Screen Shot 2017-09-08 at 10.01.23.png
This week ShadowBrokers released another NSA exploit, UNITEDRAKE that will probably not be noticed due to the Equifax data breach that affected at least 143 million;  Apache Struts released a patch for a vulnerability that could potentially take over a website.

  

Highlighting the cyber-security news from the past week in a 120 sec. read. Starting now.

NSA Exploits

ShadowBrokers is at it again and released another NSA exploit, UNITEDRAKE.

Why is this significant?

              • UNITEDRAKE initially originated from the NSA that was used to capture information. This information that can be gathered by tapping into webcams, keystrokes, microphones and when the mission is complete, it self-destructs.
              • Shadowbrokers have committed to those that have subscribed to the release of exploits and will post two exploits per month.
              • UNITEDRAKE is similar to that of ETERNALBLUE (the exploit responsible for the worldwide ransomware attack, WannaCry) in that it affects “Windows XP, Windows Server 2003 and 2008, Vista, Windows 7 SP 1 and below, as well as Windows 8 and Windows Server 2012”.

Read the full story in ZD Net

Data Breach

Yesterday, Equifax published a data breach that affected at least 143 million people.

Why is this significant?

                  • Equifax discovered the data breach, July 29th. There is evidence that the breach lasted from May 2017 until July 2017.  Why did Equifax wait more than a month to report the breach?
            • Most data breach victims are offered free credit monitoring services such as Equifax. What are the chances that someone used Equifax after their data was compromised?
            • The cost of this data breach is still not determined, but given the amount of sensitive information, it could prompt a class action suit to add with breach costs.
            • This is not the first-time Equifax was breached and raises a bigger question mark on their security practices.

Read the full story in CNBC

 

Vulnerabilities

Apache Struts 2, an open-source framework that supports a wide range of customer-facing Web applications.

Why is this significant?

              • Apache Struts released a patch for a vulnerability that can potentially take over a company’s website. This vulnerability is complicated to identify if a user is at risk and difficult to update.
              • Back in March, another Apache Struts bug was patched, only for attackers to exploit again after only 3 days of being patched.
          • Websites that were created with older versions need to use the new version to rebuild vulnerable Web apps, which is a tedious process and developers may need to change the code that calls the Struts framework.

Read the full story in Ars Technica