Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week. This week's volume was curated by Secjuice writers Andy74 and Bhumish.

North Korea Hacked Him. So He Took Down Its Internet

North Korea disappeared from the internet at least twice in the past month, with state-run websites becoming inaccessible in what some observers speculated was a distributed denial-of-service attack on the country's servers. In a report published Tuesday, a lone hacker bent on revenge told Wired that he was responsible for crippling the secretive country's internet.

Read more at wired.com

Tenable Launches Suite of New Features to Cloud-Native Application Security Platform

Tenable announced new capabilities for Tenable.cs, its cloud-native application security platform. Tenable.cs delivers full lifecycle cloud-native security to address cyber risks from build to runtime. With the new features, organizations can secure cloud resources, container images and cloud assets to provide end-to-end security from code to cloud to workload.

Read more at darkreading.com

How $320m in Ether was stolen from crypto biz Wormhole

Wormhole, a protocol for connecting different blockchains, lost about $320m worth of Ether (ETH), thanks to poorly crafted code. The wormhole network was exploited for 120k wETH.
The loss represents the fourth biggest cryptocurrency hack to date. The hack appears to have been made possible by a signature verification function in Wormhole's Solana bridge code that didn't actually verify any signatures.

Read more at theregister.com

Critical Cisco Bugs Open VPN Routers to Cyberattacks

Critical security vulnerabilities in Cisco’s Small Business RV Series routers could allow privilege escalation, remote code execution (RCE) with root privileges on the devices and more.
The critical bugs are part of 15 total vulnerabilities affecting the RV product line that Cisco disclosed this week. Some of the issues are exploitable on their own, while others must be chained together, the networking giant said – but they all could lead to a concerning cornucopia of bad outcomes.

Read more at threatpost.com

Zimbra zero-day vulnerability actively exploited to steal emails

A cross-site scripting (XSS) Zimbra security vulnerability is actively exploited in attacks targeting European media and government organizations. Zimbra is an email and collaboration platform that also includes instant messaging, contacts, video conferencing, file sharing, and cloud storage capabilities. According to Zimbra, more than 200,000 businesses from over 140 countries are using its software, including over 1,000 government and financial organizations.

Read more at bleepingcomputer.com

Windows vulnerability with new public exploits lets you become admin

A security researcher has publicly disclosed an exploit for a Windows local privilege elevation vulnerability that allows anyone to gain admin privileges in Windows 10. Using this vulnerability, threat actors with limited access to a compromised device can easily elevate their privileges to help spread laterally within the network, create new administrative users, or perform privileged commands.

Read more at bleepingcomputer.com/

Over 20,000 data center management systems exposed to hackers

Investigators at Cyble have found over 20,000 instances of publicly exposed DCIM systems, including thermal and cooling management dashboards, humidity controllers, UPS controllers, rack monitors, and transfer switches. Additionally, the analysts were able to extract passwords from dashboards which they then used to access actual database instances stored on the data center.

Read more at bleepingcomputer.com

Detecting and mitigating “Pwnkit” local privilege escalation

Qualys had disclosed a local privilege escalation bug in SUID-set program ‘pkexec’. The vulnerable program is a part of Polkit, and by manipulating environment variables, an attacker can trick ‘pkexec’ to load and execute arbitrary code with superuser privileges. Sysdig has published an article on detecting this vulnerability on your systems, what is the impact and how to mitigate it.

Read more at sysdig.com

277,000 routers exposed to Eternal Silence attacks via UPnP

A malicious campaign known as 'Eternal Silence' is abusing Universal Plug and Play (UPnP) turns your router into a proxy server used to launch malicious attacks while hiding the location of the threat actors. Out of 3,500,000 UPnP routers found online, 277,000 are vulnerable to UPnProxy, and 45,113 of them have already been infected by hackers.

Read more at bleepingcomputer.com

Unsecured AWS server exposed 3TB in airport employee records

An unsecured server has exposed sensitive data belonging to airport employees across Colombia and Peru. The server contained approximately 3TB of data dating back to 2018, including airport employee records. The misconfigured AWS bucket, which did not require any authentication to access, contained two main datasets related to Securitas and airport employees. Among the records were ID card photos, Personally identifiable information (PII), including names, photos, occupations, and national ID numbers.

Read more at zdnet.com

Apple Pays $100.5K Bug Bounty for Mac Webcam Hack

A researcher who showed Apple how its webcams can be hijacked via a universal cross-site scripting bug (UXSS) Safari bug has been awarded what is reportedly a record $100,500 bug bounty. The bug could be used by an adversary as part of an attack to gain full access to every website ever visited by the victim.

Read more at threatpost.com

Samba bug can let remote attackers execute code as root

Samba has addressed a critical severity vulnerability that can let attackers gain remote code execution with root privileges on servers running vulnerable software. The vulnerability, tracked as CVE-2021-44142 and reported by Orange Tsai of DEVCORE, is an out-of-bounds heap read/write present in the vfs_fruit VFS module when parsing EA metadata when opening files in smbd.

Read more at bleepingcomputer.com

600K WordPress sites impacted by critical plugin RCE vulnerability

Essential Addons for Elementor, a popular WordPress plugin used in over a million sites, has been found to have a critical remote code execution (RCE) vulnerability in version 5.0.4 and older. The flaw allows an unauthenticated user to perform a local file inclusion attack, such as a PHP file, to execute code on the site.

Read more at bleepingcomputer.com

Unpatched Security Bugs in Medical Wearables Allow Patient Tracking, Data Theft

Analysts with Kaspersky Labs reported finding 33 vulnerabilities last year in the most widely used data transfer protocol for internet of things (IoT) medical devices, known as MQTT — that’s 10 more than the previous year. All of them put patient data at risk, the team warned. To put those numbers in perspective, the analysts at Kaspersky said only 90 vulnerabilities in MQTT have been reported since 2014. Worse yet, many of those bugs are still unpatched, they added.

Read more at threatpost.com

BRATA Android malware factory resets phones after stealing funds

A malware that was originally identified in 2019 has surfaced once again and this time it is equipped with additional features that can wipe out data from Android devices. the malware aims at stealing money from the victim’s bank account through apps installed on the device. If successful, it performs a factory reset to divert the victim’s attention. However, the victim ends up losing all the data on the phone.

Read more at hackread.com

British Council exposed more than 100,000 files with student records

More than 100,000 files with student records belonging to British Council were found exposed online. An unsecured Microsoft Azure blob discovered on the internet by a cybersecurity firm revealed student names, IDs, usernames and email addresses, and other personal information.

Read more at bleepingcomputer.com

Telco fined €9 million for hiding cyberattack impact from customers

The Greek data protection authority has imposed fines of 5,850,000 EUR ($6.55 million) to COSMOTE and 3,250,000 EUR ($3.65 million) to OTE, for leaking sensitive customer communication due to a cyberattack. As the agency says in an announcement, COSMOTE infringed at least eight articles of the GDPR, including violating its duty to inform affected customers of the true impact of the incident.

Read more at bleepingcomputer.com

This awesome image that looks like an eye was created by the visual artist Rus Khasanov.