Image of The Good, The Bad & The Ugly in CyberSecurity

The Good, the Bad and the Ugly in Cybersecurity – Week 34

The Good

It’s common knowledge that threat actors are going after the lucrative target of payment systems. The most popular attack today is ATM cash out, ending in money withdrawn. To combat this increasing threat, Visa have announced improved measures to combat fraud and to beef up the cybersecurity of payment systems. Visa clients can take advantage of the new payment security capabilities without incurring any additional charges or registration.

After Apple’s long-awaited news of an expanded bug bounty program comes more good news for bug hunters and software endusers alike as Microsoft this week announced a new Edge Insider Bounty Program. Although Edge is a chromium-based browser (and Google have their own bug bounty program for Chrome), Microsoft are only rewarding bounties for vulnerabilities that are unique to the Edge browser. The Redwood outfit are offering between $1000 and $30000 in awards for qualifying submissions.

image of edge bug bounty announcement

The Bad

This year’s epidemic of ransomware attacks on local governments continued with 22 new attacks confirmed in Texas this week. The attackers are demanding $2.5 million, but so far there’s no indication that any ransomware has been paid. The link between these systems is they are all managed by the same service provider. We’ve seen other cities and municipal authorities (to name a few: City of Atlanta, City of Baltimore) also falling victim to ransomware attacks. The toll this year so far has reached at least 40 municipalities that we know of. From major cities like Balitmore to small towns like Lake City, it seems local governments are deliberately being targeted as threat actors are attracted by the combination of taking down mission-critical services and local governments’ lack of budget to resist paying and “toughing out” the economic damage. Combine that with many cities’ failure to deploy robust anti-ransomware security solutions and it seems like the attackers will be enjoying plenty more paydays in 2019. 

image of tweet from Texas DIR

Things seem to be going from bad to worse for Apple at the moment. Bluetooth data leaks are one thing, but it now seems that Apple’s iOS system is suffering from a security meltdown. A recent update for iOS 12.4 has undone the good work of a previous patch, and the latest version of the mobile phone operating system is once again vulnerable to the possibility of running unsigned code. On top of that, a new Bluetooth vulnerability (KNOB) affects 12.3 and earlier versions of iOS, so it appears almost every iOS device has some security issue or other. Presumably, Apple are hard at work on an update!

The Ugly

Popular web-based sys admin tool Webmin has been carrying an RCE backdoor that was maliciously inserted into its source code by attackers. Bad, of course. But ugly, too: the code was manipulated as far back as July last year without anyone noticing

image of tweet about webmin vulnerability

What do Cylance, Kaspersky, Trend Micro and Bitdefender all have in common?  The surprising answer is security flaws. Bitdefender was this week the latest security product to be found containing a serious vulnerability. The flaw would allow an attacker to take complete control of a target device with an unsigned DLL that runs as NT AUTHORITY/SYSTEM – an account with the highest level of privileges on the local system. The privilege escalation vulnerability, CVE-2019-15295, was patched by the vendor on Wednesday.