Security Roundup - 2017-12-08

Card Skimmers On The Rise. I’ve previously posted about credit card skimmers. According to FICO, credit and debit card compromise has increased 70% YoY. Worried? Read this article on how to avoid and be aware when using your card.

Dirty COW not yet out to pasture. Last year, a major vulnerability called Dirty COW made the rounds, as a local privilege escalation problem in Linux distributions (including Android). Now, more than a year later, researchers have discovered that an edge case not covered by the original patch allows the same bug to be exploited. A patch is already available, and the flaw can also be mitigated with changes config, but the fact that it was patched incorrectly for over a year should be worrying.

Wordpress Hacks Leave Keyloggers. Hacking Wordpress sites are great for attackers to do things like host malware, run cryptocurrency miners, and now run keyloggers to try and harvest usernames and passwords. Read the article for Sucuri’s findings.

Rundown on OSX ‘root’ password problem. Apple recently fixed an issue where a user could log in to the root account with a blank password (even remotely!). If you want to know the nitty gritty of why, check out Objective-See’s deep dive on the subject.

Old Exploit for Serial-To-Ethernet devices still very prevalent. Many old serial devices have been hooked up the internet via Serial to Ethernet connectors manufactured by a number of companies. A set of these devices from Lantronix has an exploit (since 2012!) which returns the telnet password in plaintext and, since these devices have not been patched (since 2012!), means another several thousand devices exploitable on the internet.

New Mirai Variant Potentially Leverages 0-day. Yet another variant of Mirai has made waves this week, with a sudden takeover of over 100K devices. This wave of exploits appears to be targetting a port on Huawai devices which is not known to have an exploit, on top of a username/password list containing 65K entries.

Andromeda Botnet Shut Down. However, while Mirai’s family thrives, Andromeda’s family dies as law enforcement agencies coordinated with industry leaders to shut down the Andromeda botnet. This botnet has been alive since 2011 and used to deliver malware, including 80 different malware families in the last 6 months alone.

Uber breach sparks punitive bill. With the news of Uber covering up a break coming to light, some US Sentators have pushed forward the “Data Security and Breach Notification Act”, intended to unify breach notification laws across states. It also, however, entails jail time for those that willfully conceal breaches which may have impacted Uber’s decision to try to disguise their breach payout as a bug bounty.

Verizon releases 2017 Data Breach Investigation Report. Now in it’s 10th year, Verizon has again released an in depth look at breaches. This year also includes a summary report to give some highlights, which include:

  • Unsurprisingly, malware is used in just over half of all breaches
  • Still unsurprising, 43% including a social/phishing aspect
  • 61% of companies are those with less than 1000 employees
  • With the wake of many breaches involving leaked passwords, password stuffing attacks being a cause of breaches has gotten a sharp incline. The ease of which this works makes it just too easy for attackers.

Check out the full report if you are interested in details broken out by industry!

Written on December 8, 2017