Weekly cyber news update.... part two


Wikipedia suffers intermittent issues following DoS attack

Wikipedia was sporadically inaccessible in Europe and the Middle East last weekend (Saturday 7th September) following a suspected denial of service (DoS) attack. The parent company, Wikimedia, confirmed that the site had been hit by a "malicious attack that has taken it offline in several countries for intermittent periods." From <https://www.ncsc.gov.uk/report/weekly-threat-report-13th-september-2019>  


More than a million Internet radios affected by backdoor vulnerability

The web radios "Dabman & Imperial" (series i & d) are distributed in Germany by Telestar Digital GmbH from Germany. At the same time the devices are traded via Ebay, Amazon by resellers in larger quantities. The end devices are offered internationally in large quantities and have e.g. a http Daemon web server, Web GUI, Wifi, or Bluetooth on board. The hardware of the terminals is equipped with Shenzen technology. The firmware is based on simple binaries and an embedded linux busy box from 2012 or 2014. https://www.vulnerability-db.com/?q=articles/2019/09/09/imperial-dabman-internet-radio-undocumented-telnetd-code-execution


Password managers are still a good idea….but Google Project Zero finds a clickjacking vulnerability

LastPass has fixed a security bug that potentially allowed malicious websites to obtain the username and passphrase inserted by the password manager on the previously visited site.

In other words, if you visited website A, and LastPass automatically injected a username and password for you to log in, and then you surfed to website B, the latter could access the password issued to website A. The password manager's Chrome and Opera extensions were vulnerable, specifically. bug report.

Users and admins are advised to make sure they have updated to the latest version of LastPass (4.33.0 or later) to make sure the vulnerability is patched. ®

From <https://www.theregister.co.uk/2019/09/16/lastpass_vulnerability/


Cryptocurrency-mining services exploiting Linux Skidmap Malware:

Trend Micro has observed that cybercriminals increasingly explored new platforms and ways to further cash in on their malware.  These include growing threats to mobile devices and Unix and Unix-like systems to servers and cloud environments.

Skidmap, a Linux malware, recently uncovered by Trend Micro, demonstrates the increasing complexity of recent cryptocurrency-mining threats. This malware is notable because of the way it loads malicious kernel modules to keep its cryptocurrency mining operations under the radar.  These kernel-mode rootkits are difficult to detect attackers can also use them to gain unfettered access to the affected system. From <https://blog.trendmicro.com/trendlabs-security-intelligence/skidmap-linux-malware-uses-rootkit-capabilities-to-hide-cryptocurrency-mining-payload/