MENTIS

Week of September 7, 2018

MENTIS
news

Week of September 7, 2018

Patch for Windows Zero Day Vulnerability Released by Opatch*:

A security researcher disclosed a zero-day flaw in Windows that allowed for a privilege escalation.

The vulnerability occurs due to the Windows’ task scheduler program and links to the error handling of Advanced Local Procedure Call (ALPC) System.

The company has planned to push a security patch to the September 11th build of the Windows Operating System but in the meantime, a patch was released by the Opatch Community.

Opatch is a community of security experts who address software security flaws.

The community is famous for developing patches that are less than 30 bytes in size.

The community has released the fix within 24 hours after the public disclosure of the vulnerability, the patch is only 13 bytes in size.

This is just a temporary fix; Windows users are advised to apply the official Microsoft updates as one becomes available.

Opatch has also warned of unexpected errors that will be caused by the unofficial fix they have released.

*Source: The Latest Hacking News, September 03, 2018

https://latesthackingnews.com/2018/09/03/patch-for-windows-zero-day-vulnerability-released-by-opatch/


Beefing up Cyber Security on RBI Agenda This Fiscal Year*:

The Reserve Bank of India (RBI) said it will proactively initiate the process of developing a cybersecurity culture, endeavour to make cybersecurity a responsibility and ensure confidentiality, integrity and availability of information system and resources.

In view of growing incidents of cyber frauds, the RBI is working towards further enhancing security mechanism as part of its agenda for this fiscal year, especially when digital transactions are witnessing a significant rise.

The central bank’s agenda for 2018-19 includes enhanced level of protection against cyber risks to ensure continuous protection against the changing contours of internet-based security threats.

The RBI’s report said the 2018-19 agenda includes taking effective steps to “further enhance” the levels of protection against cyber risks.

New private sector and foreign banks accounted for 36 percent each of all cyber frauds reported in debit, credit and ATM cards, among others.

With the emerging threat landscape, where organised cybercrime and cyber warfare are gaining prominence, the RBI is working towards ensuring continuous protection against the changing contours of cybersecurity threat.

*Source: Hindustan Times, September 03, 2018

https://www.hindustantimes.com/business-news/beefing-up-cyber-security-on-rbi-agenda-this-fiscal-year/story-asaNL0VGYySeiiGo2LGeWL.html


Nearly 75% of Firms Not GDPR Compliant; Data Protection Strategy Needed*:

The global scenario for compliance with the EU’s GDPR is not very encouraging, according to market research firm Gartner, with barely a quarter of firms falling in line with the new law.

The EU’s data protection and privacy regulations came into effect in May with the aim of enforcing stricter implementation of rules and serious consequences for businesses in case of non-compliance.

Before the law came into effect, Gartner estimated that close to 50% of businesses wouldn’t be ready to comply with the regulation.

However, post the law coming into effect, close to 75% of the companies are still not ready to be compliant with the law.

An EY report revealed that 63% of Indian firms familiar with the requirements and impact of GDPR continue to lag behind in compliance.

The market research firm said that the enterprise spending on information security products and services in India was on track to reach $1.7 billion in 2018, an increase of 12.5% over last year.

In 2019, the market is predicted to reach a total of $1.9 billion.

The research firm also said that lack of skills was raising demand for security services.

CISOs are increasingly concerned about the quality of security services currently available, creating an opportunity for new security service providers that can offer higher quality services.

*Source: TechCircle, August 31, 2018

https://techcircle.vccircle.com/2018/08/31/nearly-75-of-firms-not-gdpr-compliant-data-protection-strategy-needed-gartner


CryptoNar Ransomware Decrypted Shortly After It Surfaced*:

A new CryptoJoker Ransomware variant has been discovered dubbed CryptoNar.

Fortunately, security researchers released a free decryptor almost immediately, meaning the victims will be able to easily recover their files.

The Ransomware was first discovered by the MalwareHunterTeam.

CryptoNar encrypts files using different file formats.

If the target file was a text or MD it will encrypt the entire file and append the data to .fully.cryptoNar extension and the rest of the files will have a .partially.cryptoNar extension appended to the file’s name, after the encryption process the ransomware sends the private/public key pair to the attacker using Email.

The Ransomware drops a ransom note named CRYPTONAR RECOVERY INFORMATION.txt which consists of the Ransom amount of $200 worth of Bitcoin.

The attacker has also instructed the victims to enter their email ID and the listed ID in the extra note field of the Bitcoin transaction.

