New Series - Security Wrap-Up (November 10th, 2020)

Happy Tuesday, all! I’m happy to announce the introduction of a new series called “Security Wrap-Up,” where we’ll be wrapping up (hence, the name) some of the most important security updates through the past week along with some cybersecurity tips and tricks along the way.

Note: This is the first pass at our Security Wrap-Up series, so if you have any suggestions, comments, or concerns, feel free to send them my way and I’d really appreciate it. Any feedback is welcome!

Now, to the news -

No fix yet for Cisco’s Zero-Day AnyConnect vulnerability
The high-severity bug, CVE-2020-3556, earned a CVSS score of 7.3 and is currently undergoing analysis. Due to a lack of authentication to the IPC listener, attackers can exploit this vulnerability by sending crafted IPC messages to the AnyConnect client IPC listener. A successful exploit could allow an attacker to cause the targeted AnyConnect user to execute a script, with all of the privileges of the targeted user. As of yet, Cisco has not released a patch for this vulnerability and there are currently no workarounds, but there are plans to fix the flaw in a future release.

Microsoft Teams users targeted with a ‘FakeUpdates’ malware campaign
Advertisements for fake Microsoft Teams updates are being used to target various types of companies, with many recent targets in the K-12 education sector. These updates are being used to deploy backdoors, using Cobalt Strike (a commodity attack-simulation tool) to infect companies’ networks with malware. Attackers in the latest FakeUpdates campaign have been using search engine ads to push top results for the Teams software to a domain the attackers control. If a user clicks on the link, it will download a payload that executes a PowerShell script, loading malicious content.

Apple patches bugs tied to previously identified zero-days
With the release of iOS 14.2 and iPadOS 14.2, Apple has patched a total of 24 vulnerabilities, including the three already being exploited. The zero-day vulnerabilities discovered by Google Project Zero - CVE-2020-27930 (memory corruption flaw in the FontParser), CVE-2020-27950 (memory initialization issue in the iOS kernel), and CVE-2020-27932 (kernel privilege escalation) - are claimed to be related to three Google Chrome zero-days and one Windows zero-day revealed in the last two weeks, potentially as part of the same exploit chain.

Gitpaste-12 botnet exploits twelve known vulnerabilities
Lastly, researchers have discovered a new worm targeting Linux-based x86 servers, and Linux ARM & MIPS-based Internet of Things (IoT) devices. This botnet uses GitHub and Pastebin to host component code and the twelve known vulnerabilities it exploits to compromise systems. It was first detected by Juniper Threat Labs in attacks on October 15th, 2020. Researchers from Juniper also broke down the attack process in a recent blog, available here.

And if you want to stay as up-to-date as possible on the latest vulnerabilities, follow CVE on Twitter to be notified of the newest CVE IDs.

Have some thoughts about the updates shared above? Something you want to add to the list? Add it in the comments below!

4 Likes