The Cyber Security Landscape Software Vulnerabilities – June 23, 2015

WatchPoint Data has compiled a list of the most serious threats and cybersecurity news for this week. This week I want to mention a little bit about what a SQL Injection attack is. 

SQL Injection is one of the most productive mechanisms a cybercriminal can use against your company.It uses the front end of a web site or a web application to extract data from a database. Inserting a SQL Injection attack can be very simple. Typically a cybercriminal would use a field such as the username field that a user would enter information into; it isn’t the information the cybercriminal wants, instead it uses the mechanism associated with that field to perform the hack. In a SQL Injection attack, the field has to be one that is used to send information back to a database. Here, the cybercriminal will enter

a string of code. This code is then sent back to the database where it results in a ‘database query’, that is it tells the database to do something. This something may be to obtain the database administrator’s login credentials, which can then be used to access the entire database and literally anything in it. SQL Injection is a very easy way for a cybercriminal to get anything they want from a database, including credit card details, Personally Identifying Information (PII), and then use that information to commit further crimes.

Hack of the Week

It is alleged that officials from the St. Louis baseball team hacked into the computer systems of the Houston Astros, stealing proprietary information – this is an example of cyber espionage. The information included data such as how much players were being paid and types of scouting methods used. This attack is likely to have been fairly low in sophistication levels and probably an inside job. It’s alleged that one of the Cardinal officials had a set of master login credentials from a time when they worked for the Astros.

Stop Press: New SMB Targeted Malware

Another cybercrime attack on SMBs that is notable this week is that of ‘Hawkeye’ a key logger that uses social engineering (aka human behavior). Watch out for this one - it is targeting small to medium sized companies. It comes in an email that purports to be about holidays and contains an attachment that if installed on your computer will steal email and website login credentials.

Software Vulnerabilities Chart

Below shows the number of software vulnerabilities thru the end of May 2015 by month – we’ll be updating this each month so watch for the next installment:

Some of the latest cyber threats and software vulnerabilities for the last week are shown below[1]. We’ve identified vulnerabilities that are particularly concerning for SMBs with a WatchPoint Data logo next to them - keep an eye out for these and make sure you’re patched and current with your software updates.

Joomla: Joomla is a well-known CMS backend for websites. This vulnerability allows a SQL Injection vulnerability in the EQ Event Calendar component for Joomla. https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4654

Cisco Routing Engine (PRE): A memory leak allows remote authenticated users to cause a denial of service. http://tools.cisco.com/security/center/publicationListing.x

Drupal: Open ID module in Drupal allows remote attackers to log into other users' accounts. https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3236

Open SSL: More open SSL vulnerabilities – many web servers use Open SSL to protect communications across the web. Allows remote DTLS peers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unexpected application data. https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8176

VMWare Workstation: This software vulnerability allows an attacker to cause a denial of service against a 32-bit guest OS or 64-bit host OS. http://www.cvedetails.com/cve/CVE-2015-2341/

Samsung Galaxy S4, S4 Mini, S5, and S6 devices: SwiftKey language-pack update allows man-in-the-middle attackers to write to language-pack files by modifying an HTTP response. http://www.cvedetails.com/cve/CVE-2015-4640/

An interesting security map to checkout and see threats in real-time can be found here: http://map.ipviking.com.

[1] Information is obtained from a number of sources, including United States Computer Emergency Readiness Team (US-Cert), Bruce Schneier On Security newsletter, Microsoft Security Bulletin, CVE Details, Adobe Security Bulletin, National Vulnerability Database (NIST), SecureList, etc.