We have some exciting news to share.
We are combining our efforts with the analysts and researchers of OODAloop.com to provide enhanced reporting and analysis on threats and opportunities. The result: A new daily product of hand-curated cyber and risk intelligence that is more informative and more actionable.
You should see your first OODA Loop Daily Briefing on Tuesday 8 January 2019 shortly after 10am eastern.
Please let me know what you think of the new format. You can always reply to any of our newsletters to get directly to me.
Your subscription is still under your control. You can use the self service capabilities of MailChimp to update your email address, suspend delivery or unsubscribe using the links at the bottom of any of our emails.
Thank you and Happy New Year!
Avast launched its annual Threat Landscape Report, detailing the biggest security trends facing consumers in 2019 as collected by the Avast Threat Labs team.
“This year, we celebrated the 30th anniversary of the World Wide Web. Fast forward thirty years and the threat landscape is exponentially more complex, and the available attack surface is growing faster than it has at any other point in the history of technology,” commented Ondrej Vlcek, President of Consumer at Avast.
Read about the findings of the new Avast report on Help Net Security.
The CERT Coordination Center (CERT/CC) has published data on vulnerabilities affecting versions of Microsoft Windows and Windows Server.
Microsoft had issued an advisory for CVE-2018-8611, a Windows kernel elevation of privilege bug that exists when the Windows kernel fails to properly handle objects in memory. An attacker who exploited this flaw could run arbitrary code in kernel mode. The company also issued CVE-2018-8626 for a Windows DNS server heap overflow vulnerability. A remote code execution flaw exists in Windows DNS servers when they don’t properly handle requests, Microsoft explains.
Read more about the critical Windows flaws on DarkReading.
Many organizations have DevOps on their mind going into 2019. Firms will confront growing complexity and risk as they work to scale their DevOps initiatives in 2019. Part of this risk will come from their containers, for many organizations still lack transparency into these software pieces.
If they are to adequately mitigate their risk and minimize their exposure to digital threats, organizations will need to secure their containers. But are they prepared to do this? Tripwire’s State of Container Security Report found that 60 percent of organizations had been hit with at least one container security incident within the past year.
Read more about the findings of the new report on Tripwire.
In January of 2018, the world was introduced to two game-changing CPU vulnerabilities, Spectre and Meltdown, that brought “speculative execution side-channel vulnerability” into the enterprise IT security lexicon. Since then, a number of variants of the initial vulnerabilities have been found, along with new vulnerabilities taking advantage of similar functions within the CPUs.
Intel kicked off 2019 with a Jan. 2 editorial laying out its response to the Spectre and Meltdown vulnerabilities over the past year. The chip giant says the culture of the company has changed since the advent of Spectre and Meltdown, and its response has been effective. But vulnerabilities in the core of a CPU tend not to lend themselves too rapid, complete fixes, Intel says.
Read more about Intel’s response to Meltdown & Spectre on DarkReading.
Fewer Marriott guest records that previously feared were compromised in the massive data breach, but the largest hotel chain in the world confirmed that approximately 5.25 million unencrypted passport numbers were accessed. The compromise of those passport numbers has raised alarms among security experts because of their value to state intelligence agencies.
The FBI is leading the investigation of the data theft and investigators suspect the hackers were working on behalf of the Chinese Ministry of State Security, the rough equivalent of the CIA. The hackers also accessed about 20.3 million encrypted passport numbers. There is no evidence that they were able to use the master encryption key required to gain access to that data.
Read more about the Marriott data breach investigation on SecurityWeek.
Over the weekend, a hacker gained unauthorized access to the Queensland EWN, or Early Warning Network, and used it to send a spam alert via SMS, landline, and email to the company’s subscribers.
EWN is a service offered by Australian company Aeeris that allows Australian councils, or local governments, to send emergency alerts regarding extreme weather, fires, evacuation information, or incident responses. The unauthorized alerts stated that “EWN has been hacked. Your personal data is not safe.” They then went on to tell recipients to email email@example.com to unsubscribe from the service.
Read more about the security breach on BleepingComputer.
Amid a maelstrom of cybersecurity threats and rampant hacking attempts that leverage the power of the IoT against itself, organizations are forced to realize that they are on the losing side of this war.
As such, market vendors have no choice but to enhance their cybersecurity arsenal with more sophisticated tools which allow a deeper understanding of their users, devices, and systems. This will drive the security analytics market toward an impressive revenue of $12 billion by 2024, according to ABI Research.
Read more about the prognosis by ABI Rresearch on Help Net Security.
Singapore Airlines (SIA) says a software glitch was the cause of a data breach that affected 285 members of its frequent flyer programme, compromising various personal information including passport and flight details.
The “software bug” surfaced after changes were made to the Singapore carrier’s website on January 4 and enabled some of its Krisflyer members to view information belonging to other travellers, SIA told ZDNet in an email.
Read more about the Singapore Airlines data breach on ZDNet.
A group of hackers has published the personal details of hundreds of German politicians, but also German artists and local YouTube celebrities.
The data was uploaded online and later promoted via Twitter, starting a few days before the Christmas holiday. The source of the data appears to be the victims’ smartphones. Details about how the data was stolen and exfiltrated from infected phones remain unclear, at the time of writing. According to German news outlets [1, 2, 3], the leaked data contains names, home addresses, phone numbers, email addresses, photo IDs, personal photos, and personal chat histories.
