Welcome to this week’s Security Wrap-Up! We have some patched bugs and some really interesting info about the adoption of the Golang language in malware attacks. Check it out -
NVIDIA patches high-severity GeForce spoof-attack bug
NVIDIA’s gaming graphics software, GeForce Experience, has suffered a major vulnerability that opens the door to a remote attacker that can exploit the bug to steal or manipulate data on a vulnerable Windows computer. NVIDIA has released a software patch for the flaw, which is present in its GeForce Experience (versions 3.21 and prior) software. A 3.23 GeForce update is available now to mitigate the bug. Tracked as CVE-2021-1073, the bug carries a CVSS severity of 8.3. The company warned, “NVIDIA GeForce Experience software contains a vulnerability where, if a user clicks on a maliciously formatted link that opens the GeForce Experience login page in a new browser tab instead of the GeForce Experience application and enters their login information, the malicious site can get access to the token of the user login session. Such an attack may lead to these targeted users’ data being accessed, altered, or lost.”
VMware fixes authentication bypass in Carbon Black App Control
Tracked as CVE-2021-21998, this vulnerability is an authentication bypass affecting VMware Carbon Black App Control (AppC) versions 8.0, 8.1, 8.5.8, and 8.6 before 8.6.2. Hackers with access to the AppC management server could exploit the bug to gain admin privileges without the need to authenticate. The vulnerability has been set at a CVSS score of 9.4, making it a critical issue to patch and handle. VMware also provided information on how to resolve these patches in their security advisory here.
Cisco ASA bug actively exploited as a proof-of-concept drops
Researchers have dropped a proof-of-concept (PoC) exploit on Twitter for a known cross-site scripting (XSS) vulnerability in the Cisco Adaptive Security Appliance (ASA). Researchers at Positive Technologies published the PoC for the bug (CVE-2020-2580) and one of the researchers noted that there were a heap of researchers chasing after an exploit for the bug. A patch has been available for this vulnerability for several months, but unpatched vulnerabilities continue to be an issue for many organizations. So, if you’re one of the lucky few to be open to this exploit, make sure you patch!
New ransomware highlights widespread adoption of Golang language by cyberattackers
A new ransomware strain that utilizes Golang highlights the programming language’s increasing adoption by threat actors. The ransomware strains in question have been active since 2019 and have been linked to attacks against CD Projekt Red and more. The sample reveals similar functions to HelloKitty and FiveHands, with components written in C++, as well as the way the malware encrypts files and accepts command-line arguments. However, unlike HelloKitty and FiveHands, this new ransomware strain has adopted a packer written in Go that encrypts its C++ ransomware payload. According to Intezer, malware utilizing Go was a rare occurrence before 2019, but now the programming language is a popular option due to the ease of compiling code quickly for multiple platforms and its difficulty to reverse-engineer.
Let us know what you think about this week’s news below!