A decryptor launches and waits for the victim to enter the private key they supposedly get after paying the ransom.

Michael Gillespie, a security researcher created the free decryptor for CryptoNar that will enable victims to get their files back for free.

*Source: Latest Hacking News, September 03, 2018

https://latesthackingnews.com/2018/09/03/cryptonar-ransomware-decrypted-shortly-after-it-surfaced/


Google Engineer Hacks Open Secure Doors at Google Office*:

It’s widely known Google has some of the best software engineers on the planet. Last July, one of them — a Google engineer who works in the company’s Sunnyvale offices — decided to put his skills to the test against his employer.

David Tomaschik found a software vulnerability that allowed him to hack open doors on campus that you were supposed to need an RFID keycard for.

He hacked up some code, sent it across the company’s network, and quickly saw the light on the door to his office turn from red to green.

Tomaschik talked with Forbes about what he’d done following a talk he gave on this in early August at the DEF Con Internet of Things Village in Las Vegas.

Last summer, the publication goes to explain, Tomaschik was looking at the encrypted messages the Software House devices called iStar Ultra and IP-ACM were sending across the Google network.

He discovered they were non-random, whereas encrypted messages “should always look random if they’re properly protected.

He was intrigued and digging deeper discovered a ‘hardcoded’ encryption key was used by all Software House devices.”

That meant all he needed to do was copy the key and either write commands like asking a door to unlock or replay legitimate commands.

And here’s the crazy part: Tomaschik found that he was able to do this without leaving any digital trail of his actions, and he could also fix it so that Google employees were prevented from opening doors they should have been able to get into.

Google, naturally, has taken steps to fix all this. For one thing, the company has segmented its network to prevent people on its properties from doing something like this.

The Software House devices also now apparently use a stronger form of encryption — though, according to Tomaschik, Software House came up with a solution that requires a change of hardware at customer sites.

His implication being there are lots of locations and businesses that could be open to a similar hack, though a spokesman for Software House told Forbes, “This issue was addressed with our customers,” without providing additional details.

Meanwhile, even though the hacker here had good intentions, this is yet another reminder of the destructive potential of Internet of Things vulnerabilities. Specifically, of how lax security can open up such Internet-connected devices to real-world mischief.

Lawmakers have been slow to get involved in mandating changes that would protect against this kind of thing, and manufacturers are still proving slow to improve the security of the hardware they sell, which means for now we’re still reliant on hackers like Tomaschik to find and fix vulnerabilities, like keeping doors closed that aren’t supposed to be open.

*Source: BGR, September 03, 2018

https://bgr.com/2018/09/03/google-doors-open-after-hack/


Chrome 69 Now Has a Random Password Generator*:

The Chrome browser has recently reached its tenth birthday.

Apart from a whole lot of UI enhancements, Google has also concentrated on user password security with the implementation of a random strong password generator which will allow the password to be saved to the application’s cache.

Google has said that the user must be logged in to use this feature.

One of the other major upgrades is that Google has begun phasing out Flash support from their browsers – if the website requires Flash support they need to ask permission to run the browser.

The final goal of Google is to kill Flash by the release of Chrome 76 and remove it for good in the 80th iteration of the browser.

Finally, the new update has also patched more than 40 security issues in the Web APIs and CSS features. There are also a lot of developer-centric changes.

*Source: Latest Hacking News, September 06, 2018

https://latesthackingnews.com/2018/09/06/chrome-69-now-has-a-random-password-generator/


China’s Huazhu Group Data Breach Exposed 500 Million Customer Records*:

Recently, a massive data breach at a Chinese group of hotels has gained attention in the news world.

According to the reports from several Chinese media sources, one of the nation’s biggest chain of hotels, the Huazhu Group, became a victim of a massive security breach.

Allegedly, the data breach exposed around 500 million customer records bearing explicit details.

The breached data contains various details provided by the customers to any of the hotels run under the Huazhu Group.

The information includes 123 million pieces of registration data such as name, mobile number, ID number, and login pun. 130 million pieces of check-in records, such as name, ID number, home address, and birthday. 240 million pieces of hotel-stay records, such as name, credit card number, mobile number, check-in and check-out time, consumption amount, and room number.

While investigations continue, anti-cybercrime entity, Zpower, analyzed the data and found the data breach may have resulted after Huazhu’s programmers uploaded the details of its database to Github.

Out of the 500 million breached records, around 150 million records are for sale on the dark web.

The criminal sellers allegedly demand 8 BTC or 520 Monero (around USD 56,158) for the 141.5GB data.

