Ensilo_Blog_10-26-16-500x500.jpg

This week we saw the impact of a huge DDos cyber attack that hit the Internet on Friday;  CVE-2016-5195 or "Dirty COW" a vulnerability that has lasted in Linux devices since 2007 was brought to the light;  LeakedSource exposes breaches for both Foursquare and Weebly.

Highlighting the cyber-security news from the past week in a 120 sec. read. Starting now.


Cyber Attack

Botnet (possibly Mirai) built of Internet of things (IoTs) looks to be the reason for the major DDoS attacks that hit major websites on Friday.

why is this signficant?

  • Dyn an internet performance management company was the target in the most recent DDos attacks that caused a major disruption for popular websites such as Amazon, Etsy, Netflix, Reddit, Spotify, and Twitter to name a few.
  • Common traits that Dyn reported is that one of the sources of the attack are coming from devices such as DVRs, Printers, and other appliances connected to the Internet making it an IoTs DDos attack and also the use of Mirai malware to execute the attack.
  • 3 waves of attacks hit in the morning, afternoon and late afternoon.  The effect of these attacks was obvious due to major websites that people regularly visit were down.  The extent of this particular DDoS attack is still being investigated, but hit a high number of websites that were made public and some that did not go public.
  • Unfortunately, this sort of attack leveraging IoT is only the start. Similar to the 1990s where security for PCs was an afterthought, we’re bound to see security threats targeting IoTs that have weakened security. The issue isn’t just vulnerabilities (for example, in Defcon they 47 zero days in IoT devices in a single day), but also the lack and issues that come with updates and fixes.

Read the full story on Krebs On Security

Vulnerabilities

CVE-2016-5195, aka Dirty COW, was the latest patched zero-day that affected Linux production servers.

why is this signficant?

  • This vulnerability has existed since 2007, although there is not any evidence of this zero day being exploited, this is a critical vulnerability. While as a start, this vulnerability must be patched it does signify a bigger problem where zero-day vulnerabilities exist. We cannot just continue relying on vulnerabilities being found, fixed and applied.
  • “CVE-2016-5195 is a race condition in the way the "Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings", according to Red Hat. 
  • Attackers can elevate their privileges and this possibility threatens the device at root level; bringing it back to the IoT DDoS attack just described earlier, this Dirty COW vulnerability will probably exist in loads of IoT devices for a long time.” 

Read the full story on Softpedia

Breach

LeakedSource was sent Weebly’s database and data from Foursquare that was apparently obtained during breaches.

why is this signficant?

  • Weebly, a web design platform was hacked and 43M accounts were affected from the breach.  Apparently, this breach took place in February 2016. Foursquare, was also reported as breached with 23M accounts affected, although they deny the breach.
  • Usernames, passwords and IP addresses were reported to being stolen in the Weebly breach. Being a web design platform, the attackers were most likely looking to obtain username/ password/ server address in order to take full control of the servers.
  • In response to the breach, Weebly has requested customers to reset passwords.  This emphasizes the need to use different passwords for multiple accounts (as most do).

Read the full story Tech Crunch