Welcome back to the cybersecurity newsletter! This time, we are looking at the two weeks of the most relevant stories starting with January 18.
Severe bug in Libgcrypt – used by GPG and others – is a whole heap of trouble, prompts patch scramble
"Google Project Zero researcher Tavis Ormandy on Thursday reported a severe flaw in Libgcrypt 1.9.0, an update to the widely used cryptographic library that was released ten days ago."
Windows 7 TCP/IP hijacking
"Blind TCP/IP hijacking is still alive on Windows 7… and not only. This version of Windows is certainly one of the “juiciest” targets even though January 14 2020 was the official EOL (End Of Life) for it. Based on various data Windows 7 holds around 25% share of the Operating Systems (OS) market and is still the world’s second most popular desktop operating system."
Prepending the trouble
"January 27 of the year 2021 was marked with quite a peculiar route leak. AS61666 - GLOBO started announcing prefixes of its upstream provider MHNET - AS28146 to its another provider ALGAR - AS16735. In three minutes GLOBO leaked 1330 prefixes, and the whole routing incident lasted for 8 minutes - a time that was enough to create 1435 conflicts in 21 countries with 265 ASNs, mainly in Brazil (194 ASNs), United States (22 ASNs) and Venezuela (7 ASNs)."
The Next Gen Database Servers Powering Let's Encrypt
"Let’s Encrypt helps to protect a huge portion of the Web by providing TLS certificates to more than 235 million websites. A database is at the heart of how Let’s Encrypt manages certificate issuance. If this database isn’t performing well enough, it can cause API errors and timeouts for our subscribers. Database performance is the single most critical factor in our ability to scale while meeting service level objectives. In late 2020, we upgraded our database servers and we’ve been very happy with the results."
NAT Slipstreaming v2.0: New Attack Variant Can Expose All Internal Network Devices to The Internet
"The new variant attack could allow attackers to bypass NATs & Firewalls and reach any unmanaged device within the internal network from the Internet."
Discussing the future of RPKI
"A recent discussion hosted by the RIPE NCC highlighted a number of key trends affecting the future of Resource Public Key Infrastructure (RPKI). The event, which drew around 90 participants worldwide, is worth watching as it reveals progress on Border Gateway Protocol (BGP) origination, convergence in routing systems, and difficulties in securing the BGP.
These issues are likely to remain relevant well into the future."
Heap-based buffer overflow in Sudo (CVE-2021-3156);
DNSpooq - Cache Poisoning and RCE in Popular DNS Forwarder dnsmasq.
Thanks for reading!
For feedback, please write to us at cybersec@qrator.net.