Telegram adds 70 million users on the day of Facebook and WhatsApp outage

While Facebook’s hours-long outage on Monday may have hurt the company, its founder, shareholders and businesses that rely on their services, for its instant messaging rivals, it was a very good day. Telegram founder and chief executive Pavel Durov said on Tuesday that his instant messaging app added a staggering 70 million users in what he described as a “record increase in user registration and activity.” While Durov praised his team for their platform support during the unprecedented growth, he added that some users in the Americas may have experienced slower than usual speeds during the onslaught of new Telegram enrollees.

(TechCrunch)

Android October patch fixes three critical bugs

On Tuesday, Google released its October security updates for Android, addressing 41 vulnerabilities, and incorporates fixes for 10 vulns that were addressed in the security patch level 2021-10-01, released just several days ago. Three of the vulnerabilities addressed are rated Critical, giving rise to the risk of denial of service, elevation of privilege, remote code execution, and information disclosure issues. As Android security patches are not version-specific, all Android devices could potentially be affected, however none of the flaws have been reported to be under active exploitation in the wild.

(Bleeping Computer)

Apache fixes actively exploited zero-day vulnerability

Apache Software Foundation has released version 2.4.50 of its HTTP Web Server to address two vulnerabilities, one of which is an actively exploited zero-day path traversal and file disclosure flaw. The bug, which is tracked as CVE-2021-41773, enables actors to map URLs to files outside the expected document root by launching a path traversal attack. Normally, these requests are blocked, but in this case, the filters are bypassed by using encoded characters (ASCII) for the URLs. Additionally, exploits of this flaw may lead to leaking the source of interpreted files such as CGI scripts. The only vulnerable Apache HTTP Server version is 2.4.49, and the “require all denied” access control parameter must be disabled which, unfortunately, is the default configuration.

(Bleeping Computer)

The Telegraph exposes 10 TB database containing subscriber info

One of the UK’s largest newspapers and online media outlets, ‘The Telegraph,’ has leaked 10 TB of data after failing to properly secure one of its databases. Exposed information includes internal logs, full subscriber names, email addresses, device info, URL requests, IP addresses, authentication tokens, and unique reader identifiers. Researcher Bob Diachenko, who discovered issue on September 14, 2021, confirmed that at least 1,200 encrypted contacts were accessible without a password. The Telegraph was contacted about the exposure immediately, but it took them two days to secure the database. According to a statement from the company, only 600 individuals were affected, and the statement went on to assert that none of them are at risk since Diachenko was the first and last person to access the sensitive dataset. Nonetheless, affected users are encouraged to reset their passwords and remain vigilant against Phishing and other social engineering scams. 

(Bleeping Computer)

Thanks to our episode sponsor, Votiro

Your users need to accept and open files to do their jobs. Keep them safe and productive with Votiro. With Votiro, your users can download and use any file instantly, from PDF to Autodesk CAD, with malicious code already removed—and full file usability intact. The signatureless, agentless file sanitization process happens in milliseconds without user friction. Visit Votiro.com and learn why millions of users trust Votiro to disarm billions of files each year.

Ransomware gang uses vulgar Python script to encrypt VMware ESXi servers

Researchers from Sophos observed ransomware attackers employing a tiny 6kb Python script to encrypt all virtual machines hosted on a victim organizations VMware ESXi servers. The intruders gained access to the network through a TeamViewer account running on a device with a domain admin logged on. From there, the attackers were able to log into an ESXi server using an SSH client called Bitvis. Attackers shut down the virtual machines, overwrote file content, then deleted the VM disks. When the VMs were powered down, the script kicked off, encrypting datastore volumes, then overwriting file contents with “the F word.” Finally, the script deleted directory listing files, VMs names, and itself by overwriting those files before deleting them. The researchers advise ESXI admins to follow security best practices, avoiding password reuse, and using complex passwords of adequate length, and to enable multi-factor authentication, especially for accounts with elevated privileges.

(Security Affairs)

Axis releases updates for three new vulnerabilities

Nozomi Networks Labs unveiled three different vulnerabilities in video recording device software from Axis. The issues include a heap-based buffer overflow, improper recipient validation in network test functionalities, and an SMTP header injection flaw and affect a wide variety of OS tracks. Axis is a global billion-dollar company with its systems in use in locations such as the the City of Houston, the White House, Sydney Airport, and the Moscow Metro. Nozomi Networks Labs contacted Axis with the issues in June, who confirmed them in July and has now issued firmware updates. Some devices are not yet patched but will be included in the upcoming planned release schedule.

(ZDNet)

Senate committee drops new FISMA reform bill

The Homeland Security and Governmental Affairs Committee has introduced a new bipartisan overhaul of the Federal Information Security Modernization Act which governs civilian federal cybersecurity. FISMA was last updated in 2014 which predates many significant cyber events. The new bill positions CISA and the new position of national cyber director to advise the Office of Management and Budget on information security policies and practices, conduct risk assessments of federal agencies, and coordinate cybersecurity activities across the federal government. The reform aims to address systemic security failures identified across government agencies earlier this year.

(SC Media)

Squid Game scenes cut due to data exposure

Netflix has axed some scenes from its hit show, and South Korean fictional drama, Squid Game because the phone numbers it features are in use by actual people in the real world. The deletions were made after Korean residents who owned the phone numbers were inundated with thousands of text messages and phone calls from curious Squid Game fans worldwide. Since premiering on September 17, Squid Game is on track to become one of the most popular Netflix shows in history. A spokesperson for Netflix and the show’s maker Siren Pictures said, “Together with the production company, we are working to resolve this matter, including editing scenes with phone numbers where necessary.”

(Infosecurity Magazine)