May 18, 2020
David Redekop

This Week In Nerd News – May 18, 2020

Your weekly top 5 technical and security issues Nerds should pay attention to:

FBI, DHS to go public with suspected North Korean hacking tools.

This details activity from Hidden Cobra hackers and will benefit blue teams and defenders everywhere.

The FBI and the Department of Homeland Security are preparing to jointly expose North Korean government-backed hacking this week, CyberScoop has learned.

Threat data meant to help companies fend off hackers has already been shared with the private sector in an effort to boost cyber-defenses in critical infrastructure sectors.

 

Read More: FBI, DHS to go public with suspected North Korean hacking tools

 

Security Flaws in Adobe Acrobat Reader Allow Malicious Program to Gain Root on macOS Silently.

Stick to macOS Preview, if possible, for all PDF views and edits.

Today, Adobe Acrobat Reader DC for macOS patched three critical vulnerabilities(CVE-2020-9615, CVE-2020-9614, CVE-2020-9613) I reported. The only requirement needed to trigger the vulnerabilities is that Adobe Acrobat Reader DC has been installed. A normal user on macOS(with SIP enabled) can locally exploit this vulnerabilities chain to elevate privilege to the ROOT without a user being aware. In this blog, I will analyze the details of vulnerabilities and show how to exploit them.

 

Read More: Security Flaws in Adobe Acrobat Reader Allow Malicious Program to Gain Root on macOS Silently 

 

Zerodium will not be accepting any new iOS exploits for now.

Even “Prices for iOS one-click chains (e.g. via Safari) without persistence will likely drop in the near future.” This is not a good trend for iOS security perception/reality. Time to look for additional defensive layers.

A company that pays hackers to submit serious security vulnerabilities says it’s made aware of so many flaws in various Apple operating systems that it will temporarily stop acquiring new attack techniques.

In a tweet Wednesday, Zerodium said it will stop accepting Apple iOS bugs that lead to “local privilege escalation,” which attackers use to dig deeper into an infected device, remote code execution bugs in the the company’s Safari web browser, or “sandbox escape” tools, which enable attackers to move from an app to other areas of a device.

 

Read More: Zero-day broker: Stop sending us Apple bugs, we have enough already

 

Thunderspy: What it is, why it’s not scary, and what to do about it. Still worth being aware.

Steve Gibson also covered it on SecurityNow! Episode 766.

There’s a new attack that uses off-the-shelf equipment to take full control of a PC—even when locked—if a hacker gets just a few minutes alone with it. The vector is a familiar one: the Thunderbolt ultrafast interface connects graphics cards, storage systems, and other peripherals to millions of computers.

The hack, which took years to develop, is elegant. Its adept mix of cryptanalysis, reverse engineering, and exploit development punches a major hole in defenses that Thunderbolt creator Intel spent considerable time and resources to erect. Ultimately, though, the technique is an incremental advance in an attack that has existed for more than a decade. While the weakness it exploits is real and should be closed, the vast majority of people—think 99 percent—shouldn’t worry about it. More about that later. For now, here are the bare-bones details.

 

Read More: Thunderspy: What it is, why it’s not scary, and what to do about it

 

Ransomware Hit ATM Giant Diebold Nixdorf.

The company says the hackers never touched its ATMs or customer networks, and that the intrusion only affected its corporate network.

Diebold Nixdorf, a major provider of automatic teller machines (ATMs) and payment technology to banks and retailers, recently suffered a ransomware attack that disrupted some operations. The company says the hackers never touched its ATMs or customer networks, and that the intrusion only affected its corporate network.

 

Read More: Ransomware Hit ATM Giant Diebold Nixdorf

 

Did you know?

Windows 10 quietly got a built-in network sniffer called pktmon (auto-correct wants me to know they meant to call it Pokemon). In Linux and macOS we’ve had tcpdump for a while, but Pokemon will replace wireshark for many use cases now.

Need an IT professional? Request service today.