Last Week In Blockchain and CyberSecurity News - August 6, 2019

Six New Dragonblood Vulnerabilities Found in WiFi WPA3 Standard

The relatively new WPA3 WIFI security and authentication standard has been impacted by Dragonblood vulnerabilities similar to ones it experienced earlier this year. Last week, security researchers disclosed two new bugs impacting the standard. The two researchers, Mathy Vanhoef and Eyal Ronen, stated that the bugs derive from the WiFi Alliance-developed security recommendations for equipment vendors against the original Dragonblood vulnerabilities.  

Like the Dragonblood vulnerabilities found several months ago, the new vulnerabilities, if exploited, could allow “attackers to leak information from WPA3 cryptographic operations and brute-force a WiFi network's password.” The first vulnerability, CVE-2019-13377, impacts the WPA3’s Dragonfly handshake when using Brainpool curves, and the second vulnerability, CVE-2019-13456, impacts the EAP-pwd implementation that is utilized by numerous vendors.    

Read more here

Critical Zero-Day Vulnerabilities Discovered in VxWorks RTOS, Billions of Devices at Risk

Security experts at Armis Labs have discovered multiple zero-day vulnerabilities in the VxWorks real-time operating system (RTOS) used to power critical embedded devices. The collection of bugs has been titled URGENT/11. URGENT/11 contains 11 flaws, six of which are classified as critical in severity. The critical flaws can be exploited to achieve remote code execution (RCE), while the less severe ones lead to logical flaws or denial of service attacks.  

VxWorks currently powers over two billion devices in multiple sectors such as automotive, healthcare, and the defense industries. Researchers state an unauthenticated, remote attacker can exploit the vulnerabilities “by sending a specially crafted TCP packet to a vulnerable device without requiring any user interaction.” Those impacted by the vulnerability have been notified and were instructed to take various mitigation actions or install the latest patches. 

According to Security Affairs,  

The critical Remote Code Execution vulnerabilities are: 

  • A Stack overflow issue in the parsing of IPv4 options (CVE-2019-12256) 

  • Four memory corruption vulnerabilities caused by the improper handling of TCP’s Urgent Pointer field (CVE-2019-12255, CVE-2019-12260, CVE-2019-12261, CVE-2019-12263) 

  • Heap overflow in DHCP Offer/ACK parsing in ipdhcpc (CVE-2019-12257) 

The remaining issues are: 

  • TCP connection DoS via malformed TCP options (CVE-2019-12258) 

  • Handling of unsolicited Reverse ARP replies (Logical Flaw) (CVE-2019-12262) 

  • Logical flaw in IPv4 assignment by the ipdhcpc DHCP client (CVE-2019-12264) 

  • DoS via NULL dereference in IGMP parsing (CVE-2019-12259) 

  • IGMP Information leak via IGMPv3 specific membership report (CVE-2019-12265) 

Read more here

Cisco Pays out $8.6M in Damages over Faulty Government Software

Cisco has agreed to pay $8.6 million to settle a lawsuit that accused the company of knowingly selling unsecure surveillance equipment to U.S. federal, state, and government agencies. The chain of events that led up to the lawsuit began in 2008 when James Glenn, a Cisco subcontractor, was able to bypass various security protocols to take over the Cisco video surveillance software and gain access to any network to which the system was connected.  

Glenn notified Cisco immediately of the vulnerability; however, when he retested the exploit again in 2010, he discovered the software was still vulnerable. The lawsuit began in 2011 and marks the first time a company has paid out in a False Claims Act dispute over failing cybersecurity standards, according to an attorney involved in the case.  

Get more information here

New TrickBot Version Focuses on Microsoft's Windows Defender

The infamous TrickBot Trojan that attempts to steal online banking credentials, browser information, and other sensitive information saved on various PCs and browsers has now set its sights on preventing its detection and removal by disabling Windows Defender. The updated Trojan has developed 12 additional methods to target and disable Windows Defender and Microsoft Defender APT. The new tactics include utilizing Registry settings or the “Set-MpPreference PowerShell command to set Windows Defender preferences.”  

According to BleepingComputer, when a computer becomes infected with the Trojan, TrickBot performs the following steps: 

  • Adds policies to SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection for the following: 

  • DisableBehaviorMonitoring: Disables behavior monitoring in Windows Defender 

  • DisableOnAccessProtection: Disables scanning when you open a program or file 

  • DisableScanOnRealtimeEnable: Disables process scanning 

  • Configures the following Windows Defender preferences via PowerShell: 

  • DisableRealtimeMonitoring: Disables real time scanning 

  • DisableBehaviorMonitoring: Same as above, except as a Windows Defender preference 

  • DisableBlockAtFirstSeen: Disables Defender's Cloud Protection feature 

  • DisableIOAVProtection: Disables scans of downloaded files and attachments 

  • DisablePrivacyMode: Disables privacy mode so all users can see threat history 

  • DisableIntrusionPreventionSystem: Disables network protection for known vulnerability exploits 

  • DisableScriptScanning:  Disables the scanning of scripts 

  • SevereThreatDefaultAction: Sets the value to 6, which turns off automatic remediation for severe threats 

  • LowThreatDefaultAction: Sets the value to 6, which turns off automatic remediation for low threats 

  • ModerateThreatDefaultAction: Sets the value to 6, which turns off automatic remediation for moderate threats 

Trickbot developers are continually forming new tactics to improve successful infection and extraction of information.  As usual, it is recommended to have up-to-date antivirus and to practice proper cybersecurity hygiene when browsing the internet.  

Read more here

Walmart Seeks to Patent a Way to Use Digital Cryptocurrency

Walmart appears to be interested in increasing blockchain technology within the organization. According to a filing published Aug. 1 by the U.S. Patent and Trademark Office, Walmart is seeking to develop a cryptocurrency that could “allow for cheaper and faster transactions as well as loyalty features.” Walmart has already shown interest in adopting blockchain technology for its business by incorporating blockchain technology to track products along its supply chain. 

In the patent filed on Jan. 29, Walmart Apollo LLC stated they are attempting to patent a method for creating a coin that “runs and records transactions on a blockchain,” and also shows transaction information with customer purchase history. As companies become more familiar with blockchain technology, there is no doubt many will quickly utilize its benefits to their full potential.   

Read more here