The Cyber Security Landscape – June 17, 2015

 It’s been an active start to the month of June. One of the industries own was hit with a very sophisticated hack. Russia’s Kaspersky, a world leader in Anti-Virus and Anti-Hacking software, was the victim of a hack dubbed Duqu 2.0. June has seen 304 new software vulnerabilities so far, including eight Microsoft Patch Tuesday critical exploits.

WatchPoint Data has compiled a list of the most serious vulnerability threats for the week ending June 12th. We want to keep our readers abreast of any issues around software vulnerabilities that may affect their business. As you know from reading this blog, software vulnerabilities are one of the main ways that hackers use to get malware onto your computer network. Software vulnerabilities are like holes in software that leave your computer open to a security exploit. One of the most effective ways of dealing with this type of security problem is to keep your software patched and updates promptly applied. Knowing about software vulnerabilities and if the vendor has a patch available to close up that security hole is an important part of your security strategy.

To get you up to speed on where we are in term of the number of software vulnerabilities currently identified, in May there were a total of 410 vulnerabilities found, and as of mid-June we’ve already got 304 identified software vulnerabilities waiting for hackers to exploit.

Some of the latest cyber threats and software vulnerabilities for the week ending June 12th are shown below. We’ve identified vulnerabilities that are particularly concerning for SMBs with a WatchPoint Data logo next to them - keep an eye out for these and make sure you’re patched and current with your software updates.

OpenSSL Vulnerabilities - LogJam. You have heard of Heartbleed - the malware that used vulnerabilities in OpenSSL, a protocol used for internet communications. Further vulnerabilities in OpenSSL have led to a new attack known as LogJam which is an attack on the encryption exchange protocol, Diffie-Hellman. OpenSSL patches have been released to try and overcome these issues which have been affecting all modern web browsers.https://www.schneier.com/blog/archives/2015/05/the_logjam_and_.html

Cisco Denial of Service Cisco Carrier Routing System 3 (CRS-£) has a vulnerability in the router software that allows an attacker to cause a Denial of Service (DOS) attack.http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150611-iosxr

Critical Internet Explorer and Microsoft Office patch released. Microsoft has released patches to handle a software vulnerability in Internet Explorer and Microsoft Office that can potentially allow a hacker to gain administrative rights to their computer.https://technet.microsoft.com/en-us/library/security/ms15-jun.aspx

Multiple Windows Server kernel-mode driver vulnerabilities. A number of Windows servers are affected by the software vulnerability in thewin32k. sys file of the kernel mode drivers. This can allow hackers to gain administration privileges and cause a Denial of Service (DOS) attack.https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2360

Novell Zenworks configuration management vulnerability. This software vulnerability can allow hackers to execute malicious code.https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2360

Multiple updates from Adobe for their Flash PlayerThese software vulnerabilities in Adobe’s Flash player could allow an attacker to take control of the affected computer. These updates address a critical vulnerability in the software and should be patched urgently.https://helpx.adobe.com/security/products/flash-player/apsb15-11.html

Linux Kernel Vulnerability Remote attackers can cause a Denial of Service (DOS) attack or execute malicious code using this vulnerability in the Linux Kernel.https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4002

Intel McAfee ePolicy Orchestrator (ePO)The Java core web services has a Cross-site Scripting vulnerability allowing remote hackers to inject malicious scripts and HTML into web pages. A patch has been released.https://kc.mcafee.com/corporate/index?page=content&id=SB10121Duqu 2.0

Duqu 2.0. A zero-day vulnerability exploit within the Windows Kernel allowed this malware exploit to run rampant, initially in Kaspersky only, to gather intellectual property and other proprietary information from their labs, and then in other organizations. It is believed the vector for the malware was via a stolen Taiwanese hardware manufacturer, Foxconn, digital certificate. Foxconn supplies hardware to many well-known US based companies, including Microsoft, Dell and Google.

[1] Information is obtained from a number of sources, including United States Computer Emergency Readiness Team (US-Cert), Bruce Schneier On Security newsletter, Microsoft Security Bulletin, CVE Details, Adobe Security Bulletin, National Vulnerability Database (NIST), SecureList and so on.

An interesting security map to check out to see threats in real-time is here: http://map.ipviking.com