10-year old sudo bug patched
A bug in the popular Linux utility was patched after being discovered by security researchers at Qualys two weeks ago. The bug, known as Baron Samedit, would allow attackers who had gained access to a low-privileged account to gain root access even if not listed in the app’s config file. This was part of three total vulnerabilities in sudo disclosed by the researchers, but Baron Samedit was considered the most dangerous as it could easily be weaponized in the real world with brute force account hacks. The bug impacts almost all sudo installs, and was introduced into the app’s code in July 2011.
(ZDNet)
Mass Emotet uninstall planned for March 25th
ZDNet’s sources say law enforcement officials in the Netherlands are in the process of delivering an Emotet update that will remove the malware from all infected computers on March 25, 2021. This is possible after law enforcement across 8 countries coordinated against Emotet infrastructure, seizing servers and arresting individuals tied to the massive botnet. Two Emotet C2 servers were located with the Netherlands, which officials are using to distribute the uninstall update. Security researchers say this will effectively reset Emotet, but that companies should do any investigations into Emotet infections now, as after the uninstall it will be understandably more difficult.
(ZDNet)
Microsoft’s security business exceeds $10 billion in revenue
The company said over the past 12-months its seen security revenue increase 40% on the year. Over the past year, the company reports that 2.5 billion daily cloud-based detections blocked nearly 6 million endpoint threats. Meanwhile Microsoft Defender blocked more than 30 billion emailed threats, and more than 30 billion authentications were processed daily across 425 million people using Azure Active Directory. In its earnings report, Microsoft also revealed that 90 of the Fortune 100 use at least four of Microsoft’s security, compliance, identity, and management tools. The company also announced that Azure Security Center now supports viewing security notifications across the major public clouds, and announced the general availability of Azure Defender for IoT.
Apple patches three zero-day iOS exploits
The patches were delivered as part of iOS 14.4. One zero-day was described as a race condition kernel bug that allows for privilege escalation, while the other two logic issues in WebKit that would let attackers execute arbitrary code in Safari. Some security researchers believe these were part of an exploit chain, but Apple provided no further details in its security disclosure. These come after Apple recently patch three iOS zero-days in November, discovered by Google’s security teams.
(ZDNet)
And now our sponsor Nucleus Security brings you “The Top 5 Antipatterns in Vulnerability Management”:
Iran blocks Signal
Following reports of Iranian users having issues connecting to the messaging app Signal, the app’s Twitter account claimed Iranian officials ” are now dropping all Signal traffic” in the country. This comes after the app was removed from local app stores Cafe Bazaar and Myket on January 14th. A spokesperson for Iran’s judiciary ministry denied blocking the service. Signal was previously blocked in the country intermittently between 2016 and 2017. WhatsApp and Instagram remain the only leading unblocked foreign social media platforms in Iran.
Reddit stock traders cause outages for online trading apps
Earlier this week we reported on potential hacking allegations involving stock traders on Reddit squeezing hedge fund short sellers. The intensity of trading around the GameStop stock and other subreddit favorites like AMC Entertainment have seen site and app disruptions on most of the major trading platforms, withRobinhood Markets, E*Trade, Fidelity, and Charles Schwab reporting issues. TD Ameritrade went so far as to limit transactions on some of the stock, citing “an abundance of caution amid unprecedented market conditions.”
Netwalker dark web sites seized by law enforcement
The seizure was carried out by law enforcement in the USA and Bulgaria, targeting sites used by Netwalker’s ransomware-as-a-service operation for Tor payments and data leaks. The FBI has not released further details about the actions, so its unclear if law enforcement was able to retrieve decryption keys as part of this operation or if arrests have been made. Netwalker has been running its ransomware operation since at least late 2019.
Most security professionals don’t feel ready for a cyberattack
This finding comes from a survey done by the training company Cyberbit. The survey specifically looked at professionals in enterprise security operations centers, with 58% reporting they were confident with their technical cyber-defensive skills. However professionals felt much less confident in their network monitoring and intrusion detection skillsets, with just 42% and 45% respectively describing those skills as ready for a cyberattack. The survey also found respondents saying a lack of qualified candidates often led to on-the-job training for cybersecurity skills required for a position.
