Cyber Round-up

Cyber Round-up for 9th November

Welcome to Ironshare’s Cyber Round-up, where we look back at the events of that last week and handpick some of the news, posts, views, and highlights from the world of Security.

HSBC confirms data breach for US customers

On November 2nd the global banking giant HSBC reported to the California Attorney Generals office that they had suffered a breach of US customer data, that has compromised customer names, addresses, account numbers, balances, transaction history and more.

In their notice, HSBC state they identified unauthorised access to online customer accounts between the dates of the 4th and 14th October 2018, and as a result all impacted accounts had online access suspended to prevent further compromise. Further action has been taken to increase the security around the online banking authentication process, while also providing victims with a free subscription the Identity Guard theft protection service.

It is believed that the unauthorised access was successfully achieved using a credential stuffing attack. Credential stuffing relies on previously leaked credential data (usernames and passwords), which has been disclosed as part of another potentially unrelated breach. It takes this data and automatically injects these credentials into the system being targeted, in the hope that match will be found, and access will be granted.

To reduce the chance of being a victim of a credential stuffing attack, it is crucial that you don’t use the same combination of username and password on more that one site or system.

ALWAYS use unique passwords that are not shared with any other service. If you know that you are using the same password for multiple things, then you should go and change them now.

If like most of us you are becoming overwhelmed by the amount of passwords you have to remember then its time for you to get a password manager! Go search Google and check out which one is right for you.

HSBC notice: https://oag.ca.gov/system/files/Res%20102923%20PIB%20MAIN%20v3_1.pdf

Criminal’s encrypted chat cracked by Police

IronChat, an encrypted messaging platform provided on Blackbox Security’s IronPhones, has been cracked by the Dutch police, who were able to listen in on over a 250,000 chat messages of suspected criminals.

IronChat has been popular amongst criminal circles for providing the means to communicate confidentially about their illicit activities. Unbeknown to the users their conversations were being monitored by the Dutch police, and resulted in arrests and the seizure of weapons, drugs and cash.

BlackBox Security’s Website has since been seized by the authorities and its owners are have been arrested for suspicion of criminal involvement.

Check out Graham Cluley’s post on Bitdefender for more details:

https://hotforsecurity.bitdefender.com/blog/police-crack-encrypted-chat-service-ironchat-and-read-258000-messages-from-suspected-criminals-20530.html

Remote Code Flaw found in WooCommerce

Security researchers at RIPS Technologies have discovered remote code execution and privilege escalation flaws in the immensely popular WooCommerce WordPress plugin. WooCommerce, is an online shop plugin that’s used by over 4 million websites worldwide.

All that is needed to successfully launch this attack is for a compromised user to possess the ‘Shop Manager’ role, which permits them to manage products, customers and orders for the online shop.

By simply injecting a malicious payload that deletes certain files, WordPress security checks can be bypassed, allowing the malicious shop manager to take over the WordPress admin account and gain full control to the site.

This could be launched through a simple phishing attack, or through Cross Site Scripting (XSS) vulnerabilities.

Users who are running WooCommerce should ensure that they have upgraded to at least version 3.4.6, and always keep up to date with the latest releases.

Full details and a video showing how simple the compromise is can be found on the RIPSTECH blog:

https://blog.ripstech.com/2018/wordpress-design-flaw-leads-to-woocommerce-rce/

Critical Vulnerabilities in Self-Encrypting SSDs

Multiple critical vulnerabilities have been found in popular self-encrypting solid-state storage devices, that allows a malicious actor to recover protected data by decrypting the disk.

Researchers at Radbound University in the Netherlands, reverse engineered the hardware that provides full disk encryption on Crucial and Samsung solid-state drives and found flaws that breaks the encryption on these devices.

Issues were found in the ATA Security and TCG Opal implementations, where due to there being no links between the Password and Encryption key, attackers can manipulate the password validation routine in RAM and use any password to decrypt the data.

In addition to this Wear levelling exploits were found in Samsung devices, which leaves unprotected encryption keys available for retrieval, while Crucial devices were also found to have blank Master Passwords by default, allowing encrypted data to be retrieved using a blank password.

It doesn’t stop there, if you are using BitLocker as your disk encryption of choice, you should be aware that due to BitLocker’s default behaviour of using the hardware encryption available over its own software-based encryption, you will still be vulnerable if using the affected devices.

Crucial have since released patches for all its infected devices, while Samsung has provided updates for its T3 and T5 SSD’s.

https://thehackernews.com/2018/11/self-encrypting-ssd-hacking.html

And that’s it for this week, please don’t forget to tune in for our next instalment.

Sign Up

To keep up to date with our news and posts why not join our mailing list by using the link to subscribe: http://bit.ly/IronMailList

You can also follow us using the social media links provided.

If your business needs to improve its security, kick-start your Cyber plans with our Free Cyber Assessment: http://bit.ly/IronFreeCyberReview

 

Ironshare – Security Simplified

 

Edition #16 – 9th November 2018