Attacker Mistake Botches Cyborg Ransomware Campaign

Cybercriminals attempted to install Cyborg ransomware on target machines by deceiving victims with a fraudulent Windows update.
Source: DarkReading
Attacker Mistake Botches Cyborg Ransomware Campaign

DDoS Attacks Up Sharply in Third Quarter of 2019

DDoS attacks of all sorts were up by triple-digit percentages, with smaller volume attacks growing most rapidly.
Source: DarkReading
DDoS Attacks Up Sharply in Third Quarter of 2019

CVE-2019-10766

Pixie versions 1.0.x before 1.0.3, and 2.0.x before 2.0.2 allow SQL Injection in the limit() function due to improper sanitization.
Source: NIST
CVE-2019-10766

TPM-Fail: What It Means & What to Do About It

Trusted Platform Modules are well-suited to a wide range of applications, but for the strongest security, architect them into “defense-in-depth” designs.
Source: DarkReading
TPM-Fail: What It Means & What to Do About It

Only 12.5% of Top US Retailers Protect Customers from Email Fraud

Only 12.5% of Top US Retailers Protect Customers from Email Fraud

A study conducted by cloud-based email security company Red Sift has found that only 12.5% of America’s top 100 retailers have taken steps to prevent fraudulent emails from landing in their customers’ inboxes.



The worrying finding emerged after Red Sift researchers looked into the DMARC status of companies featured in STORES Magazine’s Top 100 Retailers for 2019, along with their subsidiaries. 



DMARC (Domain-based Message Authentication, Reporting & Conformance) is a globally ratified protocol that ensures emails are authenticated before they reach users’ mailboxes and confirms that they have been sent from legitimate sources. 



If DMARC settings are configured to “reject,” potential phishing emails can be stopped at the gateway. Alternatively, a company can choose the DMARC setting “quarantine” to redirect unauthenticated emails to the junk folder.



Red Sift researchers found that of the 120 unique sites they examined, only six had their DMARC set to “quarantine,” and just nine had it set to “reject.” A staggering 41 had no DMARC protection in place at all, while 64 “had DMARC in place, but online in monitoring mode,” a Red Sift spokesperson told Infosecurity Magazine. 



The retailers who opted for “reject”—the strongest form of protection—were Walmart, Verizon Wireless, Kohl’s, Gap, Wegmans, Tractor Supply Co., Burlington Coat Factory, IKEA, and Williams-Sonoma. 



“Quarantine” was the configured DMARC setting for Amazon, Apple, Dress Barn, Lane Bryant, Wayfair, and Belk.



Red Sift co-founder & CEO Rahul Powar told Infosecurity Magazine that the study’s most surprising finding was “the sheer volume of unprotected retailers, given the shift away from shopping malls to online, means an increased reliance on email for marketing and commerce.”



Researchers also examined the DMARC settings of America’s five leading delivery companies. Shoppers gearing up for Black Friday and Cyber Monday sales will be delighted to learn that UPS, FedEx, DHL, USPS, and Amazon all had DMARC protection set to either “reject” or “quarantine.” 



But even with DMARC protection set to maximum, shoppers are still vulnerable to cybercrime. 



“DMARC will stop all impersonated emails that a fraudster tries to send from an exact domain, like www.ikea.com, but won’t stop emails from look-alike or cousin domains; for example, www.lkea.com or www.1kea.com. This is why the advice is to take a careful look at the sender’s email address, as these clunky fakes will be easy to spot,” said Powar.



After admonishing shoppers to be cautious, Powar shared the following advice: “If an offer is too good to be true, that’s usually a sign that someone is trying to entice you into carrying out an action you’d usually think twice about—so just take a moment to check the basics. 



“For example, making sure the ‘from’ email address looks right, hovering over links to check where they will take you before clicking, and finally, if in doubt, opening a new tab and navigating straight to the retailer’s website to find that bargain.”


Source: Infosecurity
Only 12.5% of Top US Retailers Protect Customers from Email Fraud

CVE-2019-11289

Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthorized malicious user could forge a route service request using an invalid nonce that will cause the Gorouter to crash.
Source: NIST
CVE-2019-11289

CVE-2011-2922

ktsuss versions 1.4 and prior spawns the GTK interface to run as root. This can allow a local attacker to escalate privileges to root and use the “GTK_MODULES” environment variable to possibly execute arbitrary code.
Source: NIST
CVE-2011-2922

PayMyTab Exposes Data of US Restaurant Goers

PayMyTab Exposes Data of US Restaurant Goers

A mobile payments provider exposed the data of thousands of US restaurant goers for 16 months by failing to follow security protocols. 



PayMyTab didn’t change the security settings to “private” on an Amazon Web Services (AWS) S3 bucket that the company has been using to store customer data since July 2, 2018.



Data exposed included personally identifying information (PII) of customers who had paid for restaurant meals using the PayMyTab service, then requested that a receipt be emailed or texted to them. 



When a customer clicked on the link to view their receipt, anyone with access to the S3 bucket database could view the customer’s name, email address, or phone number and the last four digits from the payment card. 



Virtual onlookers could also view an interesting snapshot of what the customer had eaten, where they had eaten, and the time and date of their dining experience. 



PayMyTab markets itself as a service that provides consumers with “simplicity and security while paying,” and claims in its privacy policy to “maintain appropriate administrative, physical, and technical safeguards for protection of the security, confidentiality, and integrity of data.”



Those claims were proved false when the data breach was presented to vpnMentor on October 18 by Helen Foster, partner at Davis Wright Tremaine in Washington, DC. Foster learned of the leak from a source who wishes to remain anonymous.



vpnMentor contacted PayMyTab on October 22 and again on October 27 to inform them of the breach.   



“This data breach represents a serious lapse in basic security protocol for PayMyTab. By exposing this database, they risked the privacy of customers in their client restaurants, the restaurants themselves, as well as PayMyTab’s entire business. 



“The exposed customer PII makes those affected vulnerable to many forms of online attack and fraud,” wrote vpnMentor researchers. 



“With the information exposed in this breach, hackers and cybercriminals could start building profiles of potential victims and target them for identity theft or phishing campaigns. The implications for their financial and personal security could be disastrous.”



This callous security SNAFU, which could have so easily been prevented, may prove difficult to fix, according to vpnMentor researchers. 



They wrote: “Even if PayMyTab secures the S3 bucket, the receipts in question could still be exposed. PayMyTab will need to completely overhaul their data storage to resolve the issue.”



Researchers warned that a hacker who accessed the bucket could have already downloaded the files, which they could then use to undermine any future randomized security measures placed on the bucket.


Source: Infosecurity
PayMyTab Exposes Data of US Restaurant Goers

Most Companies Lag Behind '1-10-60' Benchmark for Breach Response

Average company needs 162 hours to detect, triage, and contain a breach, according to a new CrowdStrike survey.
Source: DarkReading
Most Companies Lag Behind ‘1-10-60’ Benchmark for Breach Response

CVE-2019-18934

Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `–enable-ipsecmod` support, and ipsecmod is enabled and used in the configuration.
Source: NIST
CVE-2019-18934