CCleanup Vulnerability

CCleaner

From: http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html

This article is about the service called CCleanup. The software cleans up the computer and tries to optimize it. The CCleanup servers hosted a download link that contained malicious software on top of the download. It contained a Domain Generation Algorithm with Command and Control services. Hopefully, you can see why this is a pretty big deal. Between the dates August 15- September 12 in 2017 it was distributed. Keep in mind that this was signed off as being safe.

The article then says that a time gap occurred in the signing meaning that they could have a vulnerability with that process. This makes it seem like they have someone on the inside causing trouble. The malicious software itself didn’t do anything noticeable to prevent people from discovering the problem. It then goes into heavy detail on how exactly this malicious software works. The basic gist is that it transfers information from the computer to a Command and Control server.  I highly recommend checking the info-graph on the website that they created. It lays out exactly what steps the malicious software takes to do this.

This software had 2 billion downloads worldwide in October. This means they could have a lot of infected users. The article makes the point that this attacker exploited the trust software companies should have with their users. The code exploited the trust users had in it, which caused it to remain undetected for months. This article shows how much us as users rely on trust, but it only takes one person to abuse that trust.

Bluetooth Vulnerability

download (1)

From: https://www.armis.com/blueborne/

A new virus called BlueBorne has surfaced. The way it works is through an airborne attack using the Bluetooth software. This allows it to actually take control of the device it is targeting. It also spreads malware to other devices close by. The way Bluetooth works is either by pairing with a device or being “discover-able” by other devices. Unfortunately, neither of those things need to happen for this malware to spread. Security measures are non existent  through attacks in the air.The virus is classified as highly infectious by this article, which is concerning considering what it does.

This virus gives almost full control of a system, since Bluetooth gives itself such high permissions.All devices that uses Bluetooth are at risk. Bluetooth constantly looks for other users to connect with automatically, meaning its very easy for devices to exploit this feature. This can happen without the user doing anything, which is the most scary part about this story. The rest of the article goes into how each attack works for each device.

The end of the article states that you no solution to this has been discovered at the time of the articles posting. For now, turn off Bluetooth if you can and keep all devices updated in hopes of a patch to fix this. This is a very serious vulnerability and all devices are at risk with Bluetooth on.

RIP Equifax

07-equifax.w710.h473

From: http://www.huffingtonpost.com/entry/how-to-check-equifax-security-hack_us_59b1f8a5e4b0354e4410c754?utm_hp_ref=cybersecurity

and

From: http://www.huffingtonpost.com/entry/equifax-says-hack-potentially-exposed-details-of-143-million-consumers_us_59b1bc2de4b0354e4410b33e?ncid=inblnkushpmg00000009

This week we got a doosey of an article. Equifax was hacked and lost information about 143 million people…oops. The information that was leaked was social security numbers and names. It is not like those are easy to change. That makes it one of the worst leaks of all time. On top of that credit card numbers were stolen as well. Stocks plummeted and the company might face a lawsuit. It should be interesting to see if the company stays afloat after this major disaster.

This shows the really ugly part about data collection. What happens when we cant trust the companies collecting our data? Honestly, I hadn’t really thought about that question until today and I am not sure I have much faith in them anymore. Out of all the companies I would hope wouldn’t get hacked into, it was probably the company that collects data about credit score. Today is another major reminder that security is critical and that our privacy and data matter. Hopefully companies start taking that seriously after today.

Cyber Warfare

 

Vogtle_NPPFrom: http://www.huffingtonpost.com/entry/nuclear-power-hacking-cyberattacks_us_595eeef0e4b02e9bdb0b9b79?utm_hp_ref=cybersecurity

and

From: http://www.huffingtonpost.com/entry/malware-power-grid_us_593fa144e4b0b13f2c6d9285?utm_hp_ref=cybersecurity

 

I am looking at two articles because they both were written up around the same time and they both talk about the same topic. Cyber warfare is a huge issue that we are seeing pop up in the news over and over again. From election hacking, to american companies being targeted, it is crucial we understand what is happening.

With the first article, we find that nuclear power stations have been targeted by hackers. The FBI and Homeland Security both released statements about how severe these attacks are.The article goes on about previous attacks that happened and how real this threat is.

The second article talks about how malicious software was linked to the 2016 Ukraine power outage. Our homeland security is investigating what happened here and it doesn’t believe our power plants have been affected. They did say to be alert over this because it could be manipulated to infect US power plants. It is common practice for viruses to be molded for new purposes.

Cyber warfare between countries is a huge threat. Ukraine has shown us that our infrastructure is potentially vulnerable to these kind of attacks. It shows our country how crucial investing in computer security is. If war does break out between countries it will be against our technology. These articles remind us how scary this stuff really is.

 

MasterCard Hashing Flaw?

Master Card Credit Card Paying Visa Card Credit

From: http://tinyhack.com/2017/09/05/mastercard-internet-gateway-service-hashing-design-flaw/

I found this little gem on Reddit that talks about a flaw in MasterCard’s recent hashing technique. The author claims to have found a previous vulnerability in the MasterCard’s hosting system and that he reported the bug and received some cash for his efforts. He goes into a bit of detail about what that exploit was and this gives a bit of weight behind his next claim that it is still vulnerable after the update. His explanation is technical, but he tries to break it down. The bug allows for you to send a string that is a valid request and response from the MIGS server, while injecting something into the string that will still generate a correct hash. The article then claims this vulnerability is with the hashing itself and should be fixed on MasterCard’s end.

The important question the author of this article is trying to make is that his bounty reward for finding the first bug was 8,500 dollars from MasterCard and 400 dollars from Fusion Payments. With this new exploit, they have just ignored his repeated requests to talk with MasterCard. He claims that with such low bounty rewards and how difficult it is to get in contact it doesn’t incentivize people to come forward with this information. He poses the question of how many black hat hackers are already taking advantage of it.

It is interesting how MasterCard doesn’t seem to want to promote people from giving them exploits in their system. You would think they would fear a major hack, but it seems like they are just hoping everything will be okay. I’m sure they have a security team, but you would think they would try to motivate people to come forward with this information. Perhaps it’s another case of negligence until it blows up in their face.