May 3, SecurityWeek – (International) Google patches 40 vulnerabilities in Android. Google released security updates for its Android operating system (OS) patching 40 vulnerabilities including a remote code execution (RCE) flaw in Mediaserver that could allow an attacker to execute code within the software, and a privilege escalation flaw in the Android debugger that could allow a malicious application to execute arbitrary code in Android debugger or kernel, among other patched flaws. Source
May 2, SecurityWeek – (International) Accellion patches flaws found during Facebook hack. The Computer Emergency Response Team (CERT) Coordination Center (CC) released an advisory addressing seven vulnerabilities in the Accellion File Transfer Appliance after a security consultant discovered one of the flaws could be leveraged to upload a web shell, which is a SQL injection, due to improper handling of data in the “client_id” parameter in “/home/seos/courier/security_key2.api.” Other vulnerabilities include three cross-site scripting (XSS) flaws and a number of local privilege escalation issues related to incorrect default permissions. Source
May 2, SecurityWeek – (International) Millions of credentials exposed by PwnedList flaw. A security researcher discovered a parameter tampering vulnerability in a new PwnedList service called Vendor Security Monitoring which could allow an attacker to add any desired domain through a flaw in the service’s two-step authentication process and submit arbitrary data by tampering with the request. An attacker with an active PwnedList account can exploit the flaw to add the domain of any major company to generate a list of all compromised email accounts. Source
May 2, SecurityWeek – (International) Compromised RDP Servers used in corporate ransomware attacks. Researchers from Fox-IT discovered that attackers could disseminate ransomware through a compromised remote desktop server by using brute force attacks to infiltrate a remote desktop server connected to the Internet and use privilege escalation methods to find domain administration status. Once an attacker infiltrates a system and gains administrative privileges, they can extract data, recruit into a botnet, deliver spam, and demand monetary funds from a compromised company. Source
Reprinted from the USDHS Daily Open Source Infrastructure Report