September 2020: Cybersecurity Roundup
This past month in cybersecurity:
- Space Policy Directive-5 Cybersecurity Principles for Space Systems
- Zerologon Windows Vulnerability
- Woman Dies During a Ransomware Attack on a German Hospital
- New Bluetooth Vulnerability aka BLURtooth
- #Instagram_RCE Code Execution Vulnerability in iOS/Android App
Space Policy Directive-5 Cybersecurity Principles for Space Systems
President Trump signed Space Policy Directive-5 (SPD-5), which establishes security principles to protect US space systems.
SPD-5 requires that certain cybersecurity practices are enforced at each stage when space-systems are being developed. It also requires that the people who develop and control these systems are vetted to ensure they aren’t a risk.
It does not appear that SPD-5 was created in response to any threat in particular, but instead an update to previous cybersecurity efforts over the last several years.
Zerologon Windows Vulnerability
Hackers may have developed an effective exploit to the Microsoft Zerologon vulnerability (CVE-2020-1472), allowing privilege escalation in the Netlogon Remote Protocol. Netlogon is an authentication component in Microsoft Active Directory. This is an especially nasty vulnerability because it can allow an unauthenticated attacker to gain more or less full control of the domain controller (and effectively the entire domain). Fortunately, most domain controllers are not reachable over the Internet, which increases the difficulty of exploiting this vulnerability.
A patch was released by Microsoft several weeks ago, and companies affected by this issue should patch their systems immediately.
Woman Dies During a Ransomware Attack on a German Hospital
A woman was turned away from a hospital emergency room in Germany because their computer system was locked down in a ransomware attack. She was sent to a healthcare facility 20 miles away but died because she could not get the care she needed quickly enough.
The attackers mounting the ransomware attack believed they were targeting a nearby university.
New Bluetooth Vulnerability aka BLURtooth
A new Bluetooth vulnerability allows man-in-the-middle attacks, which could let well-positioned attackers read sensitive data. Bluetooth versions before 5.1 are vulnerable.
There is currently no patch and no definitive timeline for when a patch will be released. When a patch is released, it will likely be in the form of an operating system or firmware upgrade for Bluetooth enabled devices.
#Instagram_RCE Code Execution Vulnerability in iOS/Android App
Check Point cybersecurity privately disclosed a vulnerability in Instagram that would allow an attacker to access any resource on an Android/iOS phone that is permitted by the Instagram app. This includes contacts, GPS, camera, and other locally stored files.
To trigger the exploit, a victim would simply need to save a crafted image to their phone and then open the Instagram app.
The vulnerability was caused by the misuse of Mozilla’s Mozjpeg library to handle file uploads.
That’s All, Folks
Thanks for reading! We’ll be back next month with a quick roundup of topics we found interesting.
Did we miss a super important story? Let us know! We’ll do better next time.