Facebook Pixel
Two Guys and an Opinion

Travel-ex!

Two Guys and an Opinion
Two Guys and an Opinion

In this episode we study in detail, (apologies, Richard rambled!), the shocking story of the demise of Travelex due in no small part to a highly successful ransomware attack. We cover just how avoidable these incidents are by dealing with those pesky vulnerabilities! And the drinking word this week sounds like you're already half-cut when you say it....

Show Notes:

  1. Apple - iOS and iPadOS 14.4. - iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and the 7th generation iPod touch. Apple also issued security updates for one of the vulnerabilities across a range of its other offerings, including Apple Watch (watchOS 7.3) and Apple TVs (tvOS 14.4).
  • CVE-2021-1782. Attackers could use the application to gain additional privileges in the device’s operating system, which would allow them to wreak all kinds of havoc.
  • CVE-2021-1871 and CVE-2021-1870, reside in the WebKit component, Apple’s open-source web browser engine used by the Safari browser, could be exploited by a remote attacker and allow them to execute arbitrary code. Flaws could be exploited by “by persuading a victim to visit a specially crafted Web site.”
  1. SolarWinds - Three new vulnerabilities in SolarWinds products. The vulnerabilities, which have been already been patched, included a remote code execution flaw in Orion that required only network access. That flaw allows hackers to use an improperly installed Microsoft Messaging Queue to send commands for a server to execute.
  2. Linux sudo privilege escalation heap overflow vulnerability - CVE-2021-3156 - A successful exploitation allows any unprivileged user to escalate its privileges to root on the vulnerable host. Since it’s a privilege escalation vulnerability, it requires access to a local user on the vulnerable host in order to actually exploit it.

The vulnerability affects all the following sudo versions:

  • All legacy versions from 1.8.2 to 1.8.31p2
  • All stable versions from 1.9.0 to 1.9.5p1
Two Guys and an Opinion
Not playing