Communicating Vulnerabilities – HNN #241

 

 

This week, BlueKeep freakout had little impact on patching, Experts warn of spike in TCP DDoS reflection attacks targeting Amazon and others, Nvidia patches graphics products and GeForce Experience update tool, hackers breach ZoneAlarm’s forum site, and how Apple is to fix Siri bug that exposed parts of encrypted emails! In the expert commentary, we welcome Dan DeCloss, Founder and CEO of PlexTrac, to talk about the latest breaches and the importance of pentesting!

Visit https://www.securityweekly.com/hnn for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Communicating Vulnerabilities

  1. Apple to fix Siri bug that exposed parts of encrypted emails – For a better user experience, Apple stores some of your email in clear-text: Apple IT specialist Bob Gendler was tinkering around in the macOS operating system to understand more about how Apple personalizes Siri for each user. During the process, he found that the operating system was storing portions of user emails in plaintext, even when they were supposed to be encrypted. According to Gendler’s Medium post revealing the issue, Apple uses a system process called suggestd. Apple explains (as part of a help file system in the underlying BSD OS) that the program, which runs constantly, slurps content from various apps. These include Spotlight (the macOS indexing system), Mail, and Messages.
  2. Hackers Breach ZoneAlarm’s Forum Site Outdated vBulletin to Blame – I had no idea people still used this software! Apparently ZoneAlarm, a Checkpoint company, has over 100 million users. Go figure. They forgot to patch the forum, with 4,500 users: Upon reaching out to the company, a spokesperson confirmed with The Hacker News that attackers exploited a known critical RCE vulnerability (CVE-2019-16759) in the vBulletin forum software to compromise ZoneAlarm’s website and gain unauthorized access. For those unaware, this flaw affected vBulletin versions 5.0.0 up to the latest 5.5.4, for which the project maintainers later released patch updates, but only for recent versions 5.5.2, 5.5.3, and 5.5.4.
  3. BlueKeep freakout had little to no impact on patching, say experts – Over the last week or so, researchers spotted active exploits for BlueKeep being sent to their ‘honeypot’ systems. These attacks were The attempts aimed to infect machines with cryptocoin-mining software and led to a series of media reports urging users to patch their machines now that BlueKeep exploits had arrived. According to The SANS Institute, the reports did not get people motivated to patch. SANS says the rate of BlueKeep-vulnerable boxes it tracks on Shodan has been on a pretty steady downward slope since May, and the media’s rush to sound alarms over active attacks did not change that.
  4. Experts warn of spike in TCP DDoS reflection attacks targeting Amazon, SoftLayer and telco infrastructure – Ols school stuff right here, an amazing that egress filters did not stop this: “This means the recent attackers…used a rapid rate of falsified SYN packets to a wide range of the IPv4 address space with a spoofed source originating from either bots or servers hosted on subnets and by providers that do not implement BCP 38 to prevent IP source address spoofing on their servers or networks.” concludes the analysis. “The spoofed source in these attacks were the entire network ranges of the intended targets which resulted in the targeted reflectors retransmitting SYN-ACK packets in a carpet bombing attack as long as RST packets were not received.”
  5. Hosting Provider SmarterASP.NET Recovering From Ransomware Attack | SecurityWeek.Com – Yikes: Operating since 1999, SmarterASP.NET has datacenters in the United States and Europe and serves over 440,000 customers worldwide. On Saturday, the company fell victim to a ransomware attack that resulted in its customers’ data being encrypted. Impacted customers reported that even the hosting provider’s website was inaccessible in the beginning. However, even after the site was restored, the control panel could not be opened. Apparently, SmarterASP.NET failed to inform customers on the incident right away. On its live chat box page, the company did say it suffered from a major outage, but did not provide additional information. Be transparent and able to communicate clearly and effectively. As a result, some customers are reported to be leaving SmarterASP.NET for other providers as a result of this incident. Who’s to say the other providers are more secure, but maybe they are better at response and communication.
  6. Nvidia patches graphics products and GeForce Experience update tool – The three with the highest severity – CVE‑2019‑5690, CVE‑2019‑5691 and CVE‑2019‑5692 – are kernel mode flaws in the Nvidia Windows GPU display driver and which could be exploited to cause a crash or escalation of privileges…Nvidia’s GeForce Experience application is vulnerable to two flaws of its own, CVE‑2019‑5701 and CVE‑2019‑5689, plus one, CVE‑2019‑5695, shared with the Windows driver discussed above.

Hosts

Paul Asadoorian
Paul Asadoorian – Founder & CTO

Guests

Announcements

  • We have exciting news about the Security Weekly webcast program: We are now partnered with (ISC)2 as an official CPE provider! If you attend any of our webcasts, you will be receiving 1 CPE credit per webcast! Register for one of our upcoming webcast with Zane Lackey of Signal Sciences, Ian McShane from Endgame, or Stephen Smith and Jeff Braucher of LogRhythm (or all 3!) by going to securityweekly.com/webcasts If you have missed any of our previously recorded webcasts, you can find our on-demand library at securityweekly.com/ondemand