Jaimin Pandya

Since Rami posted about a newer version of VMware getting released, I figured I’d put it out there. Anyone running the above mentioned versions may want to apply 4 patches that were addressed by VMware this past week. I will list them out below:

CVE-2019-5534 covers an issue where virtual machines deployed in an Open Virtualization Format (OVF) could expose login information via the virtual machine’s vAppConfig properties. This can be resolved by updating to the latest version.

CVE-2019-5532 covers a situation where a malicious user with access to the log files containing vCenter OVF-properties of a virtual machine deployed from an OVF may be able to view the credentials used to deploy the OVF. This is typically done through the root account of the virtual machine. A patched version is now available for upload.

CVE-2019-5531 involves an information disclosure vulnerability in clients arising from insufficient session expiration that would allow an attacker with physical access or an ability to mimic a websocket connection to a user’s browser to possibly obtain control of a VM Console after the user has logged out or their session has timed out. A patched version is now available for upload.

CVE-2017-16544 is a vulnerability in ESXi where it contains a command injection vulnerability due to the use of vulnerable version of busybox that does not sanitize filenames. An attacker may exploit this issue by tricking an ESXi Admin into executing shell commands by providing a malicious file, VMware wrote. A patched version is now available for upload.

Source Link: https://www.scmagazine.com/home/security-news/vulnerabilities/patches-issued-for-vmwares-vsphere-esxi-vmware-vcenter-server/

The news broke out today that an IT firm’s manager has been arrested after personal details of almost ENTIRE population of Ecuador was left exposed online. “Personal records of more than 20 million adults and children, both dead and alive, were found publicly exposed on an unsecured Elasticsearch server by security firm vpnMentor, which made the discovery during its large-scale mapping project. For a country with a population of over 16 million people, the breach exposed details of almost every Ecuadorian citizen, including President Lenín Moreno as well as WikiLeaks CEO Julian Assange, who was given political asylum in the country in 2012.” This is some serious stuff.

What happened?

Per the article “The unsecured Elasticsearch server, which was based in Miami and owned by Ecuadorian company Novaestrat, contained 18GB cache of data appeared to have come from a variety of sources including government registries, an automotive association called Aeade, and an Ecuadorian national bank called Biess. The cache reportedly contained everything from full names, gender, dates and places of birth, phone numbers and addresses, to marital statuses, national identification numbers (similar to social security numbers), employment information, and details of education. The cache also contained specific financial information related information to accounts held with the Ecuadorian national bank Biess, including person’s bank account statuses, current balances and credit type, along with detailed information about individuals’ family members.”

From what I read it seems that the government and its telecom agencies are going to take strict actions against the private companies. Ecuador is also amidst passing a new data privacy law which they have been apparently working on for almost a year now.

Source Article Link: https://thehackernews.com/2019/09/ecuador-data-breach.html

We vaguely talked about a vulnerability or vulnerabilities at this point in sim card which allows attackers to compromise cell phones. From thehackernwes.com I was able to track down the article which talks about it. Known as “SimJacker” the threat lies in the SIM toolkit which can be exploited no matter what type of cellphone users have. This particular type of SIM card is used in over 30 countries and more than a few dozen big operators use that. The freaky part is according to the article – “What’s worrisome? A specific private company that works with governments is actively exploiting the SimJacker vulnerability from at least the last two years to conduct targeted surveillance on mobile phone users across several countries.” The article explains what exactly the SimJacker does and how it works.

“Disclosed by researchers at AdaptiveMobile Security in new research published today, the vulnerability can be exploited using a $10 GSM modem to perform several tasks, listed below, on a targeted device just by sending an SMS containing a specific type of spyware-like code.

Retrieving targeted device’ location and IMEI information,

• Spreading mis-information by sending fake messages on behalf of victims,
• Performing premium-rate scams by dialing premium-rate numbers,
• Spying on victims’ surroundings by instructing the device to call the attacker’s phone number,
• Spreading malware by forcing victim’s phone browser to open a malicious web page,
• Performing denial of service attacks by disabling the SIM card, and
• Retrieving other information like language, radio type, battery level, etc.”

Kind of a long read but worth it. Alarming imo!

Source Link: https://thehackernews.com/2019/09/simjacker-mobile-hacking.html

There is a new type of specific malware in the web environment today which basically “specializes” in theft of cryptocurrency. Yes, you read that right. The malware comes packed with Trojan capabilities as one of the article mentioned and will infect itself once it has identified sources of cryptocurrency wallet data. So you may wonder how does it spread? Phishing! It is developed on .net and gets sent out via phishing emails with attachments or even drive by downloads. As soon as the malware has made it entrance onto your machine, “it will make a copy of itself and hide it in the AppData directory before writing a Base64 encoded PE file in memory to execute the main functionality of the Trojan. In the quest for cryptocurrency, InnfiRAT will scan for information relating to cryptocurrency including Bitcoin (BTC) and Litecoin (LTC) wallets by checking for %AppData%\Litecoin\wallet.dat and %AppData%\Bitcoin\wallet.dat. If they are present, the malware will siphon existing data that can be used to compromise these wallets and potentially steal virtual funds.”  Check out the link to find out more about it. Looks pretty interesting and scary! (source link: https://www.zdnet.com/article/innfirat-malware-lurks-in-your-machine-to-steal-cryptocurrency-wallet-data/)

I usually check TechCrunch at least twice or three times a week and I recommend my classmates to do the same because you can find all tech related news on this platform. Anyway, I came cross this article that mentions about this company called HackerOne that “ that mediates between hackers and companies interested in testing their online vulnerabilities” which managed to raise $36 million in Series D funding bringing total funding to $110 mil. The article talks briefly what the company does and how it helps their client “to help find critical security weaknesses so they can address them before players with nefarious intentions find and exploit them.” They have over 1500 customers currently (Google, AirBnB, Intel just to name a few). They are also invested in working with Facebook on some blockchain stuff which I thought was super interesting. As we all know that cybersecurity domain is one of the fastest growing domains right now and companies like BugCrowd and HackerOne further proves why. Businesses are vulnerable to data leakage and different types of attacks so there will be new mechanisms and software companies in market to battle these issues.

Link: https://techcrunch.com/2019/09/08/hackerone-just-closed-a-new-round-of-funding-that-brings-its-total-funding-to-110-million/

For my folks with some non-technical background, this is something related to what we discussed in our last class. The article listed here talks about the importance of Network Encryption. Although we don’t realize it but it plays a really important part every time we go online whether it be accessing bank information or browsing through websites. It goes on to explain what an Encryption Key is and the algorithms behind it along with the keys which the SSL encryption depends on. I will try to hunt down the article about the strong encryption method that requires a ton of computing power (I think it was RSA).

https://www.lifewire.com/introduction-to-network-encryption-817993