Cyber Round-up for 16th August
Welcome to the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
An 18-year-old student has discovered multiple vulnerabilities in the software used by 5,000 schools. Two common pieces of software, Blackboard and Follett, contain serious bugs that allowed the teenager to access over 5 million records, including students and staff. The Blackboard breach alone compromised 24 categories of data, including phone numbers, bus routes, passwords, photos, student grades and immunisation records. The teenage hacker stated that he managed to accomplish this with very limited access, which supports his statement regarding the poor state of cybersecurity in education software. The teen presented his findings at Defcon last week and proved that something needs to be done about the lack of consideration for cybersecurity.
BlackBerry Cylance’s AI-based antivirus has been easily bypassed by security researchers, who managed to trick it into thinking that the WannaCry ransomware is benign. The researchers have developed a “global bypass” for Cylance’s machine-learning algorithm that can be used with almost any malware; the method involves taking strings from a non-malicious file and simply adding them to the malicious one. In this case the researchers used an online gaming program. The idea of an AI-based antivirus is that once trained, it will not require constant updating, however after this discovery the company may have to completely retrain the system.
Security researchers have discovered a serious data breach of the Suprema BioStar 2 biometric security database, which contains the plain-text usernames and passwords, fingerprints and facial recognition data of over 1 million users. The breach allowed attackers to take over user accounts and replace biometric data with their own, which could potentially grant access to secure areas. BioStar is used by a over 5,700 major companies, including the UK Metropolitan Police, this puts into perspective the severity of this breach. Suprema have not yet commented on the breach but have confirmed they will take immediate action to remediate the issue.
A 20-year-old bug has been discovered in the legacy windows protocol, Microsoft CTF. CTF is part of the Windows Text Services Framework and manages keyboard layouts, input methods and other things such as text processing. The protocol also communicates with other Windows services freely without proper authentication; for this reason, the flaw has been rated ‘important’. This vulnerability allows an attacker to escalate privileges to compromise a machine, however it does require the attacker to have a local user session. Despite this, the exploit cannot grant initial access to the machine. More details included in the original post.
Ransomware can affect any internet-connected device, not just a computer, and this recent outbreak of attacks targeting Canon DSLR cameras is all the proof you need. Vulnerabilities in Canon’s Picture Transfer Protocol can be exploited by USB or WiFi to seize control over a target camera. Security Researchers confirmed that the exploit allows an attacker to install a malicious firmware update onto the camera without any user interaction from the victim. This firmware can be modified in some cases to encrypt the files on the device and request a ransom to recover them. There is currently only an update available for the EOS 80D model, patches for other models will be available soon.
Vulnerabilities & Updates
Microsoft’s patch Tuesday for August hit this week and has addressed a total of 97 vulnerabilities, 31 of which were critical threats. These vulnerabilities include remote code execution flaws in Remote Desktop Protocol and Microsoft Outlook. Details on all the addressed vulnerabilities are included in the original post.
A zero-day vulnerability in the Windows version of the Steam client has been published by a security researcher. The vulnerability has been identified as a privilege-escalation bug and gives an attacker the ability to run any desired program with the highest level of access. Researchers discovered that symbolic links can be used to force the computer into launching any service or executable. In some circumstances the exploit can run Windows Installer, which can be used to deploy malicious code. This vulnerability affects any Windows device that has the Steam client installed. Valve have now released a patch for this flaw, and we advise updating as soon as possible.
And that’s it for this week round-up, please don’t forget to tune in for our next instalment.
Why not follow us on social media using the links provided on the right.
Edition #54 – 16th Aug 2019
Ironshare – Security Simplified