Author: Pulse Assent

Summary

QuickTime for Microsoft Windows is no longer supported by Apple and the current advice is to remove it from all Windows OS Devices devices.

The removal instructions can be found here https://support.apple.com/HT205771

QuickTime for Mac OSX is unaffected, can be considered to still be supported, and subject to security patches as required.

Further details

Two vulnerabilities have been found and published by the TippingPoint Zero Day Initiative (ZDI) and, as per their rules,…

Link: Apple QuickTime for Windows
Source: NCSC Alerts

Executive summary

A newly discovered OpenSSL security vulnerability, dubbed DROWN (Decrypting RSA with Obsolete and Weakened eNcryption), enables a 20 year old and long deprecated security protocol, Secure Sockets Layer (SSLv2), to be used to attack modern websites.

An attack exploiting this could decrypt secure HTTPS communications, which can be used to protect sensitive data in transit between your browser and the server. It is estimated that at least one-third of all websites could be…

Link: DROWN vulnerability
Source: NCSC Alerts

What is it?

This vulnerability could allow a malicious actor to send specially crafted data to trigger a stack overflow in the getaddrinfo() function in the glibc DNS client resolver code (‘resolv/nss_dns’) and execute arbitrary code on the target system. The code will run with the privileges of the target application using the glibc library.

This vulnerability has been assigned CVE-2015-7547 (https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html) but was introduced in…

Link: GlibC Vulnerability affecting Linux
Source: NCSC Alerts

New banking trojan discovered

Security researchers have discovered a new trojan targeting customers of banks, payment card providers, mobile service providers, payroll, webmail and e-commerce sites. Known as IcedID, the malware uses web browser manipulation techniques to trick users into entering their login credentials and payment authorisation details into malicious webpages. The malware affects systems infected by the highly persistent Emotet banking trojan that hijacks computers to form…

Link: Weekly Threat Report 17th November 2017
Source: NCSC Reports

Dating apps may put users’ personal data at risk

Researchers at Kaspersky Labs report that several popular online dating apps suffer from vulnerabilities in securing personal data. Users may be at risk of being deanonymized with their locations trackable and personally identifiable information (PII) in danger of being intercepted. Attackers could use the data for a variety of malicious purposes.

Poor security during data transmission is a common problem. For example, some apps upload…

Link: Weekly Threat Report 10th November 2017
Source: NCSC Reports

Fake speeding notices deliver malware

Police forces around the UK are warning motorists not to be taken in by a phishing email falsely informing them that they need to pay a speeding fine. The realistic-looking email, entitled ‘Notice of Prosecution’, claims to have ‘photographic’ evidence, but clicking on the associated link will upload banking malware to the victim’s device.

The email appears official, with the logos of either the local police force or ‘…

Link: Weekly Threat Report 3rd November 2017
Source: NCSC Reports

Bad Rabbit ransomware

This week, ‘Bad Rabbit’ ransomware infections have been reported in countries including Russia, Ukraine, Bulgaria, Turkey, Germany and Japan. The NCSC has not received any reports that the UK has been affected by this latest malware attack. The majority of infections have been in Russia, where media organisations were worst affected. Russia’s Interfax News Agency suffered outages to several of its services, including its news portal….

Link: Weekly Threat Report 27th October 2017
Source: NCSC Reports

KRACK – a fundamental flaw in Wi-Fi security

Security researchers from Belgium have found that the majority of Wi-Fi connections are potentially vulnerable to exploitation because of a fundamental weakness in the wireless security protocol – WPA2. The exploit is called “KRACK”, which is short for Key Reinstallation Attack. Reports suggest that at most risk are Linux operating systems, Internet of Things (IoT) devices and 41% of Android devices. However, many of these,…

Link: Weekly Threat Report 20th October 2017
Source: NCSC Reports

Cyber-enabled theft from Taiwanese bank

On 5th October 2017 Taiwan’s Far Eastern International Bank (FEIB) reported that it had fallen victim to a cyber-enabled theft. It is not yet known how much the attackers attempted to steal, but open source reports this figure could be as high as 60 million USD. FEIB states that, owing to errors by the criminals in their SWIFT[1] messaging configuration and efforts to recover the stolen money, estimated losses are less than 500,000 USD…

Link: Weekly Threat Report 13th October 2017
Source: NCSC Reports

Whole Foods Market credit card data breach

Whole Foods Market, a US-headquartered supermarket with a small UK presence, has reported it is investigating a credit card breach. The store warned of unauthorised access to the credit card data of customers using restaurants and ‘tap rooms’ in its stores. The cards used by customers at store checkouts are not thought to have been affected. Investigations are still underway; however, it is likely the card data was acquired through…

Link: Weekly Threat Report 6th October 2017
Source: NCSC Reports