The bug seems to be a design or a logic flaw, and not a technical vulnerability.

Here are the steps to reproduce this phenomenon.

1. Start a FaceTime Video call with any iPhone contact.
2. While your call is dialing, swipe up from the bottom of your iPhone screen and tap 'Add Person.'
3. You can add your own phone number in the 'Add Person' screen.
4. This will start a group FaceTime call including yourself and the person you first called, whose audio you will able to listen in even if he/she hasn't accepted the call yet.

Some have also reported that if the receiver decides to reject the call, the camera of the iPhone of the receiver will still be engaged.

Apple have since acknowledged the issue and will be rolling out a fix in an upcoming patch. iPhone users should update their iOS when the security patch is out to avoid future eavesdropping.

For now, a preventive measure is to disable FaceTime on iOS devices. This can be achieved by going into Settings -> FaceTime -> Disable FaceTime.

The exploit takes advantage of the CVE-2019-1653/CVE-2019-1652 vulnerabilities. The exploit code took advantage of a command injection flaw and a file disclosure flaw, which allows the dumping of plain text configuration file, which also includes password hashes to the webUI.

CVE-2019-1652—The flaw allows an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands on the system.

CVE-2019-1653—This flaw doesn't require any authentication to reach the router's web-based management portal, allowing attackers to retrieve sensitive information including the router's configuration file containing MD5 hashed credentials and diagnostic information.

Researchers from Bad Packets have also found at least 9657 Cisco routers worldwide that are still operating with the vulnerable firmware, and the majority of such routers are in the United States. The firm also shared a visualization of the vulnerable routers in 122 countries, with networks operated by 1619 unique internet service providers.

It is highly recommended that administrators of such routers should update their firmware immediately to prevent any security incident. An example of a failure to patch a critical vulnerability leading to a major data breach incident is the Equifax incident. The vulnerability exploited then was an Apache Struts vulnerability, and because it was not patched in time, attackers were able to gain a foothold and subsequently ex-filtrate sensitive data, leading to one of the biggest data breaches as we know today.

The distribution of the malware starts with a phishing campaign, where malware infected Microsoft Word Documents are being attached to the phishing mails. Once the infected word document is invoked, a series of Powershell modules is used to download additional scripts, and this is where the fileless malware is delivered to the system. The malware would proceed to ex-filtrate data, and the ransomware would proceed on its ransomware behavior.

What is a fileless malware? A fileless malware exists in the RAM of computers and uses common system tools to inject malicious code into normally safe and trusted processes. It differs from a traditional malware as it does not have a footprint on the disk, as it only exists in memory. Because it does not touch the disk, it is hard to detect and remove. However, such malware will not be persistent if it only exist in the RAM, since rebooting the machine would effectively clear the RAM.

The result of the malicious word document would lead to data leakage, and machines falling victim to a ransomware. It is strongly encouraged to not open a word document from an unknown source which requires macro functionalities, unless it is from a trusted source. Threat actors today are finding new ways to break in, and the human factor is always the weakest link.

Source:  https://www.carbonblack.com/2019/01/24/carbon-black-tau-threatsight-analysis-gandcrab-and-ursnif-campaign/

The report stated that 55% of the programs worldwide are out-of-date, and Adobe Shockwave is number one of the list, followed by VLC Media player, and Skype.

It was reported that among the Windows Operating Systems (OS) in use, Windows 7 was the most used OS, with a usage of 43% as compared to Windows 10 which has a usage of 40%. About 15% of the Windows 7 in use are not updated to Windows 7 Service Pack 1 (SP1), and these machines will be in danger of being targets for hackers to exploit vulnerabilities as support by Microsoft to versions of Windows 7 prior to SP1 has ended.  

It is important to keep programs and OS up to date to prevent the exploitation of known vulnerabilities. High profiles cases such as the Equifax Data Breach in 2017 and Maersk falling victim to ransomware have shown that the lack of scrutiny for security updates could lead to an IT and Business nightmare.

The trick? The attacker only needs to trick the iPhoneX user into opening a custom crafted web page using Safari!

As shown in the video, a flaw in Safari allows an attacker to use a well crafted malicious web content to execute arbitrary code on the victim device, and subsequently privilege access through a second vulnerability, and finally installing an application.

Fortunately, the researcher has chosen not to publish the exploit code in an attempt to prevent malicious attacks against Apple users. It is highly recommended for iPhone users to install the latest iOS update as soon as possible in light of this discovery.

Source: http://blogs.360.cn/post/IPC Voucher UaF Remote Jailbreak Stage 2 (EN).html

*For those non-Linux users, APT is software in Linux where it manages software installations and updates, just like Windows update manager.

The vulnerable versions of APT does not properly sanitize some of the parameters in the event of a HTTP redirect, therefore allowing a remote man-in-the-middle attacker to inject malicious content and the system would install the altered packages.

HTTP redirect is used in APT when fetching packages from the primary server fails, and the location of the next server is being used to fetch the packages. APT runs as "root" in Linux, which is the user with the highest privileges in the system, therefore, a targeted attack using this vulnerability would lead to a complete system takeover by an adversary.

The developers of APT have since released version 1.4.9 that addresses the issue. It is also highly recommended that Debian or Ubuntu users should update their systems as soon as possible.

Original: https://justi.cz/security/2019/01/22/apt-rce.html

The French data-privacy agency known as CNIL, indicated that Google failed to disclose to their users how their personal information is collected the usage of it. Google also did not obtain the consent of of its users properly, the agency said.

Quoting CNIL, “Despite the measures implemented by Google, (documentation and configuration tools), the infringements observed deprive the users of essential guarantees regarding processing operations that can reveal important parts of their private life since they are based on a huge amount of data, a wide variety of services and almost unlimited possible combinations”.

Under the GDPR, EU regulators have the power to find companies as much as 20million Euros, or four percent of their annual turnover, whichever is greater.

According to an Israeli network security researcher Noam Rotem, he discovered this vulnerability during a flight booking process. The exploitation only required the victim's Passenger Name Record (PNR) number.

After a booking is made by the passenger, the passenger will receive a unique link container a PNR which would allow them to check on their booking status. Rotem discovered that changing a value on one of the parameters in the link to someone else's PNR number would display the booking information and personal details of the passenger with that number.

Rotem was also able to write a script to brute force PNR numbers and check for validity. This meant that he had the ability to have unauthorized access to passenger details and modification flight itinerary.

Thankfully, this was discovered by Rotem who is a researcher, not a threat actor. His actions were done in good cause, and potentially stopped a data breach from occurring. The issue has been fixed, and the exploit done by Rotem is no longer able to work.

Link to original post: https://www.safetydetective.com/blog/major-security-breach-discovered-affecting-nearly-half-of-all-airline-travelers-worldwide/