Cyber Security News — Past 24 hours | 06.08.2021

New Amazon Kindle Bug Could’ve Let Attackers Hijack Your eBook Reader

Amazon earlier this April addressed a critical vulnerability in its Kindle e-book reader platform that could have been potentially exploited to take full control over a user’s device, resulting in the theft of sensitive information by just deploying a malicious e-book.

Stack Overflow Teams

In other words, if a threat actor wanted to single out a specific group of people or demographic, it’s possible for the adversary to choose a popular e-book in a language or dialect that’s widely spoken among the group to tailor and orchestrate a highly targeted cyber attack.
Upon responsibly disclosing the issue to Amazon in February 2021, the retail and entertainment giant published a fix as part of its 5.13.5 version of Kindle firmware in April 2021.

Heap overflow vulnerability in the JBIG2Globals decoding algorithm

The problem resides in the firmware’s e-book parsing framework, specifically in the implementation associated with how PDF documents are opened, permitting an attacker to execute a malicious payload on the device.

Prevent Data Breaches

Earlier this January, Amazon fixed similar weaknesses — collectively named «KindleDrip» — that could have allowed an attacker to take control of victims’ devices by delivering a malicious e-book to the targets and make unauthorized purchases.
«Kindle, like other IoT devices, are often thought of as innocuous and disregarded as security risks,» Balmas said.

Source — https://thehackernews.com/2021/08/new-amazon-kindle-bug-couldve-let.html

India’s Koo, a Twitter-like Service, Found Vulnerable to Critical Worm Attacks

Koo, India’s homegrown Twitter clone, recently patched a serious security vulnerability that could have been exploited to execute arbitrary JavaScript code against hundreds of thousands of its users, spreading the attack across the platform.

Stack Overflow Teams

The issue was discovered by security researcher Rahul Kankrale in July, following which a fix was rolled out by Koo on July 3.
Using cross-site scripting, an attacker can perform actions on behalf of users with the same privileges as the user and steal web browser’s secrets, such as authentication cookies.
Due to the fact that malicious JavaScript has access to all objects that the website can access, it could allow adversaries to sneak into sensitive data such as private messages, or spread misinformation, or display spam using users’ profiles.

Prevent Ransomware Attacks

Aprameya Radhakrishna, co-founder, and chief executive officer of Koo, announced the entry of the app into the Nigerian market earlier this week.

Hacking Koo App Accounts

It was discovered by Prasoon Gupta, an independent security researcher. In an interview with The Hacker News, Prasoon explained that the vulnerability arises due to the way the app validates access tokens when a user is authenticated with a phone number and an one-time password sent to it.

Source — https://thehackernews.com/2021/08/indias-koo-twitter-like-service-found.html

VMware Issues Patches to Fix Critical Bugs Affecting Multiple Products

VMware has released security updates for multiple products to address a critical vulnerability that could be exploited to gain access to confidential information.
Tracked as CVE-2021–22002 and CVE-2021–22003 , the flaws affect VMware Workspace One Access , VMware Identity Manager , VMware vRealize Automation , VMware Cloud Foundation, and vRealize Suite Lifecycle Manager.

Stack Overflow Teams

CVE-2021–22002 concerns an issue with how VMware Workspace One Access and Identity Manager allow the «/cfg» web app and diagnostic endpoints to be accessed via port 443 by tampering with a host header, resulting in a server-side request.
«A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /cfg web app, in addition a malicious actor could access /cfg diagnostic endpoints without authentication,» the company said in its advisory. Suleyman Bayir of Trendyol has been credited with reporting the flaw.
Also addressed by VMware is an information disclosure vulnerability impacting VMware Workspace One Access and Identity Manager through an inadvertently exposed login interface on port 7443. An attacker with network access to port 7443 could potentially stage a brute-force attack, which the firm noted: «may or may not be practical based on lockout policy configuration and password complexity for the target account».

Prevent Data Breaches

For customers who cannot upgrade to the latest version, VMware is offering a workaround script for CVE-2021–22002 that can be deployed independently without taking the vRA appliances offline. «The workaround disables the ability to resolve the configuration page of vIDM. This endpoint is not used in vRA 7.6 environments and will not cause any impact to functionality,» the company said.

Source — https://thehackernews.com/2021/08/vmware-issues-patches-to-fix-critical.html

Stay Focused. Stay Vigilant.

Cyber Threat Incident Management Team — Cyber Security Community @ SLIIT

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store