Cybersecurity Weekly: Industrial VPN flaws, Zoom bug, New side-channel attacks

August 4, 2020 by Sam Fay

Industrial VPN flaws let attackers target critical infrastructures. A new Zoom bug allowed snoopers to crack private meeting passwords in minutes. A new attack leverages HTTP/2 for effective remote timing side-channel leaks. All this, and more, in this week’s edition of Cybersecurity Weekly.


1. Industrial VPN flaws let attackers target critical infrastructures

Cybersecurity researchers discovered critical vulnerabilities in industrial VPN implementations primarily used to provide remote access to operational technology networks. These flaws could allow hackers to overwrite data, execute malicious code and compromise industrial control systems.
Read more »


2. Zoom bug allowed snoopers to crack private meeting passwords in minutes

Zoom meetings are by default protected by a six-digit numeric password, but the lack of rate limiting enabled an attacker to attempt all 1 million passwords in a matter of minutes and gain access to other people’s private Zoom meetings. The company addressed this vulnerability by issuing a patch shortly after discovery.
Read more »


3. New attack leverages HTTP/2 for effective remote timing side-channel leaks

Security researchers outlined a new technique that renders a remote timing-based side-channel attack more effective regardless of the network congestion. The new method leverages multiplexing of network protocols and simultaneous execution by applications, thus making the attacks immune to network conditions.
Read more »


4. Office 365 phishing abuses Google Ads to bypass email filters

An Office 365 phishing campaign abused Google Ads to bypass secure email gateways, redirecting victims to phishing landing pages and stealing their Microsoft credentials. The domains used by Google’s Ads platform are overlooked by secure email gateways, which allows them to deliver their phishing messages to their targets’ inboxes bypassing email filters.
Read more »


5. KDE archive tool flaw let hackers take over Linux accounts

A vulnerability exists in the default KDE extraction utility—called ARK—that allows attackers to overwrite files or execute code on victim’s computers simply by tricking them into downloading an archive and extracting it. The flaw was reported to KDE in late July, and was quickly patched with a hotfix.
Read more »


6. Startups disclose data breaches after massive 386M records leak

Startups are beginning to disclose data breaches after a massive leak of stolen databases was published on a hacker forum this month. The threat actors announced that they released the databases for free to benefit the community and as they already made enough money from selling them in private sales.
Read more »


7. Hidden property abusing allows attacks on Node.js applications

A team of security researchers from the Georgia Institute of Technology found a way to exploit Node.js applications by manipulating the hidden properties used to track internal program states. The new tool, dubbed Lynx, will be released during the virtual Black Hat security conference.
Read more »


8. Business ID theft soars amid COVID closures

Identity thieves are having a field day with all of the closures and economic uncertainty brought on by the COVID-19 pandemic. With so many small enterprises going out of business or sitting dormant during the COVID-19 pandemic, organized fraud rings have an unusually rich pool of targets to choose from.
Read more »


9. Vermont taxpayers warned of data leak over the past three years

The Vermont Department of Taxes may have exposed taxpayer data that could be used in credential scams for more than three years due to a vulnerability in its online tax filing system. The department said it discovered the vulnerability — which could allow a threat actor to use a person’s credentials to access tax info — on July 2.
Read more »


10. Expert discloses details of five zero-day Tor flaws 

The security researcher published technical details about two zero-day Tor vulnerabilities over the past week and promised to release three more. Oppressive regimes could exploit these flaws to prevent users from accessing the popular anonymizing network. The expert confirmed that one of these issues can de-anonymize Tor servers revealing their real IP address.
Read more »

Posted: August 4, 2020
Sam Fay
View Profile