Weekly Infosec News Brief: 18-24 January

Houston Company lost $480k to Email-based Wire Fraud, Sues Insurer Over Denied Claim

Ameriforge Group, Inc., of Houston is suing their cyber insurance provider, Federal Insurance, over Federal's denial of a claim. Ameriforge's CFO wired the amount to a bank in China as instructed in an email that purported to be from the company's CEO. The insurer contends that because the incident centered around a voluntary transfer of funds (though prompted by a fraudulent email), the incident is not covered by the policy. The lesson for organizations is two-fold: a) ensure that adequate checks and balances are present in all processes involving transfers of funds, particularly of large amounts, and b) ensure you know exactly what any cyber insurance policy will and will not cover, and check closely into the history of the insurer before purchasing coverage.
http://krebsonsecurity.com/2016/01/firm-sues-cyber-insurer-over-480k-loss/


 Austrian Aircraft Company Loses $54M to Cyber Fraud

Austrian aircraft parts maker FACC AG announced last week a loss of ~$54M to unspecified cyber fraud they say was aimed at their accounting department. It is unclear the exact nature of the fraud, but it involved an "outflow of liquid funds" from the firm. The company did state, however, that their IT infrastructure and data security were not affected. This statement makes it seem likely that the incident involves some form of wire fraud, which has become increasingly common over the past two years.
http://www.pcworld.com/article/3025391/aircraft-part-manufacturer-says-cybercrime-incident-cost-it-54-million.html


Fortinet Backdoor More Widespread Than Previously Believed; Attackers Actively Seeking Vulnerable Systems

Fortinet disclosed several weeks ago the discovery of a backdoor account that could allow an attacker to gain access to certain of their products, and clarified that the issue was fixed in updates available as early as 2014. Last week they announced that the issue affects additional products beyond those that were originally believed to be affected. Also, SANS' Internet Storm Center detected widespread scanning taking place across the Internet looking for vulnerable devices. If you have any Fortinet devices, please ensure that you have the latest updates installed.
http://www.csoonline.com/article/3025876/security/fortiguard-ssh-backdoor-found-in-more-fortinet-security-appliances.html
http://blog.fortinet.com/post/brief-statement-regarding-issues-found-with-fortios
http://www.fortiguard.com/advisory/multiple-products-ssh-undocumented-login-vulnerability
https://isc.sans.edu/forums/diary/Scanning+for+Fortinet+ssh+backdoor/20635/


New Malware Campaign Aimed at Small and Mid-Sized Businesses

Symantec warned last week about a campaign infecting small and mid-sized businesses with a malware RAT (remote access trojan) and using that to steal business data. The malware is sent in email attachments, often in the form of ZIP files. Users with administrator privileges on their workstations are particularly at risk for this type of attack, as are those with out-of-date antivirus software. Basics like these are still key to keeping systems secure.
http://www.eweek.com/security/symantec-finds-a-rat-going-after-u.s.-uk-and-india-smbs.html


Oracle's January Update Listing Includes a Daunting 248 Updates

Oracle issues their updates in a once-a-quarter batch, and this month they released a record-setting 248 patches. Most organizations are only affected by a small number of these, but determining which can be intimating. The Java runtime is the most widely-deployed, and organizations must ensure that this is updated on workstations where it is installed. Oracle Database Server, JD Edwards, PeopleSoft Enterprise, and MySQL are other commonly-used software for which updates are available. Massive update batches like this are a reason why it is critical for organizations to have up-to-dat and exhaustive lists of deployed software; figuring out what you have on your system is best done BEFORE a critical patch becomes available.
http://www.computerworld.com/article/3024288/security/oracle-releases-a-record-248-patches.html
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html


 Apple Updates iOS, Mac OS X; Updates Include Multiple Security Fixes

Apple released updates to its operating systems last week that fixed nine security issues each in the iOS (iPhone, iPad) and OS X (Mac) operating systems. Several of the vulnerabilities allowed for potential arbitrary code execution, including code execution with root privileges. An updated Safari web browser also fixed several privacy and security flaws. If your organization is doing "bring your own device," do you have any provision to ensure that devices have certain minimal updates or software installed?
http://www.scmagazine.com/apple-updates-ios-os-x-and-safari/article/466312/
http://www.zdnet.com/article/apple-fixes-iphone-cookie-theft-security-bug-three-years-later/


