symantec_vulnerability.jpg

In this week’s news Symantec was hit with a reality check as Tavis Ormandy discovered an exploit that he termed “could be as bad as it gets”, another PoS breach on a Noodles & Company that hit 28 U.S. States, and Facebook tagging was laced with a malware campaign that hijacked at least 10K Facebook accounts.

Highlighting the cyber-security news from the past week in a 120 sec. read. Starting now.

 


 

Vulnerabilities

Google’s Project Zero researcher, Tavis Ormandy exposed flaws in Symantec’s entire suite of anti-virus products saying “could be as bad as it gets".

why is this signficant?


  • These flaws affect Symantec’s 17 AV products and 8 Norton products and contain a rare, if not the only of its kind- vulnerability in a multi-platform remote kernel.  The exploit could potentially allow the attacker "to gain remote-code execution on a machine, a hacker’s dream”.  A hacker’s dream is an enterprise’s nightmare.
  • "The most severe vulnerability is that of the remote-kernel buffer overflow which affects pretty much all platforms. Remote kernel vulnerabilities are very rare and in fact, I don’t remember any multi-platform remote kernel vulnerability. Note that the vulnerability still remains Critical even in the case where remote-code-execution is not possible (to recall, the goal of most remote exploits is to run code on the remote machine), since being able to shutdown a company by creating a Blue Screen/Kernel Panic remotely is a powerful DDoS attack where it will be very hard for the company to understand what hit them.” Udi Yavo, enSilo co-founder and CTO
  • Some of the flaws should have been eliminated during product development and Symantec used a lot of open source libraries with known vulnerabilities that were not updated for 7(!) years, which shows the importance of even the most talented security researchers needing to have some type of connection  with product development and code review cycles.

Read the full story on Wired

Breaches

Noodles & Company was hit with the latest PoS malware attack affecting hundreds of customers in a reported 28 U.S. States.

why is this signficant?

  • Noodles & Company did not want to say how many of their customers were affected in the breach until they complete the investigation.  Customers who dined between January 31 - June 2, 2016 could be a victim and are encouraged to report unauthorized charges to their financial institution.
  • PoS malware attacks have a track record of not being detected by the retailer, restaurant, casino, etc. This PoS malware went undetected for nearly 5 months and it was only brought to Noodles & Company’s attention due to numerous credit card institutions connecting the dots of unauthorized charges of their customers that brought on the breach investigation.
  • PoS malware not only is a pain in the A for victims to have to do their own investigation and reporting; PoS malware also creates a problem for the retailer, restaurant, casino due to having to having to take their credit/debit card terminals offline for the first part of the investigation which usually results in the loss of sales.

/**See how enSilo protects Point of Sales system while enabling them to keep working also during investigation and remediation: http://pages.ensilo.com/virtual-patching-and-point-of-sales **/

Read the full story on The Register

Malware

Facebook users experienced usual activity as a malware campaign hit 10K users in a number of countries around the world.

why is this signficant?

  • The malware campaign targeted countries primarily in South America, Europe, Tunisia, and Israel.
  • The attackers’ tactic lured in the Facebook user by sending a message impersonating the users’ friends in which it stated the user was tagged to encourage the use/victim to click on the malware that gave the attacker the ability to hijack the Facebook accounts, all 10K.
  • The tactics of cyber attackers are continuously on the rise.  This social engineering campaign gave the attacker/s the ability to modify privacy settings and squeeze data to be used to spread the malware to user/victim’s Facebook friends, as well as steal & manipulate data.  Facebook has since blocked the threat.

Read the full story on SC Magazine