Microsoft_Silverlight_logo.png

 

Silverlight is deemed as being Microsoft’s first 2016 zero-day, TrendMicro’s AV grants any website command-line access, Cyber-espionage in Myanmar with Trochilus RAT, and survey says- over half of Europeans and American company respondents have lost confidence in payment data security.

Highlighting the cyber-security news from the past week in a 120 sec. read. Starting now.

 


Zero-Days

1. Kaspersky hunted down an active exploit from Hacking Team’s emails, which attacked Microsoft’s Silverlight software. Microsoft rated the exploitable vulnerability as critical.

Why is this signficant?

  1. This remote-code execution malware effects Microsoft’s Silverlight making it Microsoft’s first published vulnerability in 2016.
  2. Silverlight software is a browser plug-in that is widely used in streaming content to users and is also used in industrial controls systems, such as SCADA and other critical infrastructure.
  3. Microsoft has recently patched this vulnerability, although this attack worked with top browsers, excluding Chrome due to their intuition of removing the Silverlight plug-in 2014.  During this transition of removing Silverlight from Chrome, Netflix valued Chrome more than the plug-in and ousted  Silverlight back in 2014. 

Read the fully story in Wired

 

2. A critical vulnerability, discovered by Google’s Project Zero’s Tavis Ormandy, in Trend Micro’s Windows antivirus grants any website command-line access to Windows PC.

Why is this signficant?

  1. The vulnerability lies within the Password Manager component of the TrendMicro’s consumer AV which opens up their API.
  2. If exploited, threat actors could command-line access Windows PC’s from any website resulting in complete takeover of the victim’s machine, including installing malware, uninstalling AVs and stealing passwords stored in the browser.
  3. The vulnerability is now patched, but Tavis says "I'm still concerned that this component exposes nearly 70 APIs to the internet, most of which sound pretty scary. I tell them I'm not going to go through them, but that they need to hire a professional security consultant to audit it urgently.”

Read the fully story in The Register

Remote Access Trojan (RAT)

A new RAT dubbed Trochilus is being used in a watering hole campaign targeting the government of Myanmar, as discovered by Arbor Networks’ ASERT team.

Why is this signficant?

  1. Trochilus RAT stems from a cyber-espionage group, Group 27’s malware portfolio, containing six other different malware strains. Collectively termed as the “Seven Pointed Dagger”, the different malwares can be implemented together or divided into different combinations, triggered by the various type of data being exfiltrated.  "Malware #1-6: Six RAR Files Containing PlugX, EvilGrab, an unknown malware, and the Trochilus RAT” & "Malware #7: 3102 Variant of the 9002 RAT in Firefox Plugin”. 
  2. After the discovery of the six malware strains that was published on August 17, 2015, they were still evident on Myanmar’s UEC website as of October 20, 2015/November 2015.  In addition, the seventh malware discovered by VirusTotal in Japan on August 21, 2015 and then in Singapore, October 13, 2015.

Read the full ASERT report 

 

The Business of Security

Semafone verifies in a US and UK study that over half of the companies surveyed in both countries, were worried that payment card attacks will happen more often than not.  

Why is this signficant?

  1. Nearly half of the respondents do not fully comply with all PCI requirements. It is important to note that while PCI does place security measures, it does not guarantee security (per the case of Target which was PCI-compliant at time of breach). 
  2. According to the study, businesses recognize that eventually threat actors will infiltrate the systems. 68 percent UK respondents and 51 percent of the US respondents surveyed, have placed resources on “crisis communication plans” that occur after a payment card attack.
  3. Red Flag: enterprises need to gain new perspectives, instead of waving their white flag surrendering to the thought of being breached. A different and more effective angle, which would include continued consumer trust, would be to prevent the exfiltration of data even when the systems are already compromised. 

Read the fully story on SCMagazine