Tripwire’s June 2018 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft and Adobe.First on the patch priority list this month are patches for Adobe Flash Player for Windows, Macintosh, Linux, and Chrome OS. These Adobe Flash patches address type confusion, integer overflow, out-of-bounds read, and stack-based buffer overflow vulnerabilities. Note that Adobe is aware of a report that an exploit for CVE-2018-5002 exists in the wild and has been used in targeted attacks against Windows users.Next on the patch priority list this month are patches for Microsoft Browsers, Edge, and Scripting Engine. The patches for Internet Explorer resolve a security feature bypass vulnerability and two Memory Corruption vulnerabilities. The patches for Edge resolve memory corruption, information disclosure, and security feature bypass vulnerabilities. Finally, the patches for Microsoft Scripting Engine address three memory corruption vulnerabilities, one of which is rated as a 1 on the Microsoft Exploitability Index (Exploitation More Likely).Up next are patches for Microsoft Excel, Office, and Outlook. These patches address three elevation of privilege vulnerabilities along with an information disclosure vulnerability and a remote code execution vulnerability.Next are patches for Microsoft SharePiont that resolve two elevation of privilege vulnerabilities.Next are patches for Microsoft Windows. The June patch drop for Microsoft Windows contained patches for 23 vulnerabilities spread across Cortana, HIDParser, HTTP.sys, Media Foundation, NTFS, Webdav, Win32k, Windows wireless network profile service, Hyper-V, GDI, DNSAPI, Kernel, and Desktop Bridge. These included elevation of privilege, denial of service, memory corruption, information disclosure, and remote code execution vulnerabilities.Last for the month are patches for Microsoft Device Guard, which resolve seven security feature bypass vulnerabilities.To learn more about Tripwire’s Vulnerability and Exposure Research Team (VERT), click here.
Dixons Carphone said hackers attempted to compromise 5.9 million payment cards and accessed 1.2 million personal data records. The company, which was heavily criticised for poor security and fined £400,000 by the ICO in January after been hacked in 2015, said in a statement the hackers had attempted to gain access to one of the processing systems of Currys PC World and Dixons Travel stores. The statement confirmed 1.2 million personal records had been accessed by the attackers. There are no details released to explain how the hackers were unable to get access to such large quantities of personal data, just a typical cover statement of “the investigation is still ongoing”. It is likely this incident occurred before the GDPR law kicked in at the end of May, so the company could be spared the new more significant financial penalties and sanctions the GDPR gives the ICO, but it is certainly worth watching the ICO response to a repeat offender which had already received a record ICO fine this year. The ICO (statement) and the NCSC (statement) both have released statements about this breach.
Ticketmaster reported the data theft of up to 40,000 UK customers, which was caused by security weakness in a customer support app, hosted by Inbenta Technologies, an external third-party supplier to Ticketmaster. Ticketmaster informed affected customers to reset their passwords and has offered (to impacted customers) a free 12-month identity monitoring service with a leading provider. No details were released on how the hackers exploited the app to steal the data, likely to be a malware-based attack. However, there are questions on whether Ticketmaster disclosed and responded to the data breach quick enough, after digital banking company Monzo, claimed the Ticketmaster website showed up as a CPP (Common Point of Purchase) in an above-average number of recent fraud reports. The company noticed 70% of fraudulent transactions with stolen payment cards had used the Ticketmaster site between December 2017 and April 2018. The UK’s National Cyber Security Centre said it was monitoring the situation.
TSB customers were targetted by fraudsters after major issues with their online banking systems was reported. The TSB technical issues were caused by a botched system upgrade rather than hackers. TSB bosses admitted 1,300 UK customers had lost money to cyber crooks during its IT meltdown, all were said to be fully reimbursed by the bank.
The team behind the Trezor multi-cryptocurrency wallet service has discovered a phishing attack against some of its users that took place over the weekend. The Trezor team says “signs point toward DNS poisoning or BGP hijacking” as the means attackers hijacked legitimate traffic meant for the official wallet.trezor.io domain but redirected these users to a malicious server hosting a fake website. An investigation is still underway to determine the exact cause. Tim Helming, Director of Product Management at DomainTools commented below.
designed for unprivileged use
apply tailored access controls perprocss
make it evolve over time
This is an ongoing research that is not yet completely implemented but it’s still possible to install and play with it. It looks promising. Then, Pierre Chifflier (@) presented “Security, Performance, which one?”
Four in 10 UK CEOs believe becoming a victim of a cyber attack is now a case of ‘when’ and not ‘if’ for their organisation, according to a survey of CEOs from some of Britain’s biggest businesses.
In the current case, “Operation: Dark Gold”, perhaps as a demonstration that the old “Follow the Money” rule can work even in these modern times, law enforcement posed as cryptocurrency exchangers, offering attractive conversion rates to USD even for those clearly involved in criminal activity. After Alexander Vinnik’s BTC-e exchange was shuttered, with the owner accused of facilitating the laundering of $4 Billion in illicit funds, Dark Market vendors had a real problem! How do you turn a few million dollars worth of Bitcoin into money that you can spend in “the real world?”
According to observations from our experts, ransomware is on the decline, and a new menace has taken its place at the top of the threat charts: Malicious cryptocurrency mining is on the rise. The total number of users who encountered miners rose from 1,899,236 in 2016–2017 to 2,735,611 in 2017–2018. And with increasing frequency — and greater danger to victims — miners are switching to business targets.
The frequency and severity of cyber attacks and data breaches has risen significantly in the last few years, as attacks increase in volume and variety. This exponential growth of the cyber threat is confirmed by figures from Business Continuity Institute (BCI), which have revealed that 53% of UK firms now consider a cyber attack as the main threat facing them in the near future.
For years, cybersecurity was considered a “check-the-box” discussion during the merger and acquisition (M&A) process. It was almost always examined to ensure there weren’t any glaring issues or major red flags—but due to limited time resources, or the ability to parse out qualitative responses during M&A from real performance, there wasn’t a great deal of importance placed on it. Very few transactions would be prevented due to cyber security practices today, however each M&A does require a financial business case created regardless. This may be as simple as assessing integration costs.
New research released today shows that public sector organisations face increased financial pressure as a result of the recently implemented General Data Protection Regulation (GDPR), to the tune of £30million per year. The NHS is expected to be hit hardest by the influx in data requests, given that before the introduction it cost the NHS £20.6million per year to retrieve customer data.
Yesterday The Europas, the European Tech Startup Awards and Unconference once again held its annual jamboree in London, throwing together an afternoon of deep-dive panel discussions on the hottest topics in tech, a “Pitch Roulette” session of early-stage startup pitches, and a glittering Awards ceremony, honouring the hottest startups, unicorns founders, investors and blockchain projects in the European ecosystem.
In a document delivered to Congress, Facebook has admitted sharing users’s data with 61 hardware and software makers as well as sharing it with app developers. Chris Olson, CEO at The Media Trust commented below.
In this video, Tulin discussed vulnerability disclosure policies and bounty program and what it means to organization. How the organization should develop an effective bounty program and what is required?
Can you guess what this is? It’s not a vandalized version of Malevich’s Black Square.
Simply put I found a backdoor, both remotely into their intranet and also while working on the clock. For the first time in my life, I did it without anyone else’s help. Every script was mine. But anyways…. the reason I am posting……
Ubuntu Security Notice USN-3699-1
July 03, 2018
Others should boost their security controls to get in sync with AB 375… or get ready to be sued hundreds of dollars for each personal record exposed in a breach.