Read more about the disturbing data leak on ZDNet.
The website of Luas, the tram system operating in Ireland’s capital city of Dublin, has been taken offline this morning after hackers defaced the site and demanded a ransom be paid within five days.
Early morning visitors to the website were greeted with a message from the hackers, claiming that data had been stolen from operator Transdev Ireland, and would be published on the internet unless a ransom demand of one Bitcoin (approximately 3,300 Euros or US $3,800) was paid. In the message, the hackers claim that they previously contacted the tram operator about security vulnerabilities and were aggrieved that they received no response.
Read more about the attack on the Luas website on Tripwire.
A passel of privilege-escalation vulnerabilities in MacPaw’s CleanMyMac X software would allow a local attacker to gain root access to an Apple machine in various ways. CleanMyMac X is a cleanup application for MacOS that optimizes the drives and frees up space by scanning for unused, redundant or unnecessary files and deleting them. No fewer than a dozen flaws plague 4.0 and earlier versions of the software, all of them in the package’s “helper protocol.”
The helper functions of the software run as root functions and the flaws arise from the fact that they can be accessed by applications without validation – thus giving those applications root access.
Read more about the critical flaws in CleanMyMac X software on Threatpost.
Researchers have spotted a new Android malware hidden behind six different Android applications that were available for download in Google Play. The six apps include Flappy Birr Dog, Flappy Bird, FlashLight, Win7Launcher, Win7imulator, and HZPermis Pro Arabe. Out of these six apps, five have been removed from Google Play since February 2018.
However, these applications have been downloaded at least 100,000 times by users across 196 countries with the majority of victims residing in India.
Read more about the massive Android malware campaign on Cyware.
A new version of the NRSMiner is actively spreading in the southern region of Asia. The majority of detections (54%) have been found in Vietnam, followed by Iran (16%) and Malaysia (12%). The new version either updates existing NRSMiner infections, or spreads to new systems using the EternalBlue exploit.
EternalBlue is one of the NSA exploits stolen by the Shadow Brokers and leaked to the public. It was patched by Microsoft in March 2017, leaked by Shadow Brokers in April 2017, and used by WannaCry in May 2017. That EternalBlue is still being used to spread malware nearly two years after it was patched by Microsoft points to a massive failure in patching.
Read more about the new NRSMiner attacks on SecurityWeek.
A hacker has stolen the personal details of 7.6 million users of browser-based game the “Town of Salem,” BlankMediaGames (BMG) has admitted in a blog post. The hack came to light after a mysterious person sent a copy of the stolen data to DeHashed, a commercial data breach indexing service.
DeHashed says it spent all the Christmas and New Year holiday trying to contact BMG and alert the game maker of the hack and its still-compromised server. The hacked servers were finally secured and “multiple backdoors removed” this week. The compromised information appears to include, usernames, email addresses, encrypted passwords, IP addresses and more.
Read more about the Town of Salem data breach on ZDNet.
Adobe released security bulletin APSB19-02 that describes two security updates for critical vulnerabilities in Adobe Acrobat and Reader. In these updates only two vulnerabilities were fixed, but they are classified as Critical because they allow privilege escalation and arbitrary code execution.
The first vulnerability was assigned ID CVE-2018-16011 and is a use after free bug that could allow arbitrary code execution. The second vulnerability was assigned CVE-2018-19725 and allows attackers to execute code at a higher privilege level.
Read more about the critical Adobe vulnerabilities on BleepingComputer.
Emotet, a nasty botnet and popular malware family, has proven increasingly dangerous over the past year as its operators adopt new tactics. Now armed with the ability to drop additional payloads and arriving via business email compromise (BEC), it’s become a major threat to organizations.
Security watchers are wary of Emotet, which was among the first botnets to spread banking Trojans laterally within target organizations, making removal difficult. After ramping up in early 2018, Emotet increased again during the holiday season. Through the start of 2019, the malware continued to spread.
Read more about the rise and rise of the Emotet botnet on DarkReading.
Abine, the company behind the Blur password manager and the DeleteMe online privacy protection service, has revealed a data breach impacting nearly 2.4 million Blur users. The breach came to light last year, on December 13, when a security researcher contacted the company about a server that exposed a file containing sensitive information about Blur users.
The company said it followed this initial report with an internal security audit to determine the size of the breach. The audit concluded last week, and the company made the data leak public on Monday in a post on its blog.
Read more about the massive Blur data leak on ZDNet.
A new hacking campaign is underway that is targeting Chromecast adapters, Smart TVs, and Google Home in order to play a YouTube video promoting PewDiePie’s YouTube channel.
Since the battle to have the most subscribers began between the YouTube channels of PewDiePie and T-Series, a hacker who goes by the name TheHackerGiraffe has been performing creative attacks that promote PewDiePie’s channel. First they sent print jobs promoting PewDiePie to Internet-connected printers. Now they are targeting Internet-connected devices that support Chromecast and forcing them to play a YouTube video.
Read more about the new hacking campaign on BleepingComputer.
A vulnerability recently patched by Google in Chrome for Android was an information disclosure bug that was originally reported in 2015, but not patched until the release of Chrome 70 in October 2018, security researchers say.
The issue is that the browser – along with WebView and Chrome Tabs for Android – discloses information about the hardware model, firmware version, and security patch level of the device it is installed on. Applications using Chrome to render web content are also impacted.
Read more about the Chrome for Android vulnerability on SecurityWeek.