Security Wrap-Up (February 9th, 2021)

It’s been 0 weeks since we last mentioned SolarWinds… Plenty to talk about this week, let’s take a look -

SolarWinds patches three newly discovered software vulnerabilities
SolarWinds customers are being urged to apply newly released security patches after the discovery of three previously undisclosed severe vulnerabilities which could allow attackers to take control of Windows systems. The most severe vulnerability (CVE-2021-25275) could allow attackers to exploit a vulnerability in how Orion works with Microsoft Message Queue (MSMQ) to gain access to secured credentials in the backend and gain complete control over the entire Windows server. This could be used to steal information or add new admin-level users to Orion. A second vulnerability (CVE-2021-25274) could allow remote, unauthenticated users to run code in a way that allows complete control of the underlying Windows operating system. The third vulnerability (CVE-2021-25276) related to SolarWinds Serv-U FTP and allows anyone who can login locally (or remotely via RDP) to add an admin account and all the privileges that brings when it comes to access to the network and servers.

Google Chrome zero-day being actively exploited
Google is warming of a zero-day vulnerability (listed under CVE-2021-21148) in the V8 open-source engine that’s currently being exploited by attackers. A patch has been issued in version 88 of Google’s Chrome browser, specifically version 88.0.4324.150 for Windows, Mac, and Linux. The update will roll out over the coming days and weeks. The specific flaw stems from a heap-buffer overflow, a type of buffer-overflow error. This is a class of vulnerability where the region of a process’ memory used to store dynamic variables (the heap) can be overwhelmed, causing the affected program to behave incorrectly and open the door to remote code execution.

CD Projekt Red affected by major security incident
CD Projekt Red, the Polish developer of Cyberpunk 2077 and The Witcher 3, has disclosed a major security incident in which several company systems were encrypted and confidential data stolen. The developer has published the ransom note left by the hackers, which threatens to release the source code for launched and upcoming titles, as well as various internal documents. In a Twitter statement, CD Projekt Red said that they would not give in to any demands or enter negotiations and added that they have already secured their IT infrastructure and begun restoring the data.

Critical Cisco flaws open VPN routers up to RCE attacks
Cisco is rolling out fixes for critical flaws in their lineup of small-business VPN routers, including the RV160, RV160W, RV260, RV260P, and RV260W routers. The issue has been assigned seven CVEs and they have a base CVSS score of 9.8 out of 10, making them critical in severity. HTTP request are not properly validated int he management interface, according to Cisco. An attacker could exploit the vulnerabilities, merely by sending a specially crafted HTTP request to the management interface by one of the affected router models.

What kinds of security news have you seen this week?

This one was another scary one this week:

Here’s the fabulous Krebs write-up of the incident: