This week’s security wrap-up is full of plenty of interesting updates and discoveries -
Qualcomm chip bug opens Android devices to eavesdropping
A vulnerability in a 5G modem data device could allow mobile hackers to remotely target Android users by injecting malicious code into a phone’s modem, gaining the ability to execute code, access mobile users’ call histories and text messages, and eavesdrop on phone calls. The bug (CVE-2020-11292) exists in the Qualcomm Mobile Station Modem (MSM) Interface, known as QMI. MSMs are systems on chips designed by Qualcomm and QMI is a proprietary protocol used to communicate between software components in the modem and other peripheral subsystems. QMI is currently being used in roughly 30% of the world’s handsets. Attackers can exploit the bug to attack a mobile device remotely via a malicious or trojanized Android application.
Cisco fixes critical SD-WAN vManage and HyperFlex HX security bugs
Cisco SD-WAN vManage Software vulnerabilities patched by Cisco could enable unauthenticated, remote attackers to execute arbitrary code or access sensitive information. They could be exploited locally by authenticated local attackers to gain escalated privileges or unauthorized access to an application vulnerable to attacks. Cisco HyperFlex HX Command Injection security bugs make it possible for remote attackers with no privileges on the targeted servers to perform command injection attacks. The three security issues are tracked as CVE-2021-1468 (Cisco SD-WAN vManage Cluster Mode Unauthorized Message Processing), CVE-2021-1505 (Cisco SD-WAN vManage Cluster Mode Privilege Escalation), and CVE-2021-1497 (Cisco HyperFlex HX Installer Virtual Machine Command Injection).
Pulse Secure zero-day security bug under active exploit
CVE-2021-22893 is a critical zero-day security vulnerability in Pulse Secure VPN devices that allows remote code-execution (RCE) and is being used in the wild to gain administrator-level access to the appliances. according to Ivanti research. Pulse Secure said that the the zero-day will be patched in early May, but in the meantime, the company worked with Ivanti (its parent company) to release both mitigations and the Pulse Connect Secure Integrity tool, to help determine if systems have been impacted. The newly discovered vulnerability is rated 10 out of 10 on the CVSS vulnerability-rating scale, posing as a significant threat.
Lemon Duck hacking group leverages Microsoft Exchange Server vulnerabilities
Four critical flaws, dubbed ProxyLogon, impact on-prem Microsoft Exchange Server 2010, 2013, and 2016. Patches, detection tools, and mitigation instructions were made available in March, but it’s estimated that up to 60,000 organizations may have been compromised. Exploit code is available and at least 10 advanced persistent threat (APT) groups have adopted the flaws in attacks. In late March, Microsoft said the Lemon Duck botnet had been observed exploiting vulnerable servers and using the systems to mine for cryptocurrency.
Leave your security news and updates in the comments below!