Security News > 2020

Over four months, it found 1,221 active phishing domains that were not part of the Akamai ecosystem but which either consumed data from or redirected victims to Akamai customer sites. "More importantly, we got a clear understanding on the number of victims, and such visibility is rarely published." Since he only used a sample dataset from the Akamai logs, he believes the true number of phishing sites using resources through Akamai is much higher.

Five high-severity bugs were fixed in the Firefox web browser with the release of version 74 by the Mozilla Foundation on Tuesday. In total, 12 bugs were patched with six rated as moderate severity and one low-severity bug.

Intel develops graphics drivers for Windows OS to communicate with specific Intel graphics devices, for instance. Sys file of the graphics drivers, which could enable privilege escalation or DoS; and an improper conditions check glitch in the graphic driver that may enable information disclosure and DoS. It's not the first time flaws have been discovered in discovered in Intel's graphics drivers.

After the disruption caused by the last-minute cancellation of Mobile World Congress, there were some mutterings as to whether RSA Conference 2020 would still happen. A focus topic for RSA Conference 2012, the underlying concepts continued to mature, as more organizations moved into cloud services over the coming years.

Many processors made by Intel are vulnerable to a newly disclosed type of attack named Load Value Injection, but the chip maker has told customers that the attack is not very practical in real world environments. A variation of the LVI attack, dubbed Load Value Injection in the Line Fill Buffers, was also reported to Intel by researchers at Bitdefender.

Chipzilla's processors, already weighed down by defenses deployed against side-channel attacks over the past two years, could get slower still if they try to thwart this latest vulnerability: prototype compiler changes, for full mitigation, have produced performance reductions ranging from 2x to 19x. That's because LVI protection involves compiler and assembler updates that insert extra x86 instructions and replace problematic instructions with functionally equivalent but more verbose instruction sequences. "Being essentially a 'reverse Meltdown'-type attack, LVI abuses that a faulting or assisted load instruction executed within a victim domain does not always yield the expected result, but may instead transiently forward dummy values or data from various microarchitectural buffers."

Chipzilla's processors, already weighed down by defenses deployed against side-channel attacks over the past two years, could get slower still if they try to thwart this latest vulnerability: prototype compiler changes, for full mitigation, have produced performance reductions ranging from 2x to 19x. That's because LVI protection involves compiler and assembler updates that insert extra x86 instructions and replace problematic instructions with functionally equivalent but more verbose instruction sequences. "Being essentially a 'reverse Meltdown'-type attack, LVI abuses that a faulting or assisted load instruction executed within a victim domain does not always yield the expected result, but may instead transiently forward dummy values or data from various microarchitectural buffers."

Multiple threat actors are already targeting Microsoft Exchange servers in an attempt to exploit a vulnerability fixed by Microsoft with its February 2020 Patch Tuesday updates. Tracked as CVE-2020-0688 and found in Microsoft Exchange 2010, 2013, 2016, and 2019, the issue exists because the server doesn't create unique cryptographic keys at the time of installation, which allows an authenticated attacker to trick the server into deserializing malicious ViewState data.

Criminals targeting other criminals is nothing new, but researchers have now uncovered a years-long campaign that trojanizes hacking tools in order to infect other hackers with njRAT. Just as trojanized mobile apps can be downloaded from app stores and installed by trusting users, so trojanized hacking tools are downloaded and installed by trusting hackers. The njRAT infection route in the campaign appears to be via cracked and trojanized hacking tools.

Cybersecurity researchers have found a vulnerability within Intel's data center CPUs that gives attackers the ability to inject rogue values in certain microarchitectural structures and steal information. Bogdan Botezatu, director of threat research and reporting at Bitdefender, said these attacks are "Particularly devastating in multi-tenant environments such as enterprise workstations or servers in the datacenter, where one less-privileged tenant would be able to leak sensitive information from a more privileged user or from a different virtualized environment on top of the hypervisor."