yet another attack leveraging COVID-19 as phishing lures, once again indicating how adversaries are adept at repurposing the current world events to their advantage. Linking the operation to a sub-group of APT28, cybersecurity firm Intezer said the pandemic-themed phishing emails were employed to deliver the Go version of Zebrocy malware.

Offensive Security might best known as the company behind Kali Linux, the popular open-source pen testing platform, but its contribution to the information security industry is definitely not limited to it. Updated its most popular training and certification courses, including Penetration Testing with Kali Linux and Advanced Web Attacks and Exploitation.

Forescout researchers have discovered 33 vulnerabilities affecting four open source TCP/IP stacks used in millions of connected devices worldwide. The vulnerable open source TCP/IP stacks are PicoTCP, FNET, Nut/Net and uIP. The vulnerabilities have been found in seven different stack components: DNS, IPv6, IPv4, TCP, ICMP, LLMNR and mDNS. "The AMNESIA:33 vulnerabilities can be found in products that range from embedded components to consumer IoT, and from networking and office equipment to OT," the researchers explained.