Cyware Daily Threat Intelligence, September 14, 2020

Share Blog post

A new day and a new set of attack techniques discovered by cybersecurity experts. The newly discovered attacks are BlindSide and Zerologon. While BlindSide attack uses speculative execution to bypass Address Space Layout Randomization (ASLR) on modern operating systems, the new Zerologon attack arises due to a privilege escalation flaw existing in the Netlogon service in Windows Server.

Moreover, researchers have found that there are roughly 10,000 mobile servers that are still exposed to attacks due to potential vulnerabilities in MobileIron’s Mobile Device Management (MDM) solutions. Patches for these flaws have already been made available by the vendor.

Top Breaches Reported in the Last 24 Hours

Artech Information Systems attacked
Artech Information Systems has disclosed a data breach that resulted in the compromise of the personal, financial, and health records of some of its clients. The incident had occurred in January, following an attack by REVil ransomware. Post-attack, the firm had urged its clients to monitor their bank statements for suspicious activity.

DBS hit
The Development Bank of Seychelles (DBS) became the latest victim of a ransomware attack. The nature of the attack and the volume of data compromised in the incident is not known. The Central Bank of Seychelles is currently investigating the matter.

Leaky Elasticsearch database
A leaky Elasticsearch database containing more than 882 GB log files of over 70 dating and e-commerce sites was taken offline on September 3. The leaked data included personal details of hundreds of thousands of users.

Top Vulnerabilities Reported in the Last 24 Hours

New BlindSide attack
A new attack technique, called BlindSide, can be launched against computers by abusing speculative execution. Detailed in a paper by a team of academics, the attack can also be used to craft exploits that bypass Address Space Layout Randomization (ASLR) on modern operating systems. 

Zerologon attack
Administrators of Windows Servers have been advised to install patches to protect their systems from the Zerologon attack that exploits CVE-2020-1472. The flaw is an elevation of privilege that resides in the Netlogon service. The flaw can be exploited by running a specially-crafted application on a device on the network. 

Vulnerable MobileIron 
Several potential vulnerabilities affecting MobileIron’s Mobile Device Management (MDM) solutions can still be exploited to target around 10,000 mobile servers via remote attacks. Some of these flaws are tracked as CVE-2020-15505, CVE-2020-15507, and CVE-2020-15506. Patches for these vulnerabilities had been released in June 2020. 

INVDoS bug
An INVDoS bug in Bitcoin can allow attackers to crash Bitcoin nodes and other similar blockchains. Technical details of the flaw, kept under wraps for the past two years, were published earlier this week after researchers found an older version of the Bitcoin code that had not been patched yet. Assigned with CVE-2018-17145, the bug impacts Bitcoin nodes running the Bitcoin Core, Bcoin, and Btcd software. Other cryptocurrencies such as Litecoin and Namecoin are also impacted by the flaw.

 Tags

blindside attack
artech information systems
zerologon attack
development bank of seychelles dbs

Posted on: September 14, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!