Security Roundup - 2017-10-13

Credit Unions Serving Malicious Ads. Equifax issues continue this week, with one of their ad providers serving malware. While it is true that Equifax itself was not hacked, this further erodes trust if their supply chain is putting visitors at risk. Not to be left out, Transunion was also noticed to have the same problem.

Supply Chain Attack Rundown. Attacks like the above leverage the supply chain of services that a vendor uses. Malvertisements are nothing new, but supply chain attacks are increasing in both sophistication and frequency. Crowdstrike provides a brief rundown for anyone needing to catch up.

KnockKnock (but quietly). A brute force attack (but a sneaky one) against Office 365 accounts was discovered by researchers. KnockKnock, as it is called, was a targeted attack against a specific set of accounts for a specific set of companies using Office 365. The attack appears to have been spread out and coordinated across a wide number of ips. Attackers also singled out senior and/or long term employees, perhaps hoping they would be more likely to have access to sensitive information.

Attackers abuse overdraft functionality to milk ATMs. Follow along with this story, of attackers that social engineered their way into a bank’s infrastructure, stuck around, and then used their privileges to create new accounts and withdraw millions of dollars by abusing overdraft protection settings.

DNS requests could compromise your machine. In this week’s terrifying news, a Windows CVE was just patched that allowed a malicious DNS response to trigger remote access to someone’s machine. This applies in a number of scenarios, like using internet from a coffee shop, or from the airport. Full details can be found here.

Magento eCommerce Roundup. Lots of Magento related news this week, including Sucuri’s deep dive into a credit card stealing malware ring, this Detectify blog about how bad patching cadence is for some Magento users,and this announcement about PoC code for two patched exploits.

Disqus customer data exposed. Company promptly addresses. Disqus was made aware customer data being available this week, compromising 17.5 million accounts from 2007 to 2012. Overall, the company has excelled in their response. In under 24 hours, Disqus had accepted a report, validated the findings, reset user passwords and contacted customers. Their expedient behavior and transparency has blown away Troy Hunt, owner of and overall raised the bar for how to handle breach disclosures. Of course, user’s should make sure they are not reusing their passwords, which would leave them open to a credential stuffing attack.

Written on October 13, 2017