Last Week In Blockchain and CyberSecurity News - September 10, 2019

Critical Exim Flaw Opens Millions of Servers to Takeover

This week, researchers discovered a critical flaw which allows a remote attacker to take full control of millions of Exim servers. Exim is free software that serves as a mail transfer agent for various organizations. The researchers are urging admins and users to quickly upgrade their servers before a bad actor conducts any malicious activity.  

All Exim versions up to and including 4.92.1 are affected by the flaw (CVE-2019-15846) allowing a “local or remote attacker to execute arbitrary code with root privileges.” In other words, by exploiting this vulnerability, a cybercriminal can take full control over a server and execute any commands a typical administrator could do. The CVE was given a 9.8 out of 10 on the CVSS scale.  

The vulnerability exists due to an issue with how Exim servers handle various pieces of information during a TLS handshake. In an advisory on Friday, Tenable’s Ryan Seguin stated:

The Exim team has released version 4.92.2 to fix this vulnerability, and administrators are encouraged to upgrade as soon as possible.

According to the Exim team, no public exploit of the vulnerability has been discovered yet.

Read more here

Metasploit Releases Public BlueKeep Exploit Module

BlueKeep, a wormable remote code execution (RCE), is a vulnerability in the Remote Desktop Protocol (RDP) service throughout various Windows operating systems (XP, 2003, 7, Server 2008, and Windows Server 2008 R2). Exploiting this vulnerability can allow an “unauthenticated attacker to run arbitrary code remotely, launch denial of service attacks, and, in some cases, take full control of unpatched systems.”  

The recently announced exploit module was built using proof-of-concepts from Metasploit contributors zǝɹosum0x0 and Ryan Hanson. The module currently does not support automatic targeting and requires manual control to specify targets. It is aimed to exploit 64-bit versions of Windows 7 and Windows 2008 R2.  

You can find further detail into how Metasploit’s new BlueKeep exploit works in Cook's blog post and this Metasploit Framework pull request

Read more here

Telnet Backdoor Vulnerabilities Impact over a Million IoT Radio Devices

Telestar Digital GmbH Internet of Things (IoT) radio devices have been affected by critical vulnerabilities which allow cybercriminals to hijack systems remotely.  

Vulnerability-Lab researcher Benjamin Kunz revealed his firm's findings, which included CVE-2019-13473 and CVE-2019-13474. An investigation into the radio’s permitted the discovery of an undocumented Telnet service on Port 23, providing the opportunity for an individual to combine a port scan with ncrack to gain access into the system. 

Benjamin Kuntz and his team were able “to connect and brute-force the radio within only 10 minutes due to lax password security, granting them root access with full privileges.”  

By using this exploitation tactic, possible attacks vectors include: 

  • Changing device names 

  • Forcing a play stream 

  • Saving audio files as messages 

  • Transmitting audio commands both locally and remotely 

According to Kuntz, over a million devices may be at risk to these vulnerabilities.  

Get more information here

Wikipedia Suffers Intermittent Outages as a Result of a Malicious Attack

Wikipedia, the largest and most popular multilingual online encyclopedia, was hit with various rounds of distributed denial-of-service (DDoS) attacks in the past several days. The encyclopedia went down in several countries which the organization confirmed in a tweet on Friday.

The Wikimedia Foundation also confirmed the attack stating:

Today, Wikipedia was hit with a malicious attack that has taken it offline in several countries for intermittent periods. The attack is ongoing, and our Site Reliability Engineering team is working hard to stop it and restore access to the site. As one of the world’s most popular sites, Wikipedia sometimes attracts “bad faith” actors. Along with the rest of the web, we operate in an increasingly sophisticated and complex environment where threats are continuously evolving.

Many have condemned the attack, stating that the malicious actions threaten everyone’s fundamental rights to access and share information freely.

Read more here

Stellar to Airdrop Two Billion XLM Crypto Tokens Worth $120 Million

The Stellar Development Foundation announced a two billion XLM airdrop on Monday. The airdrop will be the largest in Stellar's history and is worth roughly $120 million. The airdrop is in collaboration with Keybase, a messaging service. Users will receive a portion of a 100 million XLM monthly airdrop over the next 20 months. 

According to CoinDesk, “All you have to do is have an authenticated Keybase account, and your XLM will appear in your wallet – automatically, every month, for as long as the airdrop continues.”  

Denelle Dixon, the Stellar Development Foundation CEO, states that the collaboration with Keybase is part of a broader adoption strategy. On Keybase, users can transfer the cryptocurrency to each other, including those who do not have a Keybase account.  

Read more here