FOXTROT/ALFA: Critical Bugs for VMware and Juniper, Taiwan Repurposing Traffic App to Track Citizens, Burning 5G 4G Towers

Let me welcome you to a new week in lockdown with issue 99 of FOXTROT/ALFA. Let’s see what’s been going on in technology news today. It’s Monday, 13 April 2020 and here’s your daily update:

Extremely Critical VMware Bug – Patch Now!

You don’t often see information-disclosure bugs rated with a critical severity. Much less with a whopping CVSS score of 10. I can’t remember when I last saw something like that, but here it is:

A critical information-disclosure bug in VMware’s Directory Service (vmdir) could lay bare the contents of entire corporate virtual infrastructures, if exploited by cyberattackers. The vmdir is part of VMware’s vCenter Server product, which provides centralized management of virtualized hosts and virtual machines (VMs) from a single console. According to the product description, “a single administrator can manage hundreds of workloads.”

These workloads are governed by a single sign-on (SSO) mechanism to make things easier for administrators; rather than having to sign into each host or VM with separate credentials in order to gain visibility to it, one authentication mechanism works across the entire management console. The vmdir in turn is a central component to the vCenter SSO (along with the Security Token Service, an administration server and vCenter Lookup Service). Also, vmdir is used for certificate management for the workloads governed by vCenter, according to VMware.

The critical flaw (CVE-2020-3952) was disclosed and patched on Thursday; it rates 10 out of 10 on the CVSS v.3 vulnerability severity scale. At issue is a poorly implemented access control, according to the bug advisory, which could allow a malicious actor to bypass authentication mechanisms. “A malicious actor with network access to an affected vmdir deployment may be able to extract highly sensitive information,” VMware noted. In turn, this information could be used to compromise the vCenter Server itself “or other services which are dependent upon vmdir for authentication.”

Juniper’s Junos OS Also Needs a Patch

There is also a critical vulnerability (CVE-2020-1615) in Juniper’s Junos OS that warrants attention:

The factory configuration for vMX installations, as shipped, includes default credentials for the root account. Without proper modification of these default credentials by the administrator, an attacker could exploit these credentials and access the vMX instance without authorization.

This issue affects Junos OS 17.1, 17.2, 17.3, 17.4, 18.1, 18.2, 18.2X75, 18.3, 18.4, 19.1, 19.2, 19.3. Affected platforms: vMX.

MBR Locker Malware Impersonates Security Researchers

And then there’s a new malware going around that wipes your system while pretending to originate from respected security researchers.

Over the past 24 hours, after downloading and installing software from what appears to be free software and crack sites, people suddenly find that they are locked out of their computer before Windows starts. When locked out, the PC will display a message stating that they were infected by Vitali Kremez and MalwareHunterTeam, who are both well-known malware and security researchers and have nothing to do with this malware.

These infections are called MBRLockers as they replace the “master boot record” of a computer so that it prevents the operating system from starting and displays a ransom note or other message instead. Recently, a flurry of MBRLockers have been created using a publicly available tool being promoted on YouTube and Discord. BleepingComputer believes that this tool was used to create this MBRLocker to troll both Kremez and MalwareHunterTeam.

When creating MBRLockers using this tool, the malware will first make a backup of the original MBR of the computer to a safe location before replacing it. If this wiper is using the same MBRLocker builder, then it will be possible to recover the MBR so people can gain access to their computer. In one sample, there was also a fail-safe keyboard combination of pressing the CTRL+ALT+ESC keys at the same time to restore the MBR and boot the computer.

Dutch Doofuses Burn Down Cell Towers

Meanwhile, in the Netherlands, the crazies are setting radio towers ablaze because of the evil 5G.

Protesters targeted a number of cellular broadcasting towers throughout the Netherlands to oppose the new 5G telecommunications network, Dutch newspaper De Telegraaf reported on Saturday. Towers in Rotterdam, Liessel, Beesd and Nuenen were severely damaged by fire, Rob Bongelaar told the newspaper. Bongelaar is director of The Monet Foundation, an association that oversees the placement of cell towers and coordinates with state governments on behalf of network operators including KPN, T-Mobile and Vodafone.

“The operators are doing their utmost to keep the mobile networks up and running in this difficult time,” Bongelaar added. He said that the words, “F*** 5G” were written on the transmission box at one of the attack sites.

I believe that’s “Fuck 5G”, Deutsche Welle is being prissy. I guess you aren’t allowed to swear when you are the official government news.

Now, this whole burning down 5G towers thing was stupid enough in the UK. But the Dutch are taking it to a whole nother level of stupid. Because the Netherlands doesn’t have 5G networks yet. The frequencies haven’t even been auctioned off.

The Ministry of Economic Affairs and Climate Policy (EZK) will auction the 700MHz, 1400MHZ and 2100MHz frequencies in the spring of 2020. Frequencies in the 3.5GHz and 26GHz bands will be allocated over the next few years.

Taiwan to Track Citizens with Traffic App

Welcome to 1984, people. We’re all gonna be tracked. All the time. BECAUSE CORONA!!!!!! Here’s the newest plan from China’s somewhat more democratic sister state Taiwan:

Taiwan has floated the idea of adapting its traffic-monitoring app into a “don’t-go-there-you-won’t-be-able-to-social-distance-app.” The app is called “Freeway 1968” and its primary purpose is offering advice about traffic congestion. But the Taiwanese government wants to adapt it for other purposes after striking problems over the weekend of April 4 when it proved difficult to practice social distancing on Tomb Sweeping Day, a festival at which families visit the graves of their ancestors to pay respects.

“The government decided a new method was needed to remind people to observe social distancing rules and other restrictions after the number of text messages it sent over the Tomb Sweeping Day long weekend angered travelers as well as hoteliers,” said a statement from Taiwan’s Parliament. Vice Premier Chen Chi-mai therefore floated the idea of upgrading Freeway 1968 to “monitor the flow of traffic and people into scenic areas and determine if additional travel warnings are needed”.

How dare you pay respect to the dead? <megaphone_sound_effect> “STAY AT HOME, CITIZEN! COWER IN PLACE!!!" </megaphone_sound_effect>

Torvalds Offers Help to Developers Hit by the COVID Crackdown

Speaking of the ‘rona, Linus Torvalds has released the first RC of version 5.7 of the Linux kernel. In his announcement, he also offered some help to kernel developers who have been hit by COVID-19 fallout.

I did have a request from the kernel technical advisory board (aka TAB) to mention that if anyone’s had (or is predicting) disruptions to their kernel work from COVID-19 that they’d like help solving (finding backup maintainers, etc), the kernel TAB has offered to help however they can.

It doesn’t look like Linux development hasn’t been impacted much by the virus and the lockdown, though. Those people mainly work out of their basements and never go out anyway.

Also Noteworthy

Some other stories I’ve been reading today:

This is an archived issue of my daily newsletter FOXTROT/ALFA. You can find more information about it, including how to subscribe via email, on this page.