Security Safari

New Threats in the Wild

This section is devoted to threats of particular note that have been recently identified in the real world. A select few of particular interest will be highlighted in greater detail. NIST NVD data will be used to make these determinations.

HIGHLIGHT

Samsung Factory Reset Protection (FRP) Bypass

What does it do?

Samsung’s Factory Reset Protection (FRP) is a feature that allows users to prevent stolen devices that they own from being used by others after a factory reset. It’s a key feature that can help reduce the frequency of stolen phones on the market.

This bypass allows an assailant to use the Secure Folder feature to prevent FRP from communicating with the remainder of the device. The process is simple enough to perform that there are even several online tutorials on the topic.

Potential Impact

Though personal data does seem to be secure, the problem with this threat is the ease of use and loss of property. It can cause certain models to gain demand due to their newfound appreciation on the black market and make theft more of a problem to businesses.

Remediation

A patch has been released by Samsung and has been pushed in latest updates.

More Information:

CVE-2020-28340

HIGHLIGHT

Android RCE

What does it do?

In the Android security bulletin released near the beginning of November, a patch was announced that fixed a series of severe security flaws. The most severe flaw announced was a proximity-based flaw that could allow attackers to execute arbitrary code as a privileged process.

Using exif_entry_get and exif-entry.c, attackers could cause an integer overflow if a third party application used the libraries to process remote image data. The most significant thing of note here is that this does not require any form of user interaction to pull off.

Potential Impact

Any form of remote code execution flaw means a significant reduction in security through the entirety of the CIA triad, it all depends on what form of code execution is chosen and available to the attacker. It is for this reason that impact from these vulnerabilities is set so high. Remediation: A patch has been released by Android. Please ensure that you or the mobile device manager for your business installs this update. More Information: CVE-2020-0452

Remediation

A patch has been released by Android. Please ensure that you or the mobile device manager for your business installs this update.

More Information:

CVE-2020-28340

Additional Threats

CVE-2020-28864

Buffer overflow in WinSCP 5.17.8 allows a malicious FTP server to cause a denial of service or possibly have other unspecified impact via a long file name.

More Info

CVE-2020-3531

A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to access the back-end database of an affected system.
The vulnerability exists because the affected software does not properly authenticate REST API calls. An attacker could exploit this vulnerability by obtaining a cross-site request forgery (CSRF) token and then using the token with REST API requests. A successful exploit could allow the attacker to access the back-end database of the affected device and read, alter, or drop information.

More Info

CVE-2020-15993

Use after free in printing in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

More Info

Description

CVE-2020-28864

Buffer overflow in WinSCP 5.17.8 allows a malicious FTP server to cause a denial of service or possibly have other unspecified impact via a long file name.

More Info

CVE-2020-3531

A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to access the back-end database of an affected system.
The vulnerability exists because the affected software does not properly authenticate REST API calls. An attacker could exploit this vulnerability by obtaining a cross-site request forgery (CSRF) token and then using the token with REST API requests. A successful exploit could allow the attacker to access the back-end database of the affected device and read, alter, or drop information.

More Info

CVE-2020-15993

Use after free in printing in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

More Info

From The Field

Real World Use Cases in Action

In this section, we’ll be covering a significant use case that our teams recently saw and remediated, along with some of the benefits of doing so. It is our hope that this section can give some ideas for both current and future customers as to what problems can be seen in the real world and how they can be solved using LogicHub automations.

Customer Use Case

Automated Salesforce Monitoring

Summary

Salesforce users used to be manually added to lists, looked up via search engines, and their activity had to be verified through a series of different methods. Though effective, this process took far more time than desired and caused a greater chance for error. User managers had to be contacted regularly to confirm the presence of a user.

Automated Solution

Through automated commands and custom integrations like Cisco Talos integration, cases now arrive with all information on the user previously seen in logs available to the investigator. The creation of the account, prior activity, IP rating, any existing social media, and the user’s full name become easy to access and useful for triage. In some instances, the case can be automatically resolved.

Benefits to This Approach

  • Quick access to information
  • Consistent in sourcing and data
  • Automated resolution
  • Information consolidated for reporting
  • Methods of lookup are documented within the automated monitoring process

Recommended Reading

This section contains some interesting reading related to the state of infosec today. These articles have a simple summary that explains the basic idea of the news and links to more information.

AstraZeneca Targeted by Possible North Korean Intelligence Group

With AstraZeneca in the big race to find a vaccine for COVID-19, two phishing scams from LinkedIn targeted employees of the company in an attempt to plant malicious code.

Read More

Brazilian Ministry of Health Data Exposed

Over 243 million Brazilian citizens’ personal information was leaked for six months in an open database, the password being left in the source code of the Ministry of Health website.

Read More

APT Using CryptoMiners As Distraction

APT group BISMUTH has been using cryptominers as a distraction from more targeted spearphishing activity upon their targets in an interesting new tactic.

Read More

iPhone Over the Air Takeover

A previously patched vulnerability from Apple was dug into by a curious researcher, who found the true reaches of the bug over six months: a wormable OTA bug that would have allowed attackers to see everything on your phone with ease.

Read More

Financial CyberCrime Evolution Via Pandemic

The world of financial cybercrime is changing due to the pandemic, with security becoming less prominent in large companies due to fast online shifts, lack of employee training, and easy DDoS opportunities. Next year is looking even worse.

Read More

LET'S GET STARTED

I would like to

Submit

Request a Demo

This website uses cookies to ensure you get the best experience. Got it, Thanks! MORE INFO