Weekly Infosec News Brief: 1-6 Dec

US Department of the Interior Inspector General Report Details 19 Major Incidents at the Agency

The Department of the Interior experienced nineteen major cyber incidents over the past several years that had been previously undisclosed. A large amount of sensitive data with economic value is believed to have been stolen. The report explains how several of the incidents were not detected for some time as well as the fact the the extent of some of the intrusions is still not fully known. A key lesson is that cyber incidents are often not readily apparent; it is not wise to assume you have not been compromised simply because you are not aware of a compromise.
http://www.nextgov.com/cybersecurity/2015/11/interior-department-hacked-china-others-19-times/123990/?oref=ng-channelriver


 Microsoft Re-Issues Windows 10 Fix the Reset Some Users' Privacy Settings

On November 24th, Microsoft re-issued a major Windows 10 update that was causing many users' privacy settings to reset to default. The update was initially issued on November 12th, meaning that it look twelve days for Microsoft to determine the problem and issue a replacement patch. Does your organization have a procedure for testing patches prior to deploying them to the entire network? Patches aren't perfect; if your software vendors could be trusted to make perfect software, they wouldn't need to be issuing patches in the first place.
http://www.computerworld.com/article/3008712/microsoft-windows/microsofts-november-windows-10-screwed-up-some-users-privacy-settings.html
https://support.microsoft.com/en-us/kb/3121244


Veracode Report Ranks Scripting Languages as Worst for Security

Using their analysis of over 200,000 applications, Veracode last week issued a report on common vulnerabilities and their prevalence in code written with different languages. Scripting languages like ColdFusion, PHP, and classic ASP had a significantly higher rate of serious vulnerabilities than compiled (or semi-compiled) languages like .NET and Java. Cross-site scripting and SQL injection vulnerabilities were present in over half of the applications analyzed. How does your organization test for application security? Anchor can help you with application testing or code review.
http://www.csoonline.com/article/3011872/vulnerabilities/report-scripting-languages-most-vulnerable-mobile-apps-need-better-crypto.html


Ransomware Bundled with Password-Stealer Making the Rounds

A new strain of the Cryptowall 4 ransomware has been found that bundles the "Pony" password-stealing malware along with it. To the victim, it looks like a typical ransomware infection, leading to the victim's files being encrypted and a demand of ransom to provide the decryption key. But any passwords stored on the user's computer (in a web browser, for instance) are also stolen and uploaded to the perpetrators' server. To date, malware infections have been viewed as relatively straightforward, but it is (and always has been) best to assume that any information on or accessible by a compromised computer could have been accessed and taken.
http://arstechnica.com/security/2015/12/newest-ransomware-pilfers-passwords-before-encrypting-gigabytes-of-data/
http://www.zdnet.com/article/new-ransomware-grabs-users-passwords-before-locking-files/


New England-based Linen Service Pleads Guilty to Hacking Competitor to Steal Customer List

General Linen Services of Somersworth, New Hampshire, pleaded guilty last week to accessing the systems of a smaller competitor (a Massachusetts firm by the same name) to steal invoices and other customer data. Both firms used the same vendor for their web portals, and thus both had the same default password, which is how the "hack" occurred. How many systems in your organization have default accounts or passwords still configured?
http://www.scmagazine.com/new-hampshire-company-hacks-smaller-competitor-for-customer-list/article/457932/

Comments

Post a Comment

Popular posts from this blog

Weekly Infosec News Brief: 14-20 March

Image
Major Media Websites Caught up inNew Malicious Advertising Attacks Last week multiple major advertising networks, including Google's DoubleClick, AppNexus, Rubicon, and AOL were abused by attackers to serve up malicious advertisements on major media sites. These malicious advertisements were redirecting to the "Angler" exploit kit, which uses multiple means to attempt to compromise a browser and install malware. While such malicious ads are common on smaller websites, they are not unheard-of on major media sites. This outbreak, however, was unusually large and long-lived, lasting at least the better part of two days. Given how common malicious web ads are, some security experts are recommending the use of ad blocking technology in web browsers. http://www.computerworld.com/article/3044565/security/advertising-based-cyberattacks-hit-bbc-new-york-times-msn.html Malicious Macros in Word Documents Used to Install Malware with No Files Needed Everything old is new a
Read more

Weekly Infosec News Brief 20-26 July

Image
FBI Sees Massive Increase in Espionage, Including Industrial Espionage, Against the US The FBI on Thursday issued a press release discussing what they believe is an increasing threat of economic espionage against US companies. They estimate that such espionage may cost the US as much as "hundreds of billions" of dollars a year. This espionage is not just directed against large industrial companies, but any place where trade secrets and innovations might be found, including third-party organizations (e.g. business partners, vendors, consultants, lawyers, etc.) affiliated with targeted companies. A key take-away is that the threat is more widespread than most people think, and that few organizations are immune. https://www.fbi.gov/news/pressrel/press-releases/fbi-announces-economic-espionage-awareness-campaign http://www.cnn.com/2015/07/24/politics/fbi-economic-espionage/ Microsoft Releases Out-of-Cycle Patch for Critical Font Driver Bug A flaw uncovered in connecti
Read more

Weekly Infosec News Brief: 22-28 February

Image
Ransomware Observed to Jump from One Device to Another via the Cloud Researchers described last week an incident where they observed malicious "ransomware" propagating from one device to another via cloud-based file synchronization. When the ransomware encrypted files on one machine that synchronized files to a specific folder, it spread to other PCs that synchronized to that same folder. This type of phenomenon is simply another reason for organizations to serious consider limiting or eliminating the use of such file-synchronizing software within their networks. http://www.scmagazine.com/researchers-confirm-cases-of-ransomware-encryption-jumping-devices-via-cloud-apps/article/479572/ New OpenSSL Patches Soon to Come The OpenSSL project team announced last Thursday that they are working on patches to fix at least two "high" severity vulnerabilities in OpenSSL. This is the software that powers the cryptographic security layer of many web servers, browser
Read more