The Briefing – WK50 2020
Curated for business leaders, small business owners and security staffers; The Briefing is a compact summary of noteworthy security stories impacting global business sectors and industries prevalent across the Caribbean Region.
GLOBAL NEWS
AMNESIA:33 Vulnerabilities in TCP/IP Stacks Expose Millions of Devices to Attacks:
AMNESIA:33 — millions of connected devices from over 150 vendors are affected by vulnerabilities in open source TCP/IP stacks. Forescout reported a total of 33 new vulnerabilities were found in 4 open source TCP/IP stacks, namely uIP, PicoTCP, FNET, and Nut/Net. Collectively referred to as AMNESIA:33 and rooted on memory corruptions, the bugs expose devices to remote code execution, information disclosure, denial of service, and DNS cache poisoning. Attackers able to exploit these vulnerabilities could take full control of affected devices allowing lateral movement within the environment and to maintain persistent access to the target network.
FireEye Hacked – Red Team Tools Stolen:Â
FireEye said that a “highly sophisticated” threat actor broke into its corporate network and stole a range of automated hacking tools and scripts
Medusa23 Selling access to Saudi and one Kuwati Telecoms companies:
RecordedFuture – lists information that APT Medusa23 are selling live access to Saudi and Kuwati telecoms companies.
Siemens, Schneider Electric Address Serious Vulnerabilities in ICS Products:Â
Siemens and Schneider Electric have addressed several critical and high-severity vulnerabilities in their industrial automation products. Siemens has released 6 new advisories and updated 18 previous advisories. The new advisories describe vulnerabilities affecting the company’s SICAM, SIMATIC, SIPLUS, LOGO! 8, SENTRON, SIRIUS, and XHQ products.
Over 100 GE Healthcare Devices Affected by Critical Vulnerability:Â
Over 100 CT, X-Ray, MRI and other types of medical devices made by GE Healthcare are affected by a critical vulnerability that could allow an attacker to access or modify sensitive data. The vulnerability impacts CT scan, molecular imaging, PET, X-Ray, ultrasound and mammography devices, as well as workstations and imaging devices used in surgery; which includes GE’s Brivo, Definium, Discovery, Innova, Optima, Odyssey, PETtrace, Precision, Seno, Revolution, Ventri, and Xeleris products. This vulnerability is tracked under CVE-2020-25179.
New Backdoors Used by Hamas-Linked Hackers Abuse Facebook, Dropbox:Â
Security researchers have attributed two new backdoors and a malware downloader to the Hamas-linked Molerats. Also referred to as Gaza Hackers Team, Gaza Cybergang, DustySky, Extreme Jackal & Moonlight – the group mainly hit targets in the Middle East (including Israel, Egypt, Saudi Arabia, the UAE and Iraq), but also launched attacks on entities in Europe and the United States. Cybereason reports Molerats has expanded its toolset with the addition of two backdoors named SharpStage and DropBook, along with a downloader called MoleNet. All 3 malware families allow attackers to run arbitrary code and collect data from the infected machines. The backdoors stand because of the use of legitimate online services for malicious purposes. Both use a Dropbox client for data exfiltration and for storing espionage tools, while DropBook is controlled through fake Facebook accounts. Google Drive is also abused for payload storage.
CARIBSOC advises organisations to corroborate all data and information as a matter of course when determining impacts to their staff & infrastructure.