Welcome back to the December beginning edition of the Security Bulletins.
To begin with, we have some concerning news about Avast Online Security Solutions. If you are familiar with anti-malware solutions, you must have heard about Avast, which is a very reputed name in the security domain with over 400 million users. It is reported that Avast is spying on users with Avast Online Security and Avast Secure Browser and has been removed from the official Mozilla extensions list. It all comes to the method by which the Avast engine determines whether the URL visited by the user is malicious or not. Avast is collecting the URLs and analyze them to provide safe browsing insights, instead of gathering the hashes of the URLs like the Google Secure Browsing.
The folks at Talos Intelligence has published a vulnerability report on EmbedThis GoAhead web server, which is a very popular one found in IoT devices. The vulnerability discussed is a code execution flaw that resides in the multipart/form-data request processing in versions v5.0.1, v.4.1.1 and v3.6.5. The flaw is exploitable and is being tracked by CVE-2019-5096. The project maintainers have acknowledged this and have patched the vulnerability with version 5.1.0
Ransomware has been a hot topic of 2019, we have seen many iterations of such malicious programs throughout the year as they are constantly evolving. Sophos has published an article on the new tactics being employed by the Snatch ransomware to avoid detection. The operation is quite simple. It installs itself as a service that is allowed to run in safe mode and reboots the system in safe mode, which does not allow anti-malware software to run.