It’s a browser bonanza this week, with multiple updates across Chrome, Firefox and all major search engines.
Elsewhere, there’s some shocking statistics about the world’s IOT traffic and your home router security. Let’s get to it!
Oodles of Google Updates for Approval; Latest Firefox Rocks Lots to Unbox
Let’s start the week as we mean to go on; up to date and protected from the latest vulnerabilities.
Both Google Chrome and Mozilla Firefox released all new versions earlier this week, with Chrome’s 85.0.4183.121 update and Firefox’s 81 and ERS 78.3 update both fighting for the title of ‘least memorable version number’.
Over in camp Firefox, those all-important Remote Code Execution vulnerabilities have been snuffed out, with CVE 2020-15673 and CVE 2020-15674 ranked as the most pertinent. According to Mozilla, these ‘memory safety’ bugs ‘showed evidence of memory corruption’ and ‘could have been exploited to run arbitrary code’.
There’s plenty more vulnerabilities patched besides these two major fixes though – you can read them all in Firefox’s detailed security advisory, here.
The separate Firefox for Android saw an important update too. A vulnerability in the browser meant hackers sharing the same WiFi network as their victims could open webpages on the target device on a whim – without the device user’s consent. We needn’t tell you what kind of embarrassing pranks could be performed with that kind of power.
The exploit of course, is a little more complex than that, and is covered in greater detail over on researcher Chris Moberley’s GitHub page. Any version of Firefox for Android before 68.11.0 is vulnerable, so ensure yours is updated to that version ASAP.
Meanwhile, in the fortress of Chrome, they too have been on an RCE hunt, patching up 10 arbitrary code exploits which relied on nothing fancier than a specially crafted phishing website to execute. According to Google, all previous versions of Chrome are effected; so whatever version you’re running and whatever operating system you’re running it on, get this latest update post-haste.
There were 10 vulnerabilities, all rated from low to high snuffed out in this release. If you want to find out more, the whole Google caboodle is over on their security advisory, here.
"I, For One, Welcome Our New Internet Overlords" - Mozi Botnet Engulfs Internet of Things
A staggering 90% of traffic over the Internet of Things is thought to belong to Mozi; the botnet facilitating Direct Denial of Service attacks, payload hacks and spamming campaigns across connected devices.
IBM X-Force, the cyber security research collective with the coolest name ever to grace Threat Thursday, noted that IoT attack instances had increased by what we scientists call a ‘whopping’ 400% compared to the previous 2 years – a growth which occurred during October last year over to June 2020.
The culprit is twofold; the ongoing reliance on IoT devices as we tackle the challenges of remote working, and the number of IoT devices that just aren’t configured securely enough. The IoT remains a problematic venture, with most devices boasting out-of-the-box security that is simply not up to the standard you’d want from an inter-connected business or household.
Targeting common household routers by Netgear, D-Link and Huawei, Mozi’s spread is a combination of brute force and the targeting of the internet’s most vulnerable device – the unsecured home router. Whenever you receive a new IoT device, always change the default password and secure it behind 2FA where possible – you’ll only contribute to your own unsecure infrastructure otherwise.
If you’ve got a lot of time on your hands, X-Force’s write-up on the subject is lengthy, interesting and gets even more technical as it goes on. We won’t judge you for only reading half of it.
Cyber Crims' New Box o' Tricks is Set to A-Maze
The Maze ransomware continues to find novel new ways to ruin things for everyone, according to research from Sophos Lab.
Investigating an attack in July, Sophos’s Managed Threat Response noticed that Maze was borrowing a technique from ‘rival’ cybercriminals Ragnar Locker; namely, the distribution of ransomware using virtual machines. This ‘Troika doll’ approach saw the nefarious payloads being hidden inside VirtualBox disk image files, which in turn were delivered by Microsoft’s trusted MSI format –used for installing files. This combination of the trusted VirtualBox and MSI formats was integral to the successful ‘smuggling’ of the ransomware.
Sophos describes the approach as ‘radical’, even if it’s not entirely new; however, Maze has typically avoided spreading via phishing campaigns, opting instead for a ‘drive-by download’ approach. By taking advantage of flaws in apps, browsers and operating systems, these completely bypass the human firewall and immediately assault the business on a technical level. While this does mean your best firewall – your human one – is one less hurdle for the malware to overcome, it remains at the mercy of your cyber security software.
Nonetheless – and as Maze’s own ransomware warning boasts – Maze has successfully compromised the City of Pensacola as well as the businesses MDLab and Southwire. Given that their ransom requests often exceed $15million, it’s best to stay defended from these guys by regularly updating your security solution.
Thus concludes another edition of Threat Thursday! We’ll be taking a brief hiatus over the next couple of weeks, but sign up for our newsletter and you’ll still receive the latest updates as soon as the next edition is published!
There’s no need to come to us next time, though – not when we can come to you.
For the latest Threat Thursday updates straight into your inbox, simply drop your email in the field on the right➡️ of this page. We’ll add you straight to our mailing list.