Rampant Cybersecurity Bulletin
December 2017
Latest Cybersecurity News
The latest cybersecurity news so that you can stay on top of what is going on in the cybersecurity world. Click titles below for more details.
1.4 Billion Cleartext Credentials Discovered in Single, Searchable Database
Android Bug Allows Attackers to Put Malicious Code in Signed Apps
25% of All Phishing Links Hosted on HTTPS Domains
Destinations Such As Facebook Routed Through Russia
US Government Attributes WannaCry to North Korea
Criminals Switch From RansomWare to CryptoCurrency Mining
Some HP Laptops Shipped With Keylogger
Botnet Exploits Zero-day in Huawei Routers
Previous Cybersecurity Bulletins
Not sure if you are vulnerable? Rampant specializes in vulnerability assessments and penetration testing for small & mid-size businesses!
New High Risk Vulnerabilities
You should be aware of the following vulnerabilities, and we recommend patching them immediately if they apply to your systems. Click titles below for more details.
EMC RSA Authentication Agent Web Server Security Bypass
Atlassian Hipchat for Mac Desktop Client Code Execution
Apache Synapse Code Execution
Zoom Client for Linux Command Execution
QNAP Qsync for Windows Code Execution
Arq Backup for Mac Privilege Escalation
PHP Scripts Mall Car Rental Script SQL Injection
Reported: December 25, 2017
Affected Products: PHP Scripts Mall Car Rental Script
Details: : A remote attacker can send SQL statements to the admin/carlistedit.php script via the ‘card’ parameter and view, modify, add, or delete information from the back end database.
References:
https://www.phpscriptsmall.com/product/car-rental-script/
https://github.com/d4wner/Vulnerabilities-Report/blob/master/Car-Rental-Script.md
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17906
New Threat Advisories
You should be aware of the following threats and implement the recommended mitigations to ensure your systems are not impacted. Click titles below for more details.
Microsoft Office Memory Corruption Vulnerability Exploited in the Wild
TRITON - New ICS Attack Framework
- Where technically feasible, segregate safety system networks from process control and information system networks. Engineering workstations capable of programming SIS controllers should not be dual-homed to any other DCS process control or information system network”;
- “Leverage hardware features that provide for physical control of the ability to program safety controllers. These usually take the form of switches controlled by a physical key. On Triconex controllers, keys should not be left in the PROGRAM mode other than during scheduled programming events”;
- “Implement change management procedures for changes to key position. Audit current key state regularly”;
- “Use a unidirectional gateway rather than bidirectional network connections for any applications that depend on the data provided by the SIS”;
- “Implement strict access control and application whitelisting on any server or workstation endpoints that can reach the SIS system over TCP/IP”; and
- “Monitor ICS network traffic for unexpected communication flows and other anomalous activity”.
GnatSpy Mobile Malware Family
Recam Redux Spread Through Malicious Word Document