The Huazhu Group claims to have begun investigations about this data available on the dark web, for which they have also hired an external security firm.

Shanghai Police are also tenaciously investigating the matter and say that the culprits will be heavily punished.

Huazhu Group is among the leading chain of hotels in China, operating 13 known hotel brands with hundreds of hotels operating nationwide. Some of its brands include Hanting Inns and Hotels, Novotel, Hi Inn, and Starway Hotel.

*Source: Latest Hacking News, September 03, 2018

https://latesthackingnews.com/2018/09/03/chinas-huazhu-group-data-breach-exposed-500-million-customer-records/


DDOS on Bank of Spain Claimed by Anonymous Catalonia*:

The Central Bank of Spain was offline for a week due to a DDoS attack which was claimed by the hacktivist group Anonymous Catalonia.

The attack started on Sunday and continued through until Monday.

The attack was due to a protest where #OpCatalonia requested that the government arrest Catalan political leaders over the region’s fight for independence last year.

The group used the famous #TangoDown to announce their distributed Denial-of-Service-Attack was successful, and they have also shared the proof that the server hosting the bank’s website was down all over the world.

A representative of the bank has announced that their organisation was hit by a DDoS attack that allows intermittent access to the website, however the attack didn’t affect the operations of the Entity.

Banco de España is just one of the newest victims of the hacktivist group, who commenced the assault on Spanish government websites on August 20.

Their main focus was on the official websites of the Constitutional Court and the economy of the foreign ministries. On Aug 19th the group announced their protest against the government.

*Source: Latest Hacking News, September 03, 2018

https://latesthackingnews.com/2018/09/03/ddos-on-bank-of-spain-claimed-by-anonymous-catalonia/


Spyware Firm Family Orbit Exposed 281 GBs of Children’s Data and Photos*:

Family Orbit – a parental control app – reportedly left a large chunk of its customers’ data online.

The spyware selling firm exposed the data on unsecured servers, making it vulnerable to hacking.

As disclosed by the unnamed hacker, the firm’s server had a simple password protection that was quite easy to guess.

Upon snooping into the server, the hacker found several gigabytes of data containing a lot of customers’ information.

The company left “3,836 containers on Rackspace with 281 gigabytes of pictures and videos”.

The hacker had shared the screenshots of his discovery with Motherboard, after which, Motherboard also verified the breach.

After being notified of the matter, Family Orbit confirmed the breach whilst explaining about the fix.

While the firm claims to provide the “best parental control app,” they supposedly failed at maintaining their own data security.

Fortunately, the firm resolved the glitch before a bad actor could exploit it.

Nonetheless, this isn’t the first time that a spyware firm became vulnerable.

*Source: Latest Hacking News, September 01, 2018

https://latesthackingnews.com/2018/09/01/spyware-firm-family-orbit-exposed-281gbs-of-childrens-data-and-photos/


Fiserv Flaw Left Personal Data of Hundreds of Banks Customers Exposed*:

Fiserv – a financial service technology provider firm – has recently patched a security flaw in its web platform.

As discovered by a researcher, the Fiserv flaw leaked personal and financial details of customers from hundreds of banks.

A researcher discovered the flaw a couple of weeks ago when he logged into a local bank system that used Fiserv.

According to his findings, he could view any other customer’s details by simply changing a particular “event number” in the page script.

KrebsOnSecurity went on to confirm Hermansen’s findings about the Fiserv flaw.

They also found similar behavior happening at two other small local banks using Fiserv.

It was then safe to deduce that almost all banks using Fiserv would be vulnerable to the flaw.

The Fiserv flaw discovered by Hermansen was in no way a negligible one.

A slight change of the digits allegedly exposed other users’ details to anyone.

Considering the critical nature of the glitch, Hermansen first tried to inform his bank and Fiserv authorities.

However, he remained unsure about whether the flaw was being addressed or not.

Fiserv did not mention the number of banks using their web platform, but it is estimated that around 1700 banks use Fiserv’s retail platform.

*Source: Latest Hacking News, September 01, 2018

https://latesthackingnews.com/2018/09/01/fiserv-flaw-left-personal-data-of-hundreds-of-banks-customers-exposed

Get in Touch With Us!

Are you interested in receiving more information about our products? Do you have questions about sensitive data security? Would you like a demo? Complete the details below and one of our specialists will get in touch with you.

We love to help our customers solve their data security problems. Please tell us about what you are trying to accomplish, details about your environment, and any other information that will help us understand your needs better.

Image CAPTCHA
scroll top