Cyware Daily Threat Intelligence, November 11, 2020

Share Blog Post

Another new side-channel attack impacting Intel CPUs has come to light in the last 24 hours. Termed as Platypus, the attack can enable threat actors to retrieve encryption keys from an Intel SGX enclave that is designed to protect data even if an operating system is compromised. The chipmaker has released microcode updates to block the attack, along with patches for 40 other vulnerabilities in November’s Patch Tuesday edition.

In related Patch Tuesday news, Microsoft has published updates for 112 security bugs affecting a wide range of products. One of these is a zero-day vulnerability that is being exploited in the wild, while twenty-four of them arise due to remote code execution issues.

Top Breaches Reported in the Last 24 Hours

Network access on sale
Access to Pakistan International Airlines’ network is being offered for sale on dark web forums, according to researchers. Admin access to the airline is sold at a price of $4,000. Other information on sale includes full names, phone numbers, and passports.

New extortion methods
The Ragnar Locker ransomware gang has started running Facebook ads in an attempt to extort victims. The first target of the new extortion scheme is the Campari Group from whom the gang stole 2TB of files before encrypting their network. To recover their files, the hackers have demanded a ransom of $15 million.

Online e-commerce sites hacked
Over 2,800 online sites running an outdated version of the Magento platform were targeted as a part of the Cardbleed attack. Attackers injected e-skimmers on shopping websites to steal the credit card details of customers.

COVID-KAYA app leaks data
Multiple flaws in the Philippines’ COVID-KAYA app led to the leak of data of workers and potential patients. One of the flaws resides in the app’s authentication logic.

Top Vulnerabilities Reported in the Last 24 Hours

New Platypus attack
Researchers have demonstrated new side-channel vulnerabilities called Platypus that can allow attackers to steal sensitive data from Intel CPUs. Platypus, short name for Power Leakage Attacks: Targeting Your Protected User Secrets, targets the RAPL (Running Average Power Limit) interface of Intel processors. The flaws are tracked as CVE-2020-8695, CVE-2020-8696, and CVE-2020-8698.

Microsoft fixes 112 flaws
Microsoft has rolled out security patches of 112 security bugs for a wide range of products. Twenty four of these are remote code execution flaws. The patches also include a fix for a Windows zero-day vulnerability, tracked as CVE-2020-17087, which was found to be exploited in the wild.

Intel released 40 advisories
Intel has released 40 security advisories for different vulnerabilities affecting its Active Management Technology (AMT), Wireless Bluetooth, and NUC products. One critical-severity flaw (CVE-2020-8752), which exists in Intel AMT and Intel Standard Manageability (ISM), scores 9.4 out of 10 on the CVSS scale. Another critical-severity flaw (CVE-2020-12321) exists in some Intel Wireless Bluetooth products and has a CVSS score of 9.6.

Adobe issues advisories
This month, Adobe has issued patches for several vulnerabilities found in Connect and Reader Mobile. Two of these vulnerabilities - CVE-2020-24442 and CVE-2020-24443 - are related to a reflected cross-site scripting  (XSS) issue and classified as ‘Important’ on the CVSS scale.

 Tags

remote code execution issue
platypus attack
zero day vulnerability
ragnar locker ransomware
magento platform

Posted on: November 11, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!