Bumble Leaves Swipes Unsecured for 100M Users, Capcom confirms data breach, Citrix SD-WAN Bugs Allow Remote Code Execution, and more

Originally published at: https://cloudsek.com/threatintel/bumble-leaves-swipes-unsecured-for-100m-users-capcom-confirms-data-breach-citrix-sd-wan-bugs-allow-remote-code-execution-and-more/

Round Up of Major Breaches and Scams

Dating Site Bumble Leaves Swipes Unsecured for 100M Users

An API bug exposed personal information of users like political leanings, astrological signs, education, and even height and weight, and their distance away in miles. After taking a closer look at the code for popular dating site and app Bumble, where women typically initiate the conversation, Independent Security Evaluators researcher Sanjana Sarda found concerning API vulnerabilities. These not only allowed her to bypass paying for Bumble Boost premium services, but she also was able to access personal information for the platform’s entire user base of nearly 100 million.

Capcom confirms data breach after gamers’ data stolen in cyberattack

Japanese game giant Capcom has announced a data breach after confirming that attackers stole sensitive customer and employee information during a recent ransomware attack. Capcom is the developer of well-known game franchises, including Street Fighter, Resident Evil, Ghosts and Goblins, Devil May Cry, and Mega Man.

Round Up of Major Malware and Ransomware Incidents

Attackers Target Porn Site Goers in Malsmoke Zloader Attack

Cybercriminals are tricking adult website visitors including sites such as bravoporn[.]com and hamster[.]com in malvertising attacks that redirect victims to malicious websites serving up malware. The campaign, which is part of a larger malvertising effort dubbed malsmoke, has been tracked throughout 2020.

Round Up of Major Vulnerabilities and Patches

Citrix SD-WAN Bugs Allow Remote Code Execution

Three bugs in the Citrix SD-WAN Center would allow remote code-execution and network takeover, according to researchers. The flaws affect the Citrix SD-WAN Center (in versions before 11.2.2, 11.1.2b and 10.2.8). They consist of an unauthenticated path traversal and shell injection problem in stop_ping (CVE-2020-8271); a ConfigEditor authentication bypass (CVE-2020-8272); and a CreateAzureDeployment shell injection issue (CVE-2020-8273). Severity scores have not yet been issued.

Windows Kerberos authentication breaks due to security updates

Microsoft is investigating a new known issue causing enterprise domain controllers to experience Kerberos authentication problems after installing security updates released to address CVE-2020-17049 during this month’s Patch Tuesday, on November 10. Kerberos replaced the NTLM protocol to be the default authentication protocol for domain connected devices on all Windows versions above Windows 2000.

VoltPillager: New Hardware-Based Voltage Manipulation Attack Against Intel SGX

A group of researchers from the University of Birmingham has devised a new attack that can break the confidentiality and integrity of Intel Software Guard Extensions (SGX) enclaves through controlling the CPU core voltage. The attack relies on VoltPillager, a low-cost tool for injecting messages on the Serial Voltage Identification bus between the CPU and the voltage regulator on the motherboard, and can be used to fault security-critical operations.

1 Like