 Google Releases New Version of Chrome Browser, Fixes 37 Vulnerabilities

On Friday, Google released an updated version of their Chrome browser (version 48.0.2564.82 to be exact), which fixes a total of 37 vulnerabilities, two of them high-risk. If you allow Chrome on your organizational network, ensure the update is installed. Contrary to the belief of many, Chrome is quite manageable in a corporate network. See the "Chrome for Work" program at Google for more information.
http://www.scmagazine.com/google-updates-chrome-to-stable-channel-issues-patches/article/466472/
http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html


 Cisco Issues Updates for Critical Security Flaw in UCS Manager and Firepower 9000

The Cisco Unified Computing System (UCS) Manager and Firepower 9000 security appliance were both found to have a critical vulnerability in a CGI script on their web interfaces, which could allow an attacker to execute arbitrary commands. UCS is widely used in virtual server environments, and should be updated as soon as possible. Updating such a key, core piece of computing hardware can be challenging; organizations must ensure that they have a procedure in place to patch such underlying services.
http://www.computerworld.com/article/3025344/security/cisco-fixes-critical-flaws-in-digital-encoder-unified-computing-manager-and-security-appliance.html
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160120-ucsm

Comments

Post a Comment

Popular posts from this blog

Weekly Infosec News Brief: 14-20 March

Image
Major Media Websites Caught up inNew Malicious Advertising Attacks Last week multiple major advertising networks, including Google's DoubleClick, AppNexus, Rubicon, and AOL were abused by attackers to serve up malicious advertisements on major media sites. These malicious advertisements were redirecting to the "Angler" exploit kit, which uses multiple means to attempt to compromise a browser and install malware. While such malicious ads are common on smaller websites, they are not unheard-of on major media sites. This outbreak, however, was unusually large and long-lived, lasting at least the better part of two days. Given how common malicious web ads are, some security experts are recommending the use of ad blocking technology in web browsers. http://www.computerworld.com/article/3044565/security/advertising-based-cyberattacks-hit-bbc-new-york-times-msn.html Malicious Macros in Word Documents Used to Install Malware with No Files Needed Everything old is new a
Read more

Weekly Infosec News Brief 20-26 July

Image
FBI Sees Massive Increase in Espionage, Including Industrial Espionage, Against the US The FBI on Thursday issued a press release discussing what they believe is an increasing threat of economic espionage against US companies. They estimate that such espionage may cost the US as much as "hundreds of billions" of dollars a year. This espionage is not just directed against large industrial companies, but any place where trade secrets and innovations might be found, including third-party organizations (e.g. business partners, vendors, consultants, lawyers, etc.) affiliated with targeted companies. A key take-away is that the threat is more widespread than most people think, and that few organizations are immune. https://www.fbi.gov/news/pressrel/press-releases/fbi-announces-economic-espionage-awareness-campaign http://www.cnn.com/2015/07/24/politics/fbi-economic-espionage/ Microsoft Releases Out-of-Cycle Patch for Critical Font Driver Bug A flaw uncovered in connecti
Read more

Critical Vulnerability Discovered in IIS 6.0 Web Services

Image
IIS 6, the version that runs on Windows 2003 Server, was revealed this week to have a serious vulnerability that could allow an attacker to run malicious code on the server. The vulnerability has apparently been known to some malicious groups for some time, as attacks exploiting this vulnerability have been observed as far back as summer of 2016. But last week a proof-of-concept exploit for the vulnerability was posted to GitHub, bringing public attention to the problems and providing potential attackers with a head start on developing their own exploit code.  That is likely to take this from a secretive exploit used by a few actors to one that will be widely used by many attackers, meaning anyone running a vulnerable server is a likely victim. Vulnerability announcements are common, but this one is especially problematic for several reasons: IIS 6.0 is a part of the Windows 2003 Server operating system, which aged out of support from Microsoft almost two years ago. There are an
Read more