Bear Security – Security News for Week of April 24th, 2021
These are the stories that relate to our careers, clients, and businesses in the cybersecurity world for the Week of April 24th, 2021. Watch this in video form over on YouTube, or you can listen on the go with the Bear Security podcast.
In Memorium…
Dan Kaminsky, a beloved contributor to the cybersecurity community has passed. His work, character, and contributions inspired many and will not be forgotten.
The University of Minnesota Loses Ability to Contribute to Linux
The University of Minnesota got a wake-up call after a Linux kernel maintainer banned the University from contributing to Linux. This came after two students, Qiushi Wu and Kangjie Lu performed research that targeted the Linux Kernel team to see whether or not they could stealthily introduce vulnerabilities into the kernel. This paper was then published during the 42nd IEEE Symposium on Security and Privacy. The maintainers of the kernel felt the student’s behavior in misleading and social engineering the volunteers who maintain the kernel, for the sake of a research paper, was bad faith.
While certainly open source security is an important topic, attempting to introduce vulnerabilities into a production open-source product could have untold consequences and this behavior harms the trust and integrity of both higher education and cybersecurity. There are other methods to conduct such research, and better work needs to be done to consider the transient impact to subjects, instead of assuming there’s no human impact if there is no human research subject. IEEE has not said whether or not they are reconsidering the publishing of the paper as of this story.
Read the details on the Kernel list: https://lore.kernel.org/lkml/20210421130105.1226686-1-gregkh@linuxfoundation.org/
Read the University of Minnesota’s Statement: https://cse.umn.edu/cs/statement-cse-linux-kernel-research-april-21-2021
Three WordPress Plugin Vulnerabilities to Look Out For
If you use Kaswara Modern WPBakery Page Builder, you should remove the plugin immediately. A zero-day vulnerability in the plugin allows unauthenticated users to upload PHP files that can later be used to perform remote code execution. Since the plugin is considered no longer updated, there is no fix for it. An estimated 10,000 WordPress installs are using this plugin according to Wordfence.com.
More details at: https://www.wordfence.com/blog/2021/04/psa-remove-kaswara-modern-wpbakery-page-builder-addons-plugin-immediately/
For those who use Redirection for Contact Form 7, which is estimated to be over 200,000 WordPress sites according to Wordfence.com, has a flaw that allows attackers to perform three different types of attacks. Two of which allow modification or remote code execution. A patch for this was actually released back on February 13th by the developer, so if you haven’t updated since before that date, go do so now.
More details at: https://www.wordfence.com/blog/2021/04/severe-vulnerabilities-patched-in-redirection-for-contact-form-7-plugin/
Lastly, the N5 Upload Form WordPress Plugin through version 1.0 suffers from an arbitrary file upload issue that allows any file to be uploaded which would allow attackers the ability to perform remote code execution or other modifications.
More details at: https://nvd.nist.gov/vuln/detail/CVE-2021-24223
Apple Supplier Hit with $50 Million Ransomware Demand
Tech Republic is reporting that the ransomware group known as REvil claimed to have stolen blueprints for Apple’s latest product from their supplier Quanta Computer Inc. Quanta currently makes Macbooks along with hardware for companies like HP, Facebook, and Google. According to Bloomberg, the group had posted plans for a new laptop including images for what looks to be a Macbook by the time the Apple online event ended on Tuesday.
This again serves as a reminder that your security is only as good as the weakest link in your supply chain, and we can expect to see more of these kinds of attacks through 2021 and beyond.
More details at: https://www.techrepublic.com/article/apple-supplier-quanta-hit-with-50-million-ransomware-attack-from-revil/
Supply Chain Attack Hits Software Auditing Vendor, Codecov
Reuters is reporting that malicious actors who tampered with a software development tool from Codecov, may have used that program to gain restricted access to hundreds of networks belonging to Codecov’s customers. Investigators say that attackers used automation to rapidly copy credentials that were commonly given by developers for the tool to perform its tests. Though determining the extent of the breach continues to be ongoing with some concerned that this may be similar in scale to the attack on SolarWinds.
More details at: https://www.reuters.com/technology/codecov-hackers-breached-hundreds-restricted-customer-sites-sources-2021-04-19/
Mitre Corporation Says Vendors Improving in Spotting Malicious Execution Techniques
SC Magazine is reporting that the Mitre Corporation released the results of their evaluation of 29 vendors to see how their products were able to detect or block known Mitre ATT&CK techniques associated with financially motivated cybercriminal groups. The results appear to show that cybersecurity enterprise solutions are improving in detecting malicious activity conducted through APIs and Windows Management Instrumentation tools, but still, have room for improvement in terms of identifying and stopping defense evasion. You can read more at the links below.
More details at: https://www.scmagazine.com/home/security-news/malware/vendors-are-getting-better-at-spotting-malicious-execution-techniques/
Results from Mitre: https://attackevals.mitre-engenuity.org/enterprise/carbanak_fin7/
An Update on the EC-Council Story
As you may remember from our first episode 2 weeks ago, the EC-Council found themselves in sharp criticism after a poll with sexist results was posted on LinkedIn, intended to promote a webinar that was focused on women in Cybersecurity. Initially, their response was less than stellar and included them blocking women who had criticized the organization. On Friday, the EC-Council introduced a dedicated page outlining their efforts to do better in the wake of the situation. They also intend to be transparent about their efforts and aim to provide quarterly updates on their progress.
We will continue to watch the progress of the EC-Council and report it to you all. You can view the page they posted along with their short-term and long-term goals here:
https://www.eccouncil.org/diversity/
Lastly, The Pandemic Career Shift
CNBC After Hours recently reported that 1 in 4 employees are looking to change their job as the pandemic comes to an end. Answer our poll over on Twitter and give us your thoughts. Are you planning on changing? Let us know over on Twitter.
That’s all for this week’s security news. Come back every Saturday for the next rendition or check it out over on YouTube or on podcast. Have a good week everyone!
