SSD’s Security Disclosure weekly news recap — February 18th, 2021
This is SSD’s weekly security recap. In this weekly update, we discuss some of the latest trends and news in the cybersecurity world.
In this edition, we’ll talk about the CD Projekt attack, SIM swappers stealing cryptocurrency from celebrities, the Microsoft patch correcting zero-days and a CVE update that caught our eye.
CD Projekt Hack
This story has picked the interests of security researchers and gamers alike and even though the details are still unclear, there have been some inresting updates to this story.
First of all, after releasing their highly anticipated game, Cyberpunk 2077, CD Projekt Red have been hacked with the source code for some of their games being stolen. Luckily CD Projekt have announced they refuse to pay these attackers, which we all appreciate since paying ransom only enforces the idle of not negotiating with cyber attackers.
After this announcement, the attackers have announced they have sold this stolen data for an outrageous amount of 7 million dollars. This statement raised some suspicions with people estimating that the attacker just said that they’ve sold it because they failed in getting the ransom.
Finally, security researchers at EMSIsoft have estimated that the ransomware used in this incident was HelloKitty. This is due to an analysis of the ransom note “Naming Format” that seems to resemble the HelloKitty format.
This is still a developing story and will keep an eye for any further developments.
SIM Swappers Stealing Cryptocurrency
Europol arrested ten people belonging to a criminal network connected to a SIM-swapping attack resulting in 100 million dollars in cryptocurrency being stolen. This arrest was made after a 10-year investigation into sim swapping attacks. The victims of this attack included a few internet influencers, sports stars, and famous musicians.
The attackers gained access to the victims’ phones by persuading phone carriers into porting their victims’ cell services to a SIM card under their control. This allowed the attackers to gain access to incoming phone calls, text messages, and one-time verification codes that allowed them to steal money from victims’ personal accounts.
This is why Europol advises not to attach your phone number to online accounts in order to avoid becoming a victim of this kind of attack.
Microsoft Update Fixing Vulnerabilities
Microsoft corrected 56 vulnerabilities in a new update. These vulnerabilities have been found by Microsoft and have been singled out for patching since some of them have already been exploited in the wild. The vulnerabilities singled out in this update range from RCEs to privilege escalation and DoS.
Two critical RCE vulnerabilities (CVE-2021–24074, CVE-2021–24094) affect Microsoft’s TCP/IP implementations. These two vulnerabilities are difficult to execute but Microsoft believes they could be used for future DoS attacks which makes them high priority vulnerabilities to patch.
One DoS vulnerability that was patched (CVE-2021–24086) is not as critical as the two RCE’s but is much easier to execute so has also been put in a high priority.
Another high priority flaw is a Win32k Zero day vulnerability (CVE-2021–1732 ). This privilege escalation vulnerability in the Windows Win32k has been actively-exploited in the wild and allows attackers or malicious programs to elevate their privileges to administrative rights.
Microsoft has advised its user to apply these updates as soon as possible since some of the vulnerabilities in this update are already being exploited.
The Frycos Tweet
Before we discuss the tweet we need to delve into a little bit of history.
In January of last year, Microsoft released updates for Microsoft Exchange. These updates were supposed to fix a vulnerability that would allow an attacker to turn any stolen Exchange user account into a complete system compromise.
8 months later, Tom Sellers published a blog post reporting about CVE-2020–0688 that has shown that about 350,000 Exchange servers have not been updated against this vulnerability.
last Wednesday, a twitter user named @Frycos looked at the code of Microsoft Exchange 2007. After analyzing the code, @Frycos saw that a few XXE vulnerabilities that were supposed to be patched can still be exploited. @Frycos reported this in a tweet, saying that some of these XXE attacks still affect thousands of servers today.
Want to Be Part of the News?
At SSD, we help security researchers turn their skills in uncovering security vulnerabilities into a career. Designed by researchers, for researchers, SSD provides the fast response and support needed to get zero-day vulnerabilities and disclosures reported to vendors and to get researchers the compensation they deserve. We help researchers get to the bottom of vulnerabilities affecting major operating systems, software, or devices.
We are constantly publishing our findings, intended on educating our global security researcher’s community. You can find more vulnerabilities on our Advisories page. If you have findings of your own you can send us your findings here using our report template.
