Weekly Infosec News Brief: 15-21 May 2017


End of WannaCry Panic Should Result in Vigilance, not Relief, Experts Warn
The massive WannaCry ransomware worm that spread with frightening speed the week more last fizzled out as quickly as it began. However, the story should be taken as a wake-up call for US organizations, not as cause to breathe a sigh of relief. In many ways, the WannaCry malware was amateurish and simple; the only impressive part was the use of the ETERNALBLUE exploit to enable its quick spread. It was easily disabled, and incorporated little in the way of anti-analysis and anti-detection techniques. If more determined and skillful folks leverage that same exploit (as it appears some may already be doing), we could see much more devastating results. Please ensure that all your Windows machines are fully-patched, particularly with the MS17-010 patch from March. Also, check your external network to see if you have any SMB services exposed (TCP port 445) and seek to block access from the Internet to that service (or limit it to known, trusted sources).
http://www.csoonline.com/article/3196400/data-breach/wannacry-fallout-the-worst-is-yet-to-come-experts-say.html
https://arstechnica.com/security/2017/05/windows-7-not-xp-was-the-reason-last-weeks-wcry-worm-spread-so-widely/
https://arstechnica.com/security/2017/05/more-people-infected-by-recent-wcry-worm-can-unlock-pcs-without-paying-ransom/

Crytocurrency Mining Software, Adylkuzz, Spreading Using Same Exploit as WannaCry
An example of other malware using the same ETERNALBLUE (MS17-010) exploit is the Adylkuzz cryptocurrency mining software. Analysts suggest it may already have affected more machines that WannaCry, and may simply have escaped detection because it is not quick to reveal itself. It uses victim machines to "mine" for the "Monero" cryptocurrency (similar to, but less widely used than, Bitcoin), so seeks to run in the long term unnoticed by the user. Interestingly, it does to do one noticeable thing -- it disables the SMB file-sharing service exploited by the ETERNALBLUE exploit, thus preventing other malware (such as WannaCry) from infecting its victims.
https://www.scmagazine.com/cryptocurrency-miner-adylkuzz-attack-could-be-bigger-than-wannacry/article/662128/

WordPress Releases New Version to Fix Six Major Vulnerabilities
WordPress released an update last week to version 4.7.5, which includes fixes for six serious security vulnerabilities. The most serious of these are a pair of cross-site scripting (XSS) vulnerabilities in the core code of WordPress. WordPress is the world's most popular website content management system (CMS), and powers approximately 1/4 of all the sites on the web; many organizations are running WordPress on their websites with out even realizing it. If you are running WordPress, you should verify the version and install this upgrade as soon as possible. Also, consider enabling auto-updating for your site if possible.
https://www.scmagazine.com/wordpress-releases-version-475-fixing-6-security-issues/article/662482/
https://wordpress.org/news/2017/05/wordpress-4-7-5/


Google Chrome Vulnerability on PC Can Potentially Expose Users
A researcher disclosed last week a concerning vulnerability in the Google Chrome browser that may allow an attacker to steal a user's authentication information. The vulnerability rests on Chrome's behavior to download files automatically to a default location; by causing the browser to download a malicious SCF file, an attacker could run a script in the user's context to potentially gain access to the user's hashed password. Google is said to be working on a fix to the problem, but in the meantime setting the browser to require a user to approve downloads and specify the download location can help limit the success of exploit attempts. If you allow the use of Chrome in your organizational network, you would do well to use Google's Chrome for Business Group Policy templates to allow for central management of Chrome settings.
https://www.scmagazine.com/google-chrome-flaw-could-allow-windows-credential-theft/article/662515/
http://www.zdnet.com/article/windows-10-credential-theft-google-is-working-on-fix-for-chrome-flaw/

Comments

Post a Comment

Popular posts from this blog

Weekly Infosec News Brief: 14-20 March

Image
Major Media Websites Caught up inNew Malicious Advertising Attacks Last week multiple major advertising networks, including Google's DoubleClick, AppNexus, Rubicon, and AOL were abused by attackers to serve up malicious advertisements on major media sites. These malicious advertisements were redirecting to the "Angler" exploit kit, which uses multiple means to attempt to compromise a browser and install malware. While such malicious ads are common on smaller websites, they are not unheard-of on major media sites. This outbreak, however, was unusually large and long-lived, lasting at least the better part of two days. Given how common malicious web ads are, some security experts are recommending the use of ad blocking technology in web browsers. http://www.computerworld.com/article/3044565/security/advertising-based-cyberattacks-hit-bbc-new-york-times-msn.html Malicious Macros in Word Documents Used to Install Malware with No Files Needed Everything old is new a
Read more

Weekly Infosec News Brief 20-26 July

Image
FBI Sees Massive Increase in Espionage, Including Industrial Espionage, Against the US The FBI on Thursday issued a press release discussing what they believe is an increasing threat of economic espionage against US companies. They estimate that such espionage may cost the US as much as "hundreds of billions" of dollars a year. This espionage is not just directed against large industrial companies, but any place where trade secrets and innovations might be found, including third-party organizations (e.g. business partners, vendors, consultants, lawyers, etc.) affiliated with targeted companies. A key take-away is that the threat is more widespread than most people think, and that few organizations are immune. https://www.fbi.gov/news/pressrel/press-releases/fbi-announces-economic-espionage-awareness-campaign http://www.cnn.com/2015/07/24/politics/fbi-economic-espionage/ Microsoft Releases Out-of-Cycle Patch for Critical Font Driver Bug A flaw uncovered in connecti
Read more

Weekly Infosec News Brief - Oct 12-18

Image
New Flash Zero-Day Vulnerability Being Actively Exploited Last Tuesday, the same day that Adobe released their regular monthly patches, Trend Micro disclosed their discovery of a new zero-day vulnerability being exploited by the “Pawn Storm” hacking group. The observed activity is directed primarily against various nations’ foreign affairs ministries, but the vulnerability (CVE-2015-7645) is not publicly disclosed and may be subject to further exploitation. Adobe released a new out-of-cycle patch for the issue on Friday evening. http://www.cnet.com/news/another-security-flaw-affects-all-versions-of-adobe-flash/ http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-flash-zero-day-used-in-pawn-storm-campaign/ https://helpx.adobe.com/security/products/flash-player/apsa15-05.html Microsoft Releases Six Patches for IE/Edge, Office, Windows Last Tuesday, Microsoft released six updates that fix about 33 security issues in their browsers, in Windows, and in Office.
Read more