Cyber Security News — Past 24 hours | 27.07.2021

Apple Releases Urgent 0-Day Bug Patch for Mac, iPhone and iPad Devices

Apple on Monday rolled out an urgent security update for iOS, iPadOS, and macOS to address a zero-day flaw that it said may have been actively exploited, making it the thirteenth such vulnerability Apple has patched since the start of this year.
The updates, which arrive less than a week after the company released iOS 14.7, iPadOS 14.7, and macOS Big Sur 11.5 to the public, fixes a memory corruption issue in the IOMobileFrameBuffer component, a kernel extension for managing the screen framebuffer, that could be abused to execute arbitrary code with kernel privileges.

Stack Overflow Teams

The timing of the update also raises questions about whether the zero-day had any role in compromising iPhones using NSO Group’s Pegasus software, which has become the focus of a series of investigative reports that have exposed how the spyware tool turned mobile phones of journalists, human rights activists, and others into portable surveillance devices, granting complete access to sensitive information stored in them.

Given the public availability of a proof-of-concept exploit, it’s highly recommended that users move quickly to update their devices to the latest version to mitigate the risk associated with the flaw.

Source — https://thehackernews.com/2021/07/apple-releases-urgent-0-day-bug-patch.html

Hackers Turning to ‘Exotic’ Programming Languages for Malware Development

Threat actors are increasingly shifting to «exotic» programming languages such as Go, Rust, Nim, and Dlang that can better circumvent conventional security protections, evade analysis, and hamper reverse engineering efforts.
«Malware authors are known for their ability to adapt and modify their skills and behaviors to take advantage of newer technologies,» said Eric Milam, Vice President of threat research at BlackBerry. «That tactic has multiple benefits from the development cycle and inherent lack of coverage from protective products».

Stack Overflow Teams

Noting that binaries written in these languages can appear more complex, convoluted, and tedious when disassembled, the researchers said the pivot adds additional layers of obfuscation, simply by virtue of them being relatively new, leading to a scenario where older malware developed using traditional languages like C++ and C# are being actively retooled with droppers and loaders written in uncommon alternatives to evade detection by endpoint security systems.

Programs written using the same malicious techniques but in a new language are not usually detected at the same rate as those written in a more mature language,» BlackBerry researchers concluded.

Source — https://thehackernews.com/2021/07/hackers-turning-to-exotic-programming.html

Several Bugs Found in 3 Open-Source Software Used by Several Businesses

Cybersecurity researchers on Tuesday disclosed nine security vulnerabilities affecting three open-source projects — EspoCRM, Pimcore, and Akaunting — that are widely used by several small to medium businesses and, if successfully exploited, could provide a pathway to more sophisticated attacks.

Stack Overflow Teams

EspoCRM is an open-source customer relationship management application, while Pimcore is an open-source enterprise software platform for customer data management, digital asset management, content management, and digital commerce. Akaunting, on the other hand, is an open-source and online accounting software designed for invoice and expense tracking.
The list of issues is as follows -CVE-2021–3539 — Persistent XSS flaw in EspoCRM v6.1.6
CVE-2021–31867 — SQL injection in Pimcore Customer Data Framework v3.0.0
CVE-2021–31869 — Pimcore AdminBundle v6.8.0
CVE-2021–36800 — OS command injection in Akaunting v2.1.12

Pimcore Customer Data Framework

Also addressed in Akaunting is a weak password reset vulnerability where the attacker can abuse the «I forgot my password» functionality to send a phishing email from the application to a registered user containing a malicious link that, when clicked, delivers the password reset token.

«All three of these projects have real users, real customers of their attendant support services and cloud-hosted versions, and are undoubtedly the core applications supporting thousands of small to medium businesses running today,» the researchers noted.

Source — https://thehackernews.com/2021/07/several-bugs-found-in-3-open-source.html

New Bug Could Let Attackers Hijack Zimbra Server by Sending Malicious Email

Cybersecurity researchers have discovered multiple security vulnerabilities in Zimbra email collaboration software that could be potentially exploited to compromise email accounts by sending a malicious message and even achieve a full takeover of the mail server when hosted on a cloud infrastructure. Mitigations have since been released in Zimbra versions 8.8.15 Patch 23 and 9.0.0 Patch 16. CVE-2021–35208 — Stored XSS Vulnerability in ZmMailMsgView.

Stack Overflow Teams

Zimbra is a cloud-based email, calendar, and collaboration suite for enterprises and is available both as an open-source version and a commercially supported version with additional features such as a proprietary connector API to synchronize mail, calendar, and contacts to Microsoft Outlook, among others.

«The downside of using server-side sanitization is that all three clients may transform the trusted HTML of an email afterwards to display it in their unique way,» Scannell said. «Transformation of already sanitized HTML inputs can lead to corruption of the HTML and then to XSS attacks».

«Zimbra would like to alert its customers that it is possible for them to introduce an SSRF security vulnerability in the Proxy Servlet,» the company noted in its advisory. «If this servlet is configured to allow a particular domain , and that domain resolves to an internal IP address , an attacker could possibly access services running on a different port on the same server, which would normally not be exposed publicly».

Stay Focused. Stay Vigilant.

Cyber Threat Incident Management Team — Cyber Security Community @ SLIIT

--

--

--

First they begin with Us..

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

VLAN hopping via DTP (Dynamic Trunking Protocol) using Yersinia

How Cyber Crime uses Confusion Matrix?

BIG, If True: Beyond Cyberspace: Security in a Networked World

MOBILE APPLICATION SECURITY — WHAT TO BE AWARE OF

Monitorance #1

APT#27 Backdoor#2021

CYBER RESILIENCE — WHAT IS IT AND HOW TO ACHIEVE IT?

America’s Newest Cyber Defenders Come From a Town You Haven’t Heard Of (Yet)

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
SLIIT CS2

SLIIT CS2

First they begin with Us..

More from Medium

Never Judge a File by its Cover

Musings about further Log4Shell Attack Vectors

SushiSwap vs UniSwap Gas fee

Valentine