Weekly InfoSec News Brief 3-9 August

Serious Firefox Vulnerability Potentially Exposes Local Files to Unauthorized Access

Last Thursday, Mozilla released a security update for FIrefox (v 39.0.3) to patch a serious vulnerability that was being actively exploited by hackers apparently out of Russia or Ukraine. The flaw is in the built-in PDF reader, allowing arbitrary JavaScript execution with access to the local file system. The flaw affects Firefox on all operating systems. This allowed the attackers to search for and upload files, and they used this capability to steal common files that would contain login information on Windows and Linux systems. If your organization runs Firefox at all, it is important to update to the latest version as soon as possible.
https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/
http://arstechnica.com/security/2015/08/0-day-attack-on-firefox-users-stole-password-and-key-data-patch-now/


 Yahoo's Ad Network Hijacked to Deliver Malware

Malwarebytes discovered last week (and reported to Yahoo) that Yahoo's ad network was being abused to deliver malware to visitors via the Angler Exploit Kit. This exploit kit is often used to deliver various malware payloads, with ransomware one of the most common. The exploit kit examines visitors' browser configurations to select the most likely-to-succeed exploit method, with Adobe Flash exploits being the most popular over the past several months. This broad use of a trusted site and trusted advertising network to deliver malware demonstrates why avoiding untrustworthy sites is not enough to ensure safety from web-based attacks; anyone browsing the Internet needs to keep their systems up-to-date, and employ effective anti-malware software. Security vendor RiskIQ claims that malicious web advertising increased 260% in the first half of this year, and that fake software update ads are now the most prevalent means of malware infections.
http://www.scmagazine.com/hackers-spread-malware-via-yahoo-ads/article/430290/
http://www.infosecurity-magazine.com/news/malicious-ads-soar-260-over-the/


"Internet of Things" Security Becoming Increasingly Hot Topic

As more and more devices beyond traditional are being connected to the Internet, the security of these devices is becoming a serious issue. Unlike traditional computers, these devices are often difficult to patch or update when needed, and most organizational security systems are not optimized to monitor or provide for their security. Recent news on these issues have included a vulnerability in a popular drug pump used in hospitals that can allow a hacker to affect the dosage and a vulnerability in Chrysler's Internet-connected entertainment system that can allow an attacker to override the car's controls. What Internet-connected "things" does your organization employ? Common examples include thermostats, surveillance cameras, and environmental monitors. Does your vulnerability management and security monitoring strategy include these devices?
http://www.bbc.com/news/technology-33759428
http://www.wired.com/2015/07/patch-gm-onstar-ios-app-avoid-wireless-car-hack/
http://thehill.com/policy/cybersecurity/250060-feds-widen-auto-hacking-investigation


Popular File Storage and Synchronization Services Vulnerable

Cloud-based file storage and synchronization is an extremely powerful productivity tool, and very popular in most organizations today. To some extent this usage is planned and sanctioned as part of the enterprise IT plan, but more often it is not. Yet a lot of business data is often stored with these services. This data is then often synchronized or downloaded to personal PCs or mobile devices, and now security researchers have shown another vulnerability that could allow an attacker to steal the access token that allows a user's device to synchronize data. If your organization does not have policy to regulate the use of these services and technology to enforce that policy, you need to consider how to address this issue.
http://www.scmagazine.com/cloud-storage-sites-vulnerable-to-new-wave-of-attacks/article/431249/


 WordPress Releases a New Version, Fixes Six Security Issues Including a Serious SQL Injection Bug

WordPress released version 4.2.4 of their web content management/blogging software last Tuesday. The new release fixes six security issues, the most serious of which was a SQL injection flaw (CVE-2015-2213) which could allow an attacker to execute arbitrary SQL commands on the connected database. This new version follows less than two weeks after the previous version release, and organizations are urged to update as soon as possible.
http://www.theregister.co.uk/2015/08/06/vulnerable_again_wordpress_issues_urgent_patch/
https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release/


Serious Mac OS X Vulnerability Being Exploited in the Wild; Patch Expected Soon from Apple

The "DYLD" vulnerability in Apple's Mac OS X operating system was publicized in early June, but it was not until last week that reports came out that attackers were actively using the vulnerability to exploit Mac systems over the Internet. The vulnerability is a serious one, potentially allowing attackers to run arbitrary code against Mac systems using administrative privileges. The latest beta of the next update for OS X (10.10.5) has a patch for the vulnerability, and the final release of the update is likely this week. Mac users should be on the lookout for this update in the App Store and are encouraged to install it as soon as possible.
http://www.cnet.com/news/apple-reportedly-set-to-patch-serious-security-bug-in-mac-os-x/

Comments

Post a Comment

Popular posts from this blog

Weekly Infosec News Brief: 14-20 March

Image
Major Media Websites Caught up inNew Malicious Advertising Attacks Last week multiple major advertising networks, including Google's DoubleClick, AppNexus, Rubicon, and AOL were abused by attackers to serve up malicious advertisements on major media sites. These malicious advertisements were redirecting to the "Angler" exploit kit, which uses multiple means to attempt to compromise a browser and install malware. While such malicious ads are common on smaller websites, they are not unheard-of on major media sites. This outbreak, however, was unusually large and long-lived, lasting at least the better part of two days. Given how common malicious web ads are, some security experts are recommending the use of ad blocking technology in web browsers. http://www.computerworld.com/article/3044565/security/advertising-based-cyberattacks-hit-bbc-new-york-times-msn.html Malicious Macros in Word Documents Used to Install Malware with No Files Needed Everything old is new a
Read more

Weekly Infosec News Brief 20-26 July

Image
FBI Sees Massive Increase in Espionage, Including Industrial Espionage, Against the US The FBI on Thursday issued a press release discussing what they believe is an increasing threat of economic espionage against US companies. They estimate that such espionage may cost the US as much as "hundreds of billions" of dollars a year. This espionage is not just directed against large industrial companies, but any place where trade secrets and innovations might be found, including third-party organizations (e.g. business partners, vendors, consultants, lawyers, etc.) affiliated with targeted companies. A key take-away is that the threat is more widespread than most people think, and that few organizations are immune. https://www.fbi.gov/news/pressrel/press-releases/fbi-announces-economic-espionage-awareness-campaign http://www.cnn.com/2015/07/24/politics/fbi-economic-espionage/ Microsoft Releases Out-of-Cycle Patch for Critical Font Driver Bug A flaw uncovered in connecti
Read more

Weekly Infosec News Brief: 22-28 February

Image
Ransomware Observed to Jump from One Device to Another via the Cloud Researchers described last week an incident where they observed malicious "ransomware" propagating from one device to another via cloud-based file synchronization. When the ransomware encrypted files on one machine that synchronized files to a specific folder, it spread to other PCs that synchronized to that same folder. This type of phenomenon is simply another reason for organizations to serious consider limiting or eliminating the use of such file-synchronizing software within their networks. http://www.scmagazine.com/researchers-confirm-cases-of-ransomware-encryption-jumping-devices-via-cloud-apps/article/479572/ New OpenSSL Patches Soon to Come The OpenSSL project team announced last Thursday that they are working on patches to fix at least two "high" severity vulnerabilities in OpenSSL. This is the software that powers the cryptographic security layer of many web servers, browser
Read more