WatchPoint Data has compiled a list of the most serious threats for the past few weeks.
More news on the recent Federal Government Office of Personnel Management (OPM) attacks this week. It is now estimated that the original 4 million breached accounts has grown to over 18 million. This attack is looking more and more like the same sort of attack we mentioned in a previous post, Hawkeye, where cybercriminals target certain people and eventually steal key credentials from those persons which they then use to commit wider scale attacks. These sorts of attacks that use phishing and social engineering to get at key login credentials to then steal millions of user’s Personally Identifying Information (PII) are becoming more widespread because they are highly successful.
OPM update: The woes at the OPM continue and they have now had to shut down one of their systems, the ‘Electronic Questionnaires for Investigations Processing’ for up to 6 weeks to ensure security enhancements are in place.
Another interesting hack that I’m sure you’ll have heard of is the 2014 Sony hack. Still in the news as it’s now being described as the ‘Hack of the Century’ by Fortune magazine. I’m sure Sony doesn’t want the accolade, but there is a lesson to be learned by us all. The hack was initiated by phishing emails that targeted Sony executives. We need to be wary, train our staff to spot phishing emails, but this isn’t enough. When social engineering is used by cybercriminals to target us, it’s really hard to spot the signs, so we need to stop them at the source and patch software vulnerabilities; we’ve got to be more intelligent than the hacker.
A Week of Patches
Several companies released security patches this week including:
Apple, Inc. - If you think Apple is immune to security vulnerabilities, think again. This week Apple has released an IOS 8.4 security update that includes patches for over 20 security vulnerabilities. Some of these could allow remote code execution (aka install malware) and man in the middle attacks (where an attacker can intercept Internet communications and steal data).
Mozilla - A number of security vulnerabilities in Mozilla Firefox were also patched this week, including one where personal data could be sent along with a crash report.
Hack of the Week
Magento is a commonly used payment system on ecommerce sites. If you’ve used a commercial web hosting service, for example, they may well have used Magento to setup your merchant account to take sales on your behalf. Hackers are using software vulnerabilities in Magento to siphon off payment information from any ecommerce sites using the software. The exploit is being addressed, but it’s still an issue at the time of writing.
In the News
Adobe has released an emergency patch for a zero day vulnerability that was being exploited by hackers. Make sure you’re patched, otherwise you are at risk and your computer can be hijacked - particularly if you’re running Internet Explorer on Windows 7 or Firefox on Windows XP.
Cryptowall ransomware is on the prowl again. The Internet Crime Complaint Center (IC3) has warned that the ransomware is being targeted at individuals and businesses again and that businesses should be aware and take precautions such as having a good backup in place and ensuring patching is up to date.
Google has an updated version of Chrome (version 43.0.2357.130) out which addresses multiple software vulnerabilities. Exploitation of any of these software vulnerabilities can allow a cybercriminal to obtain sensitive information. Make sure you’re patched if you use Chrome.
Software Vulnerabilities Chart
Below shows the number of software vulnerabilities through the end of June, 2015 by month – we’ll be updating this each month so watch for the next instalment:
Some of the latest cyber threats and software vulnerabilities through July 9, 2015 are shown below[1]. Keep an eye out for these and make sure you’re patched and current with your software updates.
Woocommerce: The PayPal currency convertor in Woocommerce. Allows remote attackers to read arbitrary files via a full pathname in the requrl parameter. http://www.cvedetails.com/cve/CVE-2015-5065/
MySQL Lite: Multiple cross-site scripting (XSS) vulnerabilities in MySql Lite Administrator (mysql-lite-administrator) beta-1 allow remote attackers to inject arbitrary web script or HTML. http://www.cvedetails.com/cve/CVE-2015-5064/
ZoHo: Cross-site scripting (XSS) vulnerability in Zoho ManageEngine allows remote authenticated users with permissions to add new vendors to inject arbitrary web script or HTML. http://www.cvedetails.com/cve/CVE-2015-5061/
SAP: XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to read arbitrary files. http://www.cvedetails.com/cve/CVE-2015-5068/
Cisco Adaptive Security Appliance: Cisco Nexus devices contain a vulnerability that could allow an authenticated, local attacker to gain elevated privileges on a targeted system. http://www.cvedetails.com/cve/CVE-2015-4237/
Cisco Unified MeetingPlace: Contains a vulnerability that could allow an authenticated, remote attacker to conduct SQL injection attacks on a targeted system, http://www.cvedetails.com/cve/CVE-2015-4233/
Cisco Digital Content Manager: Contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service. http://www.cvedetails.com/cve/CVE-2015-4228/
An interesting security map to check out and see threats in real-time: http://map.ipviking.com
[1] Information is obtained from a number of sources, including United States Computer Emergency Readiness Team (US-Cert), Bruce Schneier On Security newsletter, Microsoft Security Bulletin, CVE Details, Adobe Security Bulletin, National Vulnerability Database (NIST), SecureList and so, on
