Page 13 - Threat Intelligence 11-15-2019
P. 13

Internal Threats












        This may shock you but Adobe is shipping insecure software. No, it's not Flash this time. Nope, not Acrobat,
        either. It has been revealed that Adobe's Experience Platform mobile SDKs, used to create apps that interact
        with the company's cloud services, until recently contained sample configuration files that created insecure
        default settings. Developers creating apps that utilize those files as templates or examples could find that their
        apps have been sending data over the network without SSL protection, making it vulnerable to interception
        and alteration.

                Source: https://www.theregister.co.uk/2019/11/07/adobe_sdks_flawed/



        Newer Intel CPUs Vulnerable to Variant 2 of ZombieLoad Attack. In May, a team of researchers, including
        experts who brought to light the existence of speculative execution side-channel vulnerabilities such as
        Meltdown and Spectre, disclosed several new flaws affecting Intel processors. These new attack methods rely
        on Microarchitectural Data Sampling (MDS) vulnerabilities and they have been dubbed ZombieLoad, RIDL and
        Fallout. The MDS vulnerabilities can be exploited by a malicious application to obtain potentially sensitive
        information from other apps, the operating system, and virtual machines. The attacks work against both PCs
        and cloud environments, and they can be leveraged to obtain information such as passwords, website content,
        disk encryption keys and browser history.

                Source:  https://www.securityweek.com/newer-intel-cpus-vulnerable-variant-2-zombieload-attack



        Intel Driver Vulnerability Can Give Attackers Deep Access to a Device. Eclypsium revealed in August that its
        researchers had identified serious vulnerabilities in more than 40 device drivers from 20 vendors, including
        AMI, ASRock, ASUS, ATI, Biostar, EVGA, Getac, Gigabyte, Huawei, Insyde, Intel, MSI, NVIDIA, Phoenix
        Technologies, Realtek, SuperMicro and Toshiba. The flaws uncovered by the company can be exploited by a
        piece of malware to escalate privileges to kernel mode, allowing it to gain control over both the operating
        system and hardware and firmware interfaces. Of all the vendors notified by Eclypsium until August, only Intel
        and Huawei released patches and advisories, and Phoenix and Insyde provided fixes to their OEM customers.
                Source: https://www.securityweek.com/intel-driver-vulnerability-can-give-attackers-deep-access-
                device



        McAfee - All Editions (MTP, AVP, MIS) - Self-Defense Bypass and Potential Usages (CVE-2019-3648).
        SafeBreach Labs discovered a new vulnerability in all the editions of McAfee Antivirus software. Note: In order
        to exploit this vulnerability the attacker needs to have Administrator privileges. The vulnerability gives
        attackers the ability to load and execute malicious payloads using multiple signed services, within the context
        of McAfee’s signed processes. This ability might be abused by an attacker for different purposes such as
        execution and evasion, for example: Application Whitelisting Bypass. The antivirus might not detect the
        attacker’s binary, because it tries to load it without any verification against it.

                Source:  https://safebreach.com/Post/McAfee-All-Editions-MTP-AVP-MIS-Self-Defense-Bypass-and-
                Potential-Usages-CVE-2019-3648


                                                    www.accumepartners.com
                                                                                                                    11
   8   9   10   11   12   13   14   15   16   17   18