Netizen Cybersecurity Bulletin: 14 November 2018
In This Issue:
In this week’s issue, you’ll find information regarding the most current critical threats and preventative measures to lessen the chances of a breach.
- Planning Holiday Travel? Check Your Rewards Account
- WooCommerce WordPress Plugin Vulnerability
- 2018 To Be 2nd In Breaches
- Multiple Critical Cisco Vulnerabilities
- Phish Tale of the Week
- How can Netizen help?
Planning Holiday Travel? Check Your Rewards Account
Summer is in our rear-view mirror, but the year-end holiday season is fast approaching. Make sure you remain cyber-aware as you plan sightseeing or to visit relatives.
Last month, Radisson Rewards, part of the Radisson Hotel Group, announced a data security incident that affected some of its Rewards members. There was no reported financial data exposed, but there were leaks of customer names, email addresses, phone numbers, their employer’s name, and frequent flyer numbers the member may have had on file.
As far as data breaches go, this one was fairly minor. However, the data exposed could be used in phishing campaigns designed to target users with specific information.
Consider: had your data been leaked in the Radisson exposure noted above, you could receive an email with a subject line including your employer’s name, perhaps mentioning a discount on travel because of a corporate deal. A text message could be sent to your mobile phone, indicating it is from your HR office, asking to call to confirm your data.
These were just two examples of how some innocuous data from a travel rewards site could be weaponized against you. Everyone needs to be on guard at all times, and question suspicious requests for personal or credit card information.
WooCommerce WordPress Plugin Vulnerability
The popular WooCommerce WordPress plugin that makes up around 35% of e-stores online has been found to contain a new vulnerability that could compromise your online store.
The vulnerability allows for malicious or compromised privileged user to gain full control over any unpatched websites. Because of the way that WordPress handles user privileges, and a WooCommerce file deletion vulnerability can allow an account with a “Shop Manager” role to reset the administrator’s account password and take control of the website.
The fix for this vulnerability has been acknowledged and fixed in versions 3.4.6 and above, and it is highly advised to update both WordPress and Woocommerce plugins as soon as possible.
2018 To Be 2nd In Breaches
2018 has not been kind to the data of organizations across the world. Between Jan 1st and Sept 30th, there were 3,767 breaches that exposed 3.6 billion records. The good news is that the reported number of data breaches is down 8% and the amount of actual records exposed is down 49% compared to the same time frame last year.
Seven of the largest breaches this year exposed over 100 million records, and the ten most significant breaches accounted for more than 80% of all records compromised. The most notable companies that suffered data breaches this year were Facebook, Under Armor, Ticketfly, and Hudson’s Bay Company.
That there were less overall breaches and records compromised this year does not necessarily mean the problem is improving. One thing that has not happened so far this year is that there are no events comparable to WannaCry and Petya/NotPetya, which were each catastrophic events. It’s also likely that attackers have focused on crypto-mining as a source of revenue more this year compared to 2017.
Insiders were behind the largest proportion of data breaches so far this year, accounting for almost 36% of the breaches. At least 30 of 51 breaches involving intellectual property came from within organizations.
That insiders were responsible for the most significant amount of compromised data does not mean outsider threats can be forgotten about. Outside hackers still accounted for the largest number of security incidents in most organizations.
All this information should remind you of the importance of training of staff to recognize both insider threats and minimal practices to lower the chances of an outside actor gaining unauthorized access to your data.
Multiple Critical Cisco Vulnerabilities
More critical Cisco vulnerabilities have been discovered, each affecting different products. The threats posed by these weaknesses range from remote attack to the execution of arbitrary commands or bypassing user authentication. While most of the vulnerabilities did have a medium severity rating, three, in particular, were of a critical nature. The following is an overview of the items affected:
Cisco Unity Express (CUE)
An arbitrary code execution flaw in the CUE can allow attackers remote access with root level privileges due to insecure deserialization of user-supplied content by the affected software. The vulnerability (CVE-2018-15381) affects releases prior to the 9.0.6 patch.
Cisco Stealthwatch Management Console (SMC) Authentication Bypass
This particular vulnerability is the result of an insecure system configuration. An attacker would be able to send a modified HTTP request to an application. A successful exploit would grant unauthenticated access, giving elevated privileges within the SMC. Vulnerability CVE-2018-15394 affects the SMC release 6.10.2 and earlier; the fix lies in patch 6.10.3.
Awaiting Patches for Cisco Small Business Switches
The vulnerabilities within the current patch level of these switches exist under certain circumstances, where the affected software enables a privileged user account without notifying system administrators of the change. An attacker would be able to login and execute commands with full admins rights and do so quietly. While there is no patch currently for this vulnerability, there is a workaround offered by Cisco:
Add at least one user account with access privilege set to level 15 in the device configuration. By adding this user account, the default privileged account will be disabled.
While these vulnerabilities were relevant to only Cisco systems/devices, it is an important reminder to ensure that all devices on your network be routinely patched and upgraded as an unpatched system can lead to some serious openings that could have been prevented by an otherwise simple and quick fix.
Phish Tale of the Week
Netizen captures many phishes each month, which we feature here. This week we have received an unsolicited email asking us to download and view a pdf.
A phishing email will typically direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account numbers. A legitimate company already has this sensitive information and would not ask for it again, especially via email.
- Scrutinize your emails before clicking anything. Did you order or ask for anything for which you’re expecting a confirmation? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
- Verify that the sender is actually from the company sending the message.
- Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email—this is a huge red flag.
- Do not give out personal or company information.
- Review both signature and salutation.
- Do not click on attachments.
- Do not click on unrecognized links. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.
- Be wary of poor spelling, grammar, and formatting. As can be seen with the with this email, there are multiple spelling, grammar, and formatting errors, leading us to believe that the message is illegitimate. If an email is visually unprofessional, the sender is likely not who they say they are.
Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action or that is addressing you in a threatening manner should be questionable. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Staff Pay Raises 2018” may seem like something you really want to know about, but it could just be a ploy to plant malware on your system or steal your credentials.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is an ISO 27001:2013 (Information Security Management) certified company.