Pemex hit by ransomware, US Postal Service gets a copycat and new WhatsApp bugs
Plus, 1Password gets a boatload of cash
It's time for another Register security roundup of the week's smaller stories you may have missed.
FedEx says exposed driver database was a 'test system'
US parcel delivery company FedEx has acknowledged that it left an exposed database containing detailed driver and delivery information, but says the infomation was part of a test system.
Security researcher Devin Stokes found and responsibly disclosed the open database to FedEx. Once it was removed (after more than a week of trying to get the company's attention), Stokes exclusively shared with El Reg the details on what was within: detailed information on driver trips and reports on accidents, including the cause.
Stokes said the database also included stats on day-to-day operations, with things like geofencing data and even alerts for when drivers were going over the speed limit in their delivery vehicles.
"[FedEx] can confirm this site was used for testing and contained no sensitive information," a spokesperson told El Reg. "It has since been decommissioned."
We imagine the drivers whose speeding patterns were being tracked might not agree with that assessment. Either way, congrats to Devin on the find.
One of the largest oil companies in the world had to deal with a ransomware infection recently, as Mexico's Pemex said it fell victim to a malware infection in one of its corporate networks.
📌Pemex opera con normalidad. pic.twitter.com/IF7kf6VIEk— Petróleos Mexicanos (@Pemex) November 12, 2019
The oil giant said that its operations were not impacted by the attack, and none of its industrial systems or any safety gear was touched by the ransomware.
Symantec patches vulnerability in AV offering
Once again, a bug in a popular security suite is, ironically, putting users at risk of malware infections.
This time, it's Symantec's EndPoint Protection software that is vulnerable, according to researchers with SafeBreach.
The flaw is nearly identical to the found earlier in McAfee antivirus and is related to insecure loading of DLL files. An attacker who exploited the flaw could run arbitrary code and commands on the target machine and, more importantly, maintain persistent access even after a restart.
There is one major mitigating factor here: the attacker already has to have access to the machine with admin clearance. If that is the case, there's not much need for this sort of exploit, so while you should update your software with the patch, it shouldn't be a massive security concern.
Checkpoint breaks down Qualcomm's TPM code isolation
Those interested in the intricacies of on-chip security protections should give a look to this report from Checkpoint detailing how its team was able to uncover flaws in the TPM protections of Qualcomm processors.
The in-depth report shows how the researchers were able to uncover the vulnerabilities that would let unprivileged code elevate itself to privileged status, potentially allowing for sensitive information within the secure enclave on the chip to be read.
WhatsApp warns of remote code via video bug
Facebook's WhatsApp has posted notice of a vulnerability in the mobile versions of the messaging app that could potentially allow for remote code execution. The flaw is due to a buffer overflow that is exposed when viewing a specially-crafted MP4 file.
Users can protect themselves against exploits by making sure to update to the latest version of the Android, iOS, or Windows Phone app.
$200m to 1
Security tool 1Password has been around for more than a decade now, but that doesn't mean it can't still kick up some VC bucks. The developer this week revealed that it had just finished up a $200m Series A funding round, giving it more than enough cash for expansion.
US Postal Service the latest malware lure
The team at ProofPoint says that among a series of new scam emails being used to spread malware is a message claiming to come from the US Postal Service.
The fake notices include a Word file that has been poisoned with the exploit code itself. Opening up the file will result in the attempted installation of a banking trojan.
With the holiday shopping season set to kick off, users should be wary of any message claiming to be from the USPS or other delivery service.
Cisco Talos warns of custom dropper malware
Researchers with Talos are warning that a long-running malware campaign has been reinvigorated with the use of customized dropper tools. The hackers are believed to have taken existing malware and slightly modified it, allowing the droppers to potentially skirt detection by security software. ®