Cover photo by Jazmin Quaynor on Unsplash.
Introduction
Welcome to the weekly round-up of security news from around the Web. I hope your week was fine.
This week it's about the following:
- Ransomware
- Software bugs
ProLock ransomware – new report reveals the evolution of a threat
Defenders are always on alert about new threats in the cyberspace, this time it's about a ransomware named ProLock which according to sophos "is interesting not so much for its implementation as for its evolution."
Excerpt from the article:
Interestingly, ProLock doesn’t actually scramble every byte of every file it attacks.
In the ProLock sample analysed by SophosLabs, the first 8KB (8192 bytes, or 0x2000 in hex) of every file are left untouched.
As a result, files of 8KB or below are unmodified, while files bigger than 8192 bytes are encrypted but with the first 8KB intact.
Critical WordPress plugin bug lets hackers take over hosting account
WordPress is arguably the most used Content Management System.
The name of the plugin in question is wpDiscuz.
Excerpt from the article:
Hackers can exploit a maximum severity vulnerability in the wpDiscuz plugin installed on over 70,000 WordPress sites to execute code remotely after uploading arbitrary files on servers hosting vulnerable sites.
wpDiscuz is a WordPress plugin marketed as an alternative to Disqus and Jetpack Comments that provides an Ajax real-time comment system that will store comments within a local database.
Undetectable Linux Malware Targeting Docker Servers With Exposed APIs
The title says it all.
Excerpt from the article:
Docker is a popular platform-as-a-service (PaaS) solution for Linux and Windows designed to make it easier for developers to create, test, and run their applications in a loosely isolated environment called a container.
According to the latest research Intezer shared with The Hacker News, an ongoing Ngrok mining botnet campaign scanning the Internet for misconfigured Docker API endpoints and has already infected many vulnerable servers with new malware.
Microsoft now detects CCleaner as a Potentially Unwanted Application
The title says it all.
Excerpt from the article:
Microsoft is now detecting the popular CCleaner Windows optimization and Registry cleaner program as a potentially unwanted application (PUA) in Microsoft Defender.
CCleaner is a junk file remover, Registry cleaner, and general Windows performance optimization utility developed by Piriform.
Critical GRUB2 Bootloader Bug Affects Billions of Linux and Windows Systems
The title of the article clearly shows the severity of this bug.
Excerpt from the article:
Dubbed 'BootHole' and tracked as CVE-2020-10713, the reported vulnerability resides in the GRUB2 bootloader, which, if exploited, could potentially let attackers bypass the Secure Boot feature and gain high-privileged persistent and stealthy access to the targeted systems.
Secure Boot is a security feature of the Unified Extensible Firmware Interface (UEFI) that uses a bootloader to load critical components, peripherals, and the operating system while ensuring that only cryptographically signed code executes during the boot process.
Zoom Bug Allowed Snoopers Crack Private Meeting Passwords in Minutes
It's 2020, Zoom needs no introduction. We've covered news regarding Zoom in previous posts.
Excerpt from the article:
Zoom meetings are by default protected by a six-digit numeric password, but according to Tom Anthony, VP Product at SearchPilot who identified the issue, the lack of rate limiting enabled "an attacker to attempt all 1 million passwords in a matter of minutes and gain access to other people's private (password protected) Zoom meetings."
New Attack Leverages HTTP/2 for Effective Remote Timing Side-Channel Leaks
From Wikipedia:
In computer security, a side-channel attack is any attack based on information gained from the implementation of a computer system, rather than weaknesses in the implemented algorithm itself.
Excerpt from the article:
Security researchers have outlined a new technique that renders a remote timing-based side-channel attack more effective regardless of the network congestion between the adversary and the target server.
Remote timing attacks that work over a network connection are predominantly affected by variations in network transmission time (or jitter), which, in turn, depends on the load of the network connection at any given point in time.
That's it for this week, I'll see you next Friday.
Top comments (0)