Weekly Infosec News Brief: 15-21 February

Vulnerability in Key Unix/Linux System Library Potentially Puts Millions of Computers at Risk

Last Tuesday, Google's engineering team released details on a vulnerability they had found and had been working on in cooperation with Red Hat. The vulnerability is in a ubiquitous Unix/Linux system library, in the function that handles DNS lookups. A malicious DNS server could potentially send replies in response to DNS requests that would run arbitrary code to run on the requesting machine. See our blog post from last week for full details:
http://www.anchortechnologies.com/blog/vulnerability-in-dns-affects-wide-range-of-systems


 VMWare Issues New Patch to Replace One from Last Fall That Didn't Quite Fix the Problem

VMWare issued a patch last October for CVE-2015-2342, a very serious issue in vCenter running on Windows. Last Friday VMWare issued a replacement for that patch, explaining in the new advisory that the original patch "did not address the issue." The vulnerability in question is rated a "10," the highest possible score on the CVSS (Common Vulnerability Scoring System) scale, so anyone running vCenter on Windows is advised to check into instilling the patch as soon as possible.
http://www.theregister.co.uk/2016/02/14/vmware_re_issues_patch/
http://kb.vmware.com/kb/2144428


California Health Care Company Loses Employee Data due to Spoofed Email

Magnolia Health, a California-based operator of rehab and nursing care facilities, disclosed last week that a large quantity of data on their active employees was disclosed to an unknown third party. The data was emailed out in the form of a spreadsheet by an employee who received an email requesting the information. The email appeared to be from the company's CEO, but apparently originated instead from an outside account and was "spoofed" to make it appear to be from the CEO. There are technical measures that can be employed to make it harder for attackers to "spoof" your email addresses, and to make it more apparent when emails are from inside or outside. However, it is also important to have established procedures for safeguarding particularly sensitive information, such as HR or financial info. For instance, you might set a policy that HR data can never be sent via unencrypted email.
http://www.hipaajournal.com/magnolia-health-victim-of-email-spoofing-phishing-scam-8314/


Mozilla Releases New Firefox Version to Fix Multiple Critical Vulnerabilities

The Mozilla Foundation released Firefox version 44.0.2 last week. The new release fixes several critical vulnerabilities, including one that allowed websites to potentially override "same-origin" limitations; this could potentially allow scripts on one site to access sensitive data from other sites being viewed on a users's computer. If you allow Firefox on your organizational computers, you are advised to ensure they are updated as soon as possible. Mozilla has tools and techniques for managing organizational deployments of Firefox, including via Group Policy.
http://www.scmagazine.com/mozilla-fixes-critical-vulnerabilities-in-firefox-browser-and-extended-support-release/article/473866/


California Attorney General Defines Standard of Care in Information Security

California's Attorney General has defined what he considers a reasonable standard of care in providing security for individuals' personal information held by companies. Key points:
  1. Implement the CIS Critical Controls
  2. Use multi-factor authentication
  3. Encrypt data at rest and in transit It's a good set of recommendations.
From a legal standpoint, it's good that California organizations (and orgs doing business there or with their residents) know what they can expect from the AG's office when it comes to deciding whether to pursue a case. California has led the way in a lot of cyber security legal matters, so these recommendations are worth looking at for anyone.
https://www.oag.ca.gov/sites/all/files/agweb/pdfs/dbr/breachreport2016.pdf


"Lucky" Ransomware Quickly Becoming a Major Threat

A new malware program, "Locky," has been increasing in incidence recently; it was responsible for the highly-publicized incident at Hollywood Presbyterian Medical Center, who paid a $17,000 ransom to recover their lost data. To date, the malware is infecting machines via macros or other malicious code in Microsoft Word email attachments. One recommended practice is to configure machines to open attachments by default using an alternate software, such as a cloud-based word processor (e.g., Word Online, Google Docs) or a locally-installed file viewer, rather than the native application. This would prevent most embedded malicious code from running and potentially infecting the target machine,
http://www.scmagazine.com/locky-ransomware-grows-rapidly-in-prominence-infamy-warn-researchers/article/477782/


Serious FireEye Bypass Vulnerability Disclosed; Flaw Was Patched Last Fall

A security research firm disclosed last week a flaw they had found last year in FireEye's malware analysis engine. The flaw allowed a binary to prevent itself from being copied to FIreEye's virtual machine for analysis. Most troubling, the analysis would occur anyway, and since the malicious binary would not be present the overall sample would be "whitelisted," and therefore the FireEye appliance would ignore further instances of that file for the next 24 hours. The vulnerability was reported to FireEye last September, and FireEye says it was fixed in an update made available to customers in October. Flaws of this type are likely to be found from time to time in any security solutions that rely on a virtualization layer, some experts argue.
http://www.scmagazine.com/fireeye-flaw-enabled-attackers-to-whitelist-malware-files/article/475585/
https://labs.bluefrostsecurity.de/advisories/bfs-sa-2016-001/

Comments

Post a Comment

Popular posts from this blog

Weekly Infosec News Brief: 14-20 March

Image
Major Media Websites Caught up inNew Malicious Advertising Attacks Last week multiple major advertising networks, including Google's DoubleClick, AppNexus, Rubicon, and AOL were abused by attackers to serve up malicious advertisements on major media sites. These malicious advertisements were redirecting to the "Angler" exploit kit, which uses multiple means to attempt to compromise a browser and install malware. While such malicious ads are common on smaller websites, they are not unheard-of on major media sites. This outbreak, however, was unusually large and long-lived, lasting at least the better part of two days. Given how common malicious web ads are, some security experts are recommending the use of ad blocking technology in web browsers. http://www.computerworld.com/article/3044565/security/advertising-based-cyberattacks-hit-bbc-new-york-times-msn.html Malicious Macros in Word Documents Used to Install Malware with No Files Needed Everything old is new a
Read more

Weekly Infosec News Brief 20-26 July

Image
FBI Sees Massive Increase in Espionage, Including Industrial Espionage, Against the US The FBI on Thursday issued a press release discussing what they believe is an increasing threat of economic espionage against US companies. They estimate that such espionage may cost the US as much as "hundreds of billions" of dollars a year. This espionage is not just directed against large industrial companies, but any place where trade secrets and innovations might be found, including third-party organizations (e.g. business partners, vendors, consultants, lawyers, etc.) affiliated with targeted companies. A key take-away is that the threat is more widespread than most people think, and that few organizations are immune. https://www.fbi.gov/news/pressrel/press-releases/fbi-announces-economic-espionage-awareness-campaign http://www.cnn.com/2015/07/24/politics/fbi-economic-espionage/ Microsoft Releases Out-of-Cycle Patch for Critical Font Driver Bug A flaw uncovered in connecti
Read more

Weekly Infosec News Brief: 22-28 February

Image
Ransomware Observed to Jump from One Device to Another via the Cloud Researchers described last week an incident where they observed malicious "ransomware" propagating from one device to another via cloud-based file synchronization. When the ransomware encrypted files on one machine that synchronized files to a specific folder, it spread to other PCs that synchronized to that same folder. This type of phenomenon is simply another reason for organizations to serious consider limiting or eliminating the use of such file-synchronizing software within their networks. http://www.scmagazine.com/researchers-confirm-cases-of-ransomware-encryption-jumping-devices-via-cloud-apps/article/479572/ New OpenSSL Patches Soon to Come The OpenSSL project team announced last Thursday that they are working on patches to fix at least two "high" severity vulnerabilities in OpenSSL. This is the software that powers the cryptographic security layer of many web servers, browser
Read more