Cybersecurity Weekly: Cisco VPN flaws, Chrome zero-day fix, new DDoS botnet

February 10, 2021 by Sam Fay

Critical flaws are reported in Cisco VPN routers for businesses. Google fixes Chrome zero-day actively exploited in the wild. The new Matryosh DDoS botnet has been targeting Android-based devices. All this, and more, in this week’s edition of Cybersecurity Weekly.


1. Critical flaws reported in Cisco VPN routers for businesses

Cisco rolled out fixes for multiple critical vulnerabilities in the web-based management interface of small business routers that could potentially allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. The flaws impact routers running a firmware release earlier than Release
Read more »

2. Google fixes Chrome zero-day actively exploited in the wild

Google addressed an actively exploited Chrome zero-day vulnerability in Windows, Mac and Linux operating systems. The zero-day is described as a heap buffer overflow bug in Google’s open-source WebAssembly and JavaScript engine. It can be exploited by attackers to execute arbitrary code on systems running vulnerable software.
Read more »


3. New Matryosh DDoS botnet targeting Android-based devices

A new malware campaign is co-opting Android devices into a botnet with the primary purpose of carrying out distributed denial-of-service attacks. The threat has been reusing the Mirai botnet framework and propagates through exposed Android Debug Bridge interfaces to infect Android devices and ensnare them into its network.
Read more »


4. Critical bugs found in Realtek Wi-Fi module for embedded devices

Major vulnerabilities have been discovered in the Realtek RTL8195A Wi-Fi module that could have been exploited to gain root access and take complete control of a device’s wireless communications. The flaws concern a mix of stack overflow and out-of-bounds reads that stem from the device’s authentication process.
Read more »

5. Eletrobras, Copel energy companies hit by ransomware attacks

Two major electric utilities companies in Brazil suffered ransomware attacks over the past week. Operations at the two plants are disconnected from the administrative network, for obvious security reasons, so the electricity supply to the National Interconnected System remained unaffected.
Read more »

6. Hackers steal StormShield firewall source code in data breach

StormShield disclosed that their systems were hacked, allowing a threat actor to access the company’s support ticket system and steal source code for Stormshield Network Security firewall software. The company’s investigations do not indicate that the source code has been modified.
Read more »

7. Hacking group used an IE zero-day against security researchers

Last month, Google disclosed that the hacking group known as Lazarus was conducting social engineering attacks against security researchers. To perform their attacks, the threat actors created elaborate online security researcher personas that would then use social media to contact well-known security researchers to collaborate on vulnerability and exploit development.
Read more »

8. Plex Media servers actively abused to amplify DDoS attacks

Plex Media Server systems are actively being abused by DDoS-for-hire services as a UDP reflection/amplification vector in distributed denial-of-service attacks. This junk traffic reflected onto victims’ servers is sourced from Simple Service Discovery Protocol probes sent by Plex through the G’Day Mate protocol for local network service discovery.
Read more »

9. Three more vulnerabilities found in SolarWinds products

Security researchers have discovered three more vulnerabilities in SolarWinds products, including a critical remote code execution bug. The most critical vulnerability relates to the legacy Microsoft Message Queue technology, which is set up on installation and could allow any remote unprivileged user to execute any arbitrary code with the highest privileges.
Read more »

10. Social media platforms target resellers of hacked accounts

Last week, Facebook, Instagram, TikTok and Twitter all took steps to crack down on users involved in trafficking hijacked user accounts across their platforms. The coordinated action seized hundreds of accounts the companies say have played a major role in facilitating the trade and often lucrative resale of compromised, highly sought-after usernames.
Read more »

Posted: February 10, 2021
Sam Fay
View Profile