This week we have some interesting news in the cyber security area. A 10-year-old bug on the C library threatens the world of IoT and routers, and the REvil gang seems to be preparing for future attacks since the communication between USA and Russia was cut due to the ongoing war. Here is the most important news of this week.
Table of Contents
The 10-year-old bug allows DNS poisoning attacks on IoT devices
Nozomi researchers have discovered a 10-year-old bug that resides in uClibc and uClibc-ng C libraries. Due to the bug, the IoT products and routers generate predictable IDs for DNS responses; allowing DNS poisoning attacks on those devices. Currently, there is no patch available.
60 countries have signed the Future of the Internet pact
60 countries, including all EU members, the USA, and the UK have signed the Future of the Internet pact that aims to separate politics and the internet, provide better and affordable services for citizens, and promote safety. Many countries such as China, India, Russia, and Turkey did not sign the pact.
F5 BIG-IP products are critically vulnerable
F5’s BIG-IP products have been found vulnerable. The vulnerability can be tracked as CVE-2022-1388 and it has a CVSS score of 9.8. The bug allows a complete takeover of the system. Since BIG-IP products are mainly used in critical infrastructure, CISA had to make a warning regarding this issue as well.
REvil ransomware gang is back to the business
REvil ransomware gang members were arrested in Russia after a collaboration between 17 countries. After the war between Ukraine and Russia emerged, the USA cut the communications with Russia. This action has also closed the door to negotiations for REvil gangs. Now, they seem to be preparing for new attacks with simple ransomware that does not encrypt files but changes files’ extensions.
Microsoft is ditching Basic Authentication for Exchange Online
Microsoft has announced that they are ditching the Basic Authentication option for its Exchange Online product. The company has already begun disabling it for the customers who do not utilize them. In October 2022, they will start randomly disabling it for all of its customers for the sake of security.
Firefox reaches version 100
Mozilla has released a new update for its widely-used web browser, Firefox. With this update, Firefox reached version 100; the version developers had to take extra measures related to the three-digit version number. The most noticeable change in Firefox 100 is the automatic dark theme selection on websites depending on users’ preferences.
WordPress 6.0 has entered the release candidate phase
WordPress Team has announced the first release candidate for the upcoming major version: WordPress 6.0. This version backports all the bug fixes for Comment blocks, Comment Template block pagination, and Gutenberg on top of approximately 1,000 bug fixes and improvements that came after WordPress 5.9. The final version is planned to be released on the 24th of May.