Review of the current news by CERT-W – February 2020

Cybercrime watch

Google Chrome’s update fight against Cybercrime

Google Chrome version 80 now supports AES-256 to user data stored locally. The change has made an impact on AZORult’s ability to steal user’s information. AZORult is a user profile malware that appeared in 2016 thieving big amounts of information including passwords, web browsing history, cookies, etc.

Bouygues Construction another’s ransomware victim

Bouygues Construction was victim of a ransomware attack. First detected on January 30, the company announced the attack in Twitter only few days before the MAZE‘s group expressed to be behind the attack.

Internet Complain Center reporting (FBI IC3 report)

The Federal Bureau of Investigation (FBI) released the Internet Complaint Center (IC3) reporting an increment up to 1300 complaints every single day. The report shows how the Business email compromise (BEC) cost organizations $1.7 billion in 2019. Since companies have implemented “volume spam” campaigns, attackers are becoming more sophisticated targeting high-value individuals such as CEOs and finance employees.


Vulnerability watch

CVE-2020-0688 – Remote code execution vulnerability in Microsoft Exchange software

A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka ‘Microsoft Exchange Memory Corruption Vulnerability’.

CVE-2019-15126 – All-zero encryption key to encrypt part of the user’s communication

An issue was discovered on Broadcom Wi-Fi client devices. Specifically, timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic.

CVE-2020-0022 – Critical Bluetooth vulnerability in Android

Android Bluetooth stack that lets attackers silently deliver malware to and steal data from nearby phones simply knowing the Bluetooth MAC address of the target. As result, possibility to Deny of Service (DoS), if the device is running Android 8.0, 8.1 or 9.0 then Remote Code Execution (RCE)


Weekly top

Top leak: Decathlon leaks 123 Million records

A database misconfiguration let a vpnMentor team to reveal 123 million records including customer and employee information. Over 9GB database was found from an unsecured Elasticsearch server, exposing information from Decathlon – Spain.

Top exploit: CVE-2020-6418 – Confusion flaw in V8, Google Chrome

Confusion flaw in V8 (JavaScript engine used by Google Chrome) letting to arbitrary code execution within the browser sandbox.

Top attack: Cyber-attack cripples’ wool sales across Australia

A ransomware attack affected more than 75 per cent of the wool industry across Australia. Secretary of National Auction Selling Committee (NASC) confirmed the compromising of Talman. Talman is the major software supplier to the industry.

Back to top