While the week after Patch Tuesday tends to be uneventful, Mozilla made sure such was not the case with two zero-days released back to back.

In the news, Danny Palmer of ZDNet wrote a great piece around the new trends of threat actors. While it appears that ransomware is on the decline, the cumulative damage by these attacks is increasing. The differentiating characteristic of these new attacks is in how specific and targeted they have become. No longer are attackers spraying out malware to infect users’ workstations like WannaCry. Instead, these attacks tend to target systems that are remaining out of date for a longer period. In the ZDNet article, Palmer quotes Chet Wisniewski, principal research scientist at Sophos:

"Servers don't have nearly the same protections in place that desktops do. The same company that tells me they do 'Patch Tuesday' within 10 days for desktops will tell me its 90 days for server. Those servers are glaring weak-spots in our strategy currently and the criminals are going straight for it."

These critical infrastructure points are also much more vulnerable to a successful ransomware attack as the ransom cost is far less than the disruption within the organization.

Security Releases

Firefox released not one but two updates this week to remediate an active attack against cryptocurrency firms such as CoinBase. Initially, Mozilla released Firefox 67.0.3 and Firefox ESR 60.7.1 under MFSA2019-18 to remediate CVE-2019-11707, which details a zero-day JavaScript vulnerability. Within this same week, Mozilla released Firefox 67.0.4 and Firefox ESR 60.7.2 under MFSA2019-19 to remediate CVE-2018-11708, a sandbox escape vulnerability where the attacker could then run arbitrary code on the endpoint.

These two vulnerabilities were used together to gain access to cryptocurrency information through phishing attacks. According to DigitalSecurity, the attackers sent out an email requesting the recipient to be a participant in the “Adams Prize” with a link to enroll. After the user navigated to the URL, a payload would be downloaded and executed on the endpoint to open a backdoor into the system. Alarmingly enough, this attack was not limited to Windows systems. The malicious website would drop a “Finder.app” on Mac systems for a successful exploit.

Third-Party Updates

While Mozilla was the highest-profile third-party application this week, other vendors also released updates with valuable stability fixes, as well as potential undocumented vulnerability fixes:

Software Title

Ivanti ID

Ivanti KB

Blue Jeans 2.13.533.0

JEANS-018

QBJN2135330

GOM Player 2.3.42.5304

GOM-027

QGOM23425304

GoodSync 10.9.34.5

GOODSYNC-120

QGS109345

Microsoft Power BI Desktop 2.70.5494.761

PBID-060

QBI2705494761

Notepad++ 7.7.1

NPPP-093

QNPPP771

Plex Media Server 1.16.0.1226

PLXS-038

QPLXS11601226

Slack Machine-Wide Installer 3.4.3

SMWI-031

QSLACK343

Zoom Client 4.4.53901

ZOOM-024

QZOOM4453901

Protect yourself from the next wannacry