Saturday, 9 March 2013

UK InfoSec Review for February 2013

    • Addresses 57 vulnerabilities in Windows, Office, Internet Explorer, Exchange and the .NET Framework. 
    • 5 of these vulnerabilities were rated by Microsoft as ‘Critical’, Microsoft recommends to prioritise against MS13-009, MS13-010 and MS13-020
    • Adobe said in an advisory that one of the vulnerabilities — CVE-2013-0634 - is being exploited in the wild in attacks delivered via malicious Flash content hosted on websites that target Flash Player in Firefox or Safari on the Macintosh platform, as well as attacks designed to trick Windows users into opening a Microsoft Word document delivered as an email attachment
o   Hackers were able to access twitter data, including usernames, email addresses, session tokens and encrypted/salted versions of passwords

o Twitter had reset passwords and revoked session tokens for the affected accounts, and encouraged users to ensure they had strong passwords.

o   A Twitter spokesperson said “This attack was not the work of amateurs, and we do not believe it was an isolated incident. The attackers were extremely sophisticated, and we believe other companies and organisations have also been recently similarly attacked”

    • It occurred "when a handful of employees visited a mobile developer website that was compromised. The compromised website hosted an exploit which then allowed malware to be installed on these employee laptops.
    • Facebook says the laptops in question "were fully-patched and running up-to-date anti-virus software. As soon as we discovered the presence of the malware, we remediated all infected machines 
    • The Financial Services Authority (FSA) is to lead a government benchmarking scheme to produce guidance on cyber security for the financial services sector.
    • This includes a benchmarking programme, led by the FSA, to identify cyber and technology practices of 30 major financial institutions which, once concluded, will result in the publication of an updated Business Continuity Management Practice Guide
    • A secretive branch of China's military is probably one of the world's "most prolific cyber espionage groups", according to Mandiant, a US cyber security firm. 
    • Mandiant said Unit 61398 was believed to have "systematically stolen hundreds of terabytes of data" from at least 141 organisations around the world.
    • Cyber attacks are increasing with little sign of abatement.
    • Valuable data makes businesses a target. Data is a viable commodity for cybercriminals
    • Outsourcing IT and business systems saves money only if there’s no attack. Many third-party vendors leave the door open for attack, as they don’t necessarily keep client security interests top of mind.
    • Employees leave the door open to attacks. Whether due to lack of education or policy enforcement, employees pick weak passwords, click on phishing links, and share company information on social and public platforms.
    • Report identifies and details what Mandiant believes to be a building in China, responsible for state sponsored Advanced Persistent Threat (APT) against Western targets
    • Web Threats. The web became significantly more malicious in 2012, both as an attack vector and as the primary support element of other attack trajectories (e.g., social, mobile, email).
    • Social Media Threats. Shortened web links used across all social media platforms hid malicious content 32 percent of the time
    • Email Threats. Only 1 in 5 emails sent was legitimate, as spam increased to 76 percent of email traffic. Phishing threats delivered via email also increased
    • Malware Behavior. Cybercriminals adapted their methods to confuse and circumvent specific countermeasures. Fifty percent of web-connected malware became significantly bolder, downloading additional malicious executables within the first 60 seconds of infection.

No comments: