Weekly Infosec News Brief: 26 June - 02 July 2017



Microsoft Patches Another Critical Vulnerability in Windows Defender

For the second time this year, Microsoft has pushed out an update to Windows Defender to patch a highly-exploitable vulnerability. Like the previous instance, this one was found by Google's Project Zero team, and again Microsoft pushed out the patch via the vulnerability via Windows Defender's built-in patching capability (which is independent of standard Windows updates). The good news is that the vulnerability is not believed to have been exploited by any real-world attackers, and Microsoft was able to release a patch within a few weeks of learning of the issue. The bad news is that Windows Defender is built into Windows, and if there are more similar vulnerabilities lurking in it there is little we can do to avoid them other than ensuring the automatic updates are enabled.
http://www.csoonline.com/article/3203932/security/microsoft-plugs-another-critical-hole-in-windows-defender.html
https://arstechnica.com/security/2017/06/latest-high-severity-flaw-in-windows-defender-highlights-the-dark-side-of-av/

The Petya/NotPetya Malware Appears to Have Been Cyberwar, not Cybercrime

The massive malware/worm outbreak that made headlines everywhere last week gives many indications of having been a camouflaged attack on Ukrainian infrastructure and computing resources, rather than a real ransomware intended to make money. Approximately 80% or more of the victim systems were located in Ukraine suggesting a possible targeting. More so, the malware doesn't act like any normal ransomware; instead, it encrypts or destroys the master file table and boot record of the hard drive, rendering it unreadable by conventional means. Despite this apparent targeting, the attack spilled over to cause serious harm to a number of major corporate networks around the world. 

SNMP Bug in Cisco IOS Could Allow an Attacker to Crash Switches or Routers

Cisco released a warning last week regarding a vulnerability in the Simple Network Management Protocol (SNMP) service on many of their routing and switching devices. The vulnerability affects most devices running the IOS or IOS XE operating systems, and could allow an attacker to crash the device. In the case of SNMP v3, an attacker would need valid credentials for the attack to succeed; in versions 1 & 2, the attack would require only the read-only community string. It is common to see SNMP services on routers exposed on the Internet; this exposure is rarely necessary, and avoiding it would avoid most attacks on vulnerabilities such as this, patching aside. (UPDATE, 3 July: Cisco has updated the announcement and is now saying this vulnerability can be used to remotely run arbitrary code on a vulnerable device, a much more serious issue. It is urgent to block SNMP access and/or disable the particular vulnerable SNMP MIBs immediately until a patch is available.)
https://www.theregister.co.uk/2017/06/30/management_bug_can_crash_cisco_ios_ios_xe/
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp

Data Firm Hired by RNC Leaks Private Details on Almost 200 Million Americans

Deep Root Analytics, a data analysis firm used by the Republican National Committee and other political organizations to mine, store, and analyzed massive amounts of voter data, apparently left a huge dataset (over 1TB) exposed on a publicly-accessible Amazon S3 data "bucket." The data was discovered by a security researcher last week, and was accessible without any authentication by anyone on the Internet who stumbled on the URL. This type of failure to properly secure data stored in the cloud is growing more common, as organizations use these technologies without implementing basic security controls.
http://www.csoonline.com/article/3201201/security/rnc-data-analytics-firm-exposes-voting-records-on-198-million-americans.html

Comments

Post a Comment

Popular posts from this blog

Weekly Infosec News Brief: 14-20 March

Image
Major Media Websites Caught up inNew Malicious Advertising Attacks Last week multiple major advertising networks, including Google's DoubleClick, AppNexus, Rubicon, and AOL were abused by attackers to serve up malicious advertisements on major media sites. These malicious advertisements were redirecting to the "Angler" exploit kit, which uses multiple means to attempt to compromise a browser and install malware. While such malicious ads are common on smaller websites, they are not unheard-of on major media sites. This outbreak, however, was unusually large and long-lived, lasting at least the better part of two days. Given how common malicious web ads are, some security experts are recommending the use of ad blocking technology in web browsers. http://www.computerworld.com/article/3044565/security/advertising-based-cyberattacks-hit-bbc-new-york-times-msn.html Malicious Macros in Word Documents Used to Install Malware with No Files Needed Everything old is new a
Read more

Weekly Infosec News Brief 20-26 July

Image
FBI Sees Massive Increase in Espionage, Including Industrial Espionage, Against the US The FBI on Thursday issued a press release discussing what they believe is an increasing threat of economic espionage against US companies. They estimate that such espionage may cost the US as much as "hundreds of billions" of dollars a year. This espionage is not just directed against large industrial companies, but any place where trade secrets and innovations might be found, including third-party organizations (e.g. business partners, vendors, consultants, lawyers, etc.) affiliated with targeted companies. A key take-away is that the threat is more widespread than most people think, and that few organizations are immune. https://www.fbi.gov/news/pressrel/press-releases/fbi-announces-economic-espionage-awareness-campaign http://www.cnn.com/2015/07/24/politics/fbi-economic-espionage/ Microsoft Releases Out-of-Cycle Patch for Critical Font Driver Bug A flaw uncovered in connecti
Read more

Weekly Infosec News Brief - Oct 12-18

Image
New Flash Zero-Day Vulnerability Being Actively Exploited Last Tuesday, the same day that Adobe released their regular monthly patches, Trend Micro disclosed their discovery of a new zero-day vulnerability being exploited by the “Pawn Storm” hacking group. The observed activity is directed primarily against various nations’ foreign affairs ministries, but the vulnerability (CVE-2015-7645) is not publicly disclosed and may be subject to further exploitation. Adobe released a new out-of-cycle patch for the issue on Friday evening. http://www.cnet.com/news/another-security-flaw-affects-all-versions-of-adobe-flash/ http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-flash-zero-day-used-in-pawn-storm-campaign/ https://helpx.adobe.com/security/products/flash-player/apsa15-05.html Microsoft Releases Six Patches for IE/Edge, Office, Windows Last Tuesday, Microsoft released six updates that fix about 33 security issues in their browsers, in Windows, and in Office.
Read more