Welcome to the Ironshare Cyber Round-up, where we take a look back at the events of that last week and handpick some of the news, posts, views, and highlights from the world of Security.
Magecart, the hacking group behind the recent British Airways & Ticketmaster data breaches, have been at it again this time hitting the very popular American retailer Newegg via its e-commerce website.Fresh off publishing the details on the British Airways compromise, RiskIQ researchers in collaboration with Volexity have published a similar report on the latest victims, Newegg.For approximately 1 month between August 14th and September 18th, the attacker placed skimmer code was present on Newegg.com. The skimmer integrated with its checkout process to extract customer information and credit card data, before forwarding it to their Magecart server.This skimmer code shared the same base components with the BA breach although it was condensed down to just 15 lines of script.RiskIQ state: “The breach of Newegg shows the true extent of Magecart operators’ reach. These attacks are not confined to certain geolocations or specific industries—any organization that processes payments online is a target. The elements of the British Airways attacks were all present in the attack on Newegg: they integrated with the victim’s payment system and blended with the infrastructure, staying there as long as possible.”Full report: https://www.riskiq.com/blog/labs/magecart-newegg/If you carried out any transactions on Newegg.com between August 14th and September 18th it is recommended that you contact your bank or credit card company to report the breach, requesting your cards be cancelled and replaced.
Tenable Research reported early this week on their discovery of a new zero-day bug in NUUO CCTV products they have called Peekaboo. This zero-day comprises of two vulnerabilities, the first is rated critical and results in an unauthenticated buffer overflow that permits remote code execution (CVSS 10.0), while the second is a medium rated backdoor left in debug code (CVSS 4.0).These vulnerabilities were found in the NUUO NVRMini2, which provides network attached storage, video recording and the viewing of CCTV video feeds. One of the big issues is related to NUUO white labelling its software for third party vendors, meaning a full list of affected products is unclear.A fix for these vulnerabilities is now available from NUUO and users are recommended to upgrade to the updated version of software ASAP.https://www.tenable.com/blog/tenable-research-advisory-peekaboo-critical-vulnerability-in-nuuo-network-video-recorder
The Cyber Threat Alliance have this week released a white paper on the increasing threat from Cryptocurrency Mining. This report explains the threat, how it impacts its victims, while also including the counter measures and best practice safeguards that can be applied to combat it.Crytpo-mining is a legitimate process for improving a crypto-currency. This mining process is made illicit when a malicious party compromises another user’s computer processing power for mining activities without that user’s knowledge or consent.As crypto-mining can result in the miner generating funds, it has become a go to method for cyber criminals largely replacing the money generating activities previously found in Ransomware. The full report and its key findings can be found through the links below:Key Findings: https://www.cyberthreatalliance.org/wp-content/uploads/2018/09/CTA-Illicit-CryptoMining-Key-Findings.pdfFull report: https://www.cyberthreatalliance.org/wp-content/uploads/2018/09/CTA-Illicit-CryptoMining-Whitepaper.pdfThe papers conclude by calling on network defenders to implement recommended defensive best practices to combat the threat of crypto-mining and disrupt the criminal money making efforts.The Cyber Threat Alliance (CTA) is a formally organized group of cybersecurity experts from organisations across the industry. Their goal is to work together, sharing threat intelligence and information to improve global defences against advanced cyber adversaries. CTAs members include industry leading companies such as Cisco, Juniper, Fortinet, Rapid 7 & Sophos to name a few.
If you are a Cisco Firepower customer, you might want to check out their latest Field Notice update for FXOS in the Firepower 4100 and 9300 platforms.Due to a memory leak bug that exists in code versions prior to v2.2, an affected device will suffer a Kernel panic and reboot after approximately 210 days of uptime.Cisco recommends that customer devices running the impacted code should upgrade to the latest version of operating system software to address this issue. For more information including the affected and fixed versions of software please see the link below:https://www.cisco.com/c/en/us/support/docs/field-notices/643/fn64327.htmlThat’s it for this edition but please tune in for our next instalment.
To keep up to date with our news and posts why not join our mailing list by using the link to subscribe: http://bit.ly/IronMailListYou can also follow us using the social media links provided.If your business needs to improve its security, kick-start your Cyber plans with our Free Cyber Assessment: http://bit.ly/IronFreeCyberReviewIronshare – Security SimplifiedEdition #9 – 21st September 2018
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
