RV Series Routers Command Injection Vulnerabilities
  • Advisory
  • August 5, 2020

These vulnerabilities is due to improper validation of user-supplied input to scripts of the web-based management interface. A malicious attacker possessing administrative privileges sufficient to log in to the web-based management interface can exploit each vulnerability by sending malicious requests to an affected device.

It is confirmed that the vulnerabilities affect the following Cisco Small Business routers and firmware;

  • RV016 Multi-WAN VPN: 4.2.3.10 and earlier
  • RV042 Dual WAN VPN: 4.2.3.10 and earlier
  • RV042G Dual Gigabit WAN VPN: 4.2.3.10 and earlier
  • RV082 Dual WAN VPN: 4.2.3.10 and earlier
  • RV320 Dual Gigabit WAN VPN: 1.5.1.05 and earlie
  • RV325 Dual Gigabit WAN VPN: 1.5.1.05 and earlier

ReVoLTE Networks Vulnerability
  • Advisory
  • August 27, 2020

ReVoLTE, is an attack that exploits an LTE(Long Term Evolution) implementation flaw(frequently utilization of similar encryption key) to eavesdrop the call between two people, and recover the contents of an encrypted VoLTE call, by using a downlink sniffer to observe and designate the targets calls for decryption of conversations. The threat actors perform this by connecting to the same base station the victim was using, then the attacker place a downlink sniffer to observe and designate the ‘targeted call’ that are produced by the victim as these calls need to be decrypted. Once the threat actors are done with the targeted calls, now the attacker will call the victim, after 10 seconds of the designation. This will then force the unprotected network into starting a new call between victim and attacker on the same base station that is used by the previous targeted call. The threats actors keeps the victim confused and keep them busy in talking while all their conversation is recorded in the plaintext which will help the threat actor to later compute the call.

Tecno Phones Vulnerability
  • Advisory
  • August 27, 2020

The malware arrives pre-installed on handsets that are bought in their millions by typically low-income households. The malware found on android smartphones installs malicious code known as xHelper which then finds subscription services and submits fraudulent requests on behalf of users, doing so invisibly and without the user’s knowledge. About 200,000 Tecno smartphones are affected even though this threat was only found on 53,000 phones. It was discovered that over 19.2 million suspicious transactions has been recorded since march 2019 from over 200,000 unique devices. The xHelper Trojan persists across reboots, app removals and even factory resets, making it extremely difficult to deal with.

ADVISORY ON SQL INJECTION VULNERABILITY AND OTHER BASIC NETWORK SECURITY MEASURES
  • Advisory
  • October 16, 2020

On 15th October, 2020, the database of a government agency was leaked online via Twitter and Pastebin by a hacker group called “Anonymous”. On accessing some of the database files, it was observed that, the attacker exploited an SQL Injection vulnerability by dumping the database records into a file.

Advisory on Intended Nationwide Cyber attack
  • Advisory
  • October 15, 2020

The antivirus giant gave an insight into a planned massive cyber-attacks by some hacking firms. The plan attacks likely targets are military, education, health care and diplomatic institution in Nigeria, South Africa and Kenya.

APT Compromise of Orion Platforms
  • Advisory
  • January 1, 2021

This vulnerability is known to affect SolarWinds Orion products (affected versions are 2019.4 through 2020.2.1 HF1) which are currently being exploited by malicious actors. This tactic permits an attacker to gain access to network traffic management systems and disconnecting affected devices. It started with a "dry run" in October 2019 when "innocuous code" was changed. Then sometime in March, the operators behind this attack did put malicious code into the supply chain, injected it in there and that is the backdoor that impacted everybody.