Cyber Round-up

Cyber Round-up for 21st September

Welcome to the Ironshare Cyber Round-up, where we take a look back at the events of that last week and handpick some of the news, posts, views, and highlights from the world of Security.

Newegg hit by Magecart

Magecart, the hacking group behind the recent British Airways & Ticketmaster data breaches, have been at it again this time hitting the very popular American retailer Newegg via its e-commerce website.

Fresh off publishing the details on the British Airways compromise, RiskIQ researchers in collaboration with Volexity have published a similar report on the latest victims, Newegg.

For approximately 1 month between August 14th and September 18th, the attacker placed skimmer code was present on Newegg.com. The skimmer integrated with its checkout process to extract customer information and credit card data, before forwarding it to their Magecart server.

This skimmer code shared the same base components with the BA breach although it was condensed down to just 15 lines of script.

RiskIQ state: “The breach of Newegg shows the true extent of Magecart operators’ reach. These attacks are not confined to certain geolocations or specific industries—any organization that processes payments online is a target. The elements of the British Airways attacks were all present in the attack on Newegg: they integrated with the victim’s payment system and blended with the infrastructure, staying there as long as possible.”

Full report: https://www.riskiq.com/blog/labs/magecart-newegg/

If you carried out any transactions on Newegg.com between August 14th and September 18th it is recommended that you contact your bank or credit card company to report the breach, requesting your cards be cancelled and replaced.

Peekaboo Zero-day bug in CCTV cameras

Tenable Research reported early this week on their discovery of a new zero-day bug in NUUO CCTV products they have called Peekaboo. This zero-day comprises of two vulnerabilities, the first is rated critical and results in an unauthenticated buffer overflow that permits remote code execution (CVSS 10.0), while the second is a medium rated backdoor left in debug code (CVSS 4.0).

These vulnerabilities were found in the NUUO NVRMini2, which provides network attached storage, video recording and the viewing of CCTV video feeds. One of the big issues is related to NUUO white labelling its software for third party vendors, meaning a full list of affected products is unclear.

A fix for these vulnerabilities is now available from NUUO and users are recommended to upgrade to the updated version of software ASAP.

https://www.tenable.com/blog/tenable-research-advisory-peekaboo-critical-vulnerability-in-nuuo-network-video-recorder

CTA Crypto Mining Report

The Cyber Threat Alliance have this week released a white paper on the increasing threat from Cryptocurrency Mining. This report explains the threat, how it impacts its victims, while also including the counter measures and best practice safeguards that can be applied to combat it.

Crytpo-mining is a legitimate process for improving a crypto-currency. This mining process is made illicit when a malicious party compromises another user’s computer processing power for mining activities without that user’s knowledge or consent.

As crypto-mining can result in the miner generating funds, it has become a go to method for cyber criminals largely replacing the money generating activities previously found in Ransomware. The full report and its key findings can be found through the links below:

Key Findings: https://www.cyberthreatalliance.org/wp-content/uploads/2018/09/CTA-Illicit-CryptoMining-Key-Findings.pdf

Full report: https://www.cyberthreatalliance.org/wp-content/uploads/2018/09/CTA-Illicit-CryptoMining-Whitepaper.pdf

The papers conclude by calling on network defenders to implement recommended defensive best practices to combat the threat of crypto-mining and disrupt the criminal money making efforts.

The Cyber Threat Alliance (CTA) is a formally organized group of cybersecurity experts from organisations across the industry. Their goal is to work together, sharing threat intelligence and information to improve global defences against advanced cyber adversaries. CTAs members include industry leading companies such as Cisco, Juniper, Fortinet, Rapid 7 & Sophos to name a few.

Cisco FXOS time delay reboot bug

If you are a Cisco Firepower customer, you might want to check out their latest Field Notice update for FXOS in the Firepower 4100 and 9300 platforms.

Due to a memory leak bug that exists in code versions prior to v2.2, an affected device will suffer a Kernel panic and reboot after approximately 210 days of uptime.

Cisco recommends that customer devices running the impacted code should upgrade to the latest version of operating system software to address this issue. For more information including the affected and fixed versions of software please see the link below:

https://www.cisco.com/c/en/us/support/docs/field-notices/643/fn64327.html

That’s it for this edition but please tune in for our next instalment.

Sign Up

To keep up to date with our news and posts why not join our mailing list by using the link to subscribe: http://bit.ly/IronMailList

You can also follow us using the social media links provided.

If your business needs to improve its security, kick-start your Cyber plans with our Free Cyber Assessment: http://bit.ly/IronFreeCyberReview

 

Ironshare – Security Simplified

 

Edition #9 – 21st September 2018