IT Security Newsletter - 10/1/2019
Comodo Forums Breached, Data of Over 170,000 Users Up for Grabs
Account data belonging to more than half of all Comodo Forums users has been stolen and is now traded online. The breach was possible by exploiting a vulnerability in the software that powers the forum. Comodo today published a security notice informing users that an intruder may have gained access to the forums database. "Very recently a new vulnerability in the vBulletin software, which is one of the most popular server applications for website comments including the Comodo Forums, was made public," the notification begins.
New Bug Found in NSA’s Ghidra Tool
A medium severity bug reported on Saturday impacts Ghidra, a free, open-source software reverse-engineering tool released by the National Security Agency earlier this year. The vulnerability allows a remote attacker to compromise exposed systems, according to a NIST National Vulnerability Database description. No fix is currently available. Despite the warning, researchers are downplaying the impact of the bug. They maintain conditions needed to exploit the flaw, tracked as CVE-2019-16941, are rare.
Under-Detected ODT Files Deliver Common Remote Access Trojans
Security researchers noticed multiple cybercriminal operations using OpenDocument Text (ODT) files to distribute malware that is typically blocked by antivirus engines. The campaigns target English and Arabic-speaking users. ODT files are archives that can hold text, images, and objects, such as XML-based files that can be opened by Microsoft Office and similar, open-source software (LibreOffice, OpenOffice).
Malvertiser exploited Chrome and WebKit flaws to display over one billion dodgy ads
A malvertising actor known as eGobbler has been exploiting two browser security flaws to display invasive pop-up ads and to redirect users to malicious websites. One of these involved a patched flaw in Chrome for iOS while the other exploits a zero-day flaw in the WebKit browser engine. The activities of the group were first noticed last year when security researchers found it running malvertising campaigns to display malicious ads on vulnerable devices.
Critical Exim Flaw Opens Servers to Remote Code Execution
A patch has been issued for a critical flaw in the Exim email server software, which could potentially open Exim-based servers up to denial of service or remote code execution attacks. Exim, which is free software used on Unix-like operating systems (including Linux or Mac OSX), serves as a mail transfer agent that manages mail routing services for organizations. According to a Shodan analysis, Exim is the most used mail transfer agent globally and has over five million internet-facing hosts.
Webkit zero-day exploit besieges Mac and iOS users with malvertising redirects
Attackers have bombarded the Internet with more than 1 billion malicious ads in less than two months. The attackers targeted iOS and macOS users with what were zero-day vulnerabilities in Chrome and Safari browsers that were recently patched, researchers said on Monday. More than 1 billion malicious ads served in the past six weeks contained exploit code that redirected vulnerable users to malicious sites, according to a post published by security firm Confiant.
Vulnerability in Cisco Webex and Zoom may expose online meetings to snooping
Attackers have bombarded the Internet with more than 1 billion malicious ads in less than two months. The attackers targeted iOS and macOS users with what were zero-day vulnerabilities in Chrome and Safari browsers that were recently patched, researchers said on Monday. More than 1 billion malicious ads served in the past six weeks contained exploit code that redirected vulnerable users to malicious sites, according to a post published by security firm Confiant.