Cyber Security News of the week — 05.11.2021|12.11.2021

The Good

Google Warns of New Android 0-Day Vulnerability Under Active Targeted Attacks

Google has rolled out its monthly security patches for Android with fixes for 39 flaws, including a zero-day vulnerability that it said is being actively exploited in the wild in limited, targeted attacks.

Tracked as CVE-2021–1048, the zero-day bug is described as a use-after-free vulnerability in the kernel that can be exploited for local privilege escalation. Use-after-free issues are dangerous as it could enable a threat actor to access or reference memory after it has been freed, leading to a «write-what-where» condition that results in the execution of arbitrary code to gain control over a victim’s system.

Also remediated in the security patch are two critical remote code execution vulnerabilities — CVE-2021–0918 and CVE-2021–0930 — in the System component that could allow remote adversaries to execute malicious code within the context of a privileged process by sending a specially-crafted transmission to targeted devices.

Two more critical flaws, CVE-2021–1924 and CVE-2021–1975 affect Qualcomm closed-source components, while a fifth critical vulnerability in Android TV could permit an attacker in close proximity to silently pair with a TV and execute arbitrary code with no privileges or user interaction required.

Source — https://thehackernews.com/2021/11/google-warns-of-new-android-0-day.html

The Bad

Twitch Suffers Massive 125GB Data and Source Code Leak Due to Server Misconfiguration

Interactive livestreaming platform Twitch acknowledged a breach after an anonymous poster on the 4chan messaging board leaked its source code, an unreleased Steam competitor from Amazon Game Studios, details of creator payouts, proprietary software development kits, and other internal tools.

The Amazon-owned service said it’s working with urgency to understand the extent of this, adding the data was exposed due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party.

The forum user claimed the hack is designed to foster more disruption and competition in the online video streaming space because their community is a disgusting toxic cesspool. The development was first reported by Video Games Chronicle, which said Twitch was internally aware of the leak on October 4. The leak has also been labeled as part one, suggesting that there could be more on the way.

The leak of internal source code poses a serious security risk in that it allows interested parties to search for vulnerabilities in the source code. While the data doesn’t include password related details, users are advised to change their credentials as a precautionary measure and turn on two-factor authentication for additional security.

Source — https://thehackernews.com/2021/10/twitch-suffers-massive-125gb-data-and.html

The Ugly

Researchers Uncover ‘Pink’ Botnet Malware That Infected Over 1.6 Million Devices

Cybersecurity researchers disclosed details of what they say is the largest botnet observed in the wild in the last six years, infecting over 1.6 million devices primarily located in China, with the goal of launching distributed denial-of-service attacks and inserting advertisements into HTTP websites visited by unsuspecting users.

Qihoo 360’s Netlab security team dubbed the botnet Pink based on a sample obtained on November 21, 2019, owing to a large number of function names starting with pink.

Pink raced with the vendor to retain control over the infected devices, while vendor made repeated attempts to fix the problem, the bot master noticed the vendor’s action also in real time, and made multiple firmware updates on the fiber routers correspondingly, the researchers said in an analysis published last week following coordinated action taken by the unspecified vendor and China’s Computer Network Emergency Response Technical Team/Coordination Center .

More than 96% of the zombie nodes part of the super-large-scale bot network were located in China, Beijing-based cybersecurity company NSFOCUS noted in an independent report, with the threat actor breaking into the devices to install malicious programs by taking advantage of zero-day vulnerabilities in the network gateway devices. With nearly 100 DDoS attacks having been launched by the botnet to date, the findings are yet another indication as to how botnets can offer a powerful infrastructure for bad actors to mount a variety of intrusions. Internet of Things devices have become an important goal for black production organizations and even advanced persistent threats organizations, NSFOCUS researchers said.

Source — https://thehackernews.com/2021/11/researchers-uncover-pink-botnet-malware.html

Stay Focused. Stay Vigilant.

Cyber Security News Team — Cyber Security Community of SLIIT

First they begin with Us..