Week 01

A security researcher has disclosed details of an important vulnerability in Microsoft Outlook for which the company released an incomplete patch this month—almost 18 months after receiving the responsible disclosure report.

The Microsoft Outlook vulnerability (CVE-2018-0950) could allow attackers to steal sensitive information, including users’ Windows login credentials, just by convincing victims to preview an email with Microsoft Outlook, without requiring any additional user interaction.

The vulnerability, discovered by Will Dormann of the CERT Coordination Center (CERT/CC), resides in the way Microsoft Outlook renders remotely-hosted OLE content when an RTF (Rich Text Format) email message is previewed and automatically initiates SMB connections.

https://thehackernews.com/2018/04/outlook-smb-vulnerability.html

https://www.darkreading.com/threat-intelligence/tracking-bitcoin-wallets-as-iocs-for-ransomware-/a/d-id/1331016

Interesting article in relation to bitcoin wallets and the new cryptocurrency’s.

 

 

The Sacramento Bee, a newspaper that is published in Sacramento, was recently hit with a ransomeware in two of its databases that were on a third -party server. It was first discovered by an employee followed by a tip from a reporter. Among one of the affected databases, it contained California voter registration data that was received from the California Secretary of State for reporting purposes. The Bee is reaching out to those whose information were compromised.

https://www.darkreading.com/attacks-breaches/sacramento-bee-databases-hit-with-ransomware-attack/d/d-id/1331023

Unpatched DoS Flaw Could Help Anyone Take Down WordPress Websites

https://thehackernews.com/2018/02/wordpress-dos-exploit.html

According to this article “Unpatched DoS Flaw Could Help Anyone Take Down WordPress Websites”, it describes that a simple but serious application-level denial of service (DoS) vulnerability has been discovered in WordPress CMS platform that could allow anyone to take down most WordPress websites. This vulnerability was discovered by Israeli who is a security researcher at Barak Waily blog website. He states that the vulnerability resides in the way “load-scripts.PHP,” which is a built-in script in WordPress CMS to processes user-defined requests. Load-scripts.php file is been designed for admin users to help a website improve performance. However, there is a vulnerability that user can force to load-scripts.php to get all possible JavaScript files from this user.

Over 2,000 WordPress websites have been found infected with a piece of Crypto-mining malware. The malware does not only steal the resources of visitors’ computers to mind digital currencies, but also logs visitors’ every keystroke. Researchers have discovered a malicious campaign that infects WordPress websites with a malicious script that delivers an in-browser cryptocurrency miner from Coinhive and a keylogger.

Coinhive is a popular browser-based service that offers website owners to embed JavaScript to utilize CPUs power of their website visitors in an effort to mine the Monero cryptocurrency. Researchers also stated that the actors behind this new campaign are the same ones who infected more than 5,000 WordPress websites last month. They identified this since both campaigns used keylogger/cryptocurrency malware called cloudfire[.]solutions.

Cloudfire[.]solutions is a cryptocurrency mining malware and is not related to network management and cybersecurity firm Cloudflare. Since the malware used cloudfire[.]solutions domain to spread the malware, it has been given this name.

https://thehackernews.com/2018/01/wordpress-keylogger.html

https://www.bleepingcomputer.com/news/security/hospital-pays-55k-ransomware-demand-despite-having-backups/

Pretty simple story here- the hospital determined that they’d rather not have the downtime while they restored their backups, so they just paid the ransom. While the decision makes sense, it’s definitely interesting to consider where the line is for many businesses. For a hospital where lives are on the line, speed will probably beat cost as long as it’s reasonable.

It’s also interesting to think about how much your personal and work backups would be worth… It’s easy to put a number on a work backup where you know the amount of time/cost which went into the files, but how much would your personal data be worth to you?

Hello, figured I’d just do a quick intro as a test post this week.

I am Kevin Blankenship. I’m expecting to graduate the ITACS program this summer. Alongside this class I am taking Computer Forensics with Larry Brandolph. I currently work at QVC as an applications security engineer, focused on vulnerability management. My wife and I welcomed our first kid 1 month ago, so he is keeping us extremely busy. Looking forwards to a good semester with everyone!

Are you in the mood for love, but forgotten what love is?

Valentine’s Day is a day when people of all ages express their “love” towards people very close to them.  Elementary schools are engaging in Valentine’s day activities, and some of us even go to the lengths of wearing as much red as possible.  The feeling of love, need, and affection is a wonderful emotion to have, but those of us who may not have that special someone may fall victim to a not-so-special someone.

CNBC reports that Valentine’s Day and the days leading up to the holiday are ripe for online scams.  The type of scams that run rapid are what some people may know as “Catfishing”.  This is when you develop an online relationship with someone who is pretending to be another person, or duping you into believing something that is not true.  Like money troubles.

These types of scams are difficult to identify because many virtual or semi-virtual (face-to-face only 1 or 2 times) relationships revolve around trust.  The person being scammed may not even know they are being scammed.  For instance:  A person met someone online.  Met this person at a coffee shop or bar 1 or 2 times.  Gives a story about how they moved out of the area, but really had a great time and want to keep in touch.  They continue a virtual relationship with several emotional, but non-sexual exchanges remotely.  Then, they start the probing to determine if you will start paying their bills by elaborating on personal troubles and exaggerating hardships to encourage financial support, as well as the dozen flowers you sent on Valentines’s day!

Fake websites selling Valentine’s day gifts are also popular right now.  These sites may be on the top of search engines, or a banner on reputable site.  They redirect you to another site for you to enter your credit card information.  Webroot found a 220% increase in malicious URL’s before Valentine’s day last year.

Romance fraud exceed $230 million in 2016, and represents most financial losses of all internet crimes.  This was reported by the FBI.

As cyber security professionals, sometime we don’t think about “catfishing” as a potential problem.  Is it in our scope of work to identify if the CFO just got divorced and is using a dating website that may be filled with these scammers?  If we were to use FIPS 199 on our employee assets, and conducted a risk assessment on our human resources, would the CFO be a “HIGH” and would the risk assessment include his divorce and/or dating website involvement?  These are rhetorical questions, but the point is that we should be conscious of the largest internet scam in 2016.

https://www.cnbc.com/2018/02/09/watch-out-for-these-valentines-day-scams.html

This is a really interesting article that talks about how a piece of malware is stealing credit card information.

 

https://thehackernews.com/2018/02/pos-malware-dns.html

Companies in the UK that fail to protect themselves effectively from hackers could be fined up to £17m.

http://www.bbc.com/news/technology-42861676?intlink_from_url=http://www.bbc.com/news/topics/cz4pr2gd85qt/cyber-security&link_location=live-reporting-story

The UK government is cracking down on cyber malpractice. The article states if companies fail to protect themselves from cyber crimes they will be fined.

Due to the data and services energy, transport, water and health companies provide, they are expected to have the most robust safeguards. Under a new government directive the cyber security practices at these companies will be inspected by regulators.