10Fold – Security Never Sleeps – 62

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: A zero-day vulnerability has been discovered in Apple devices that allow hackers to bypass the System Integrity Protection (SIP). A security researcher has claimed that CCTV software may be at fault for credit card breaches in retail stores. After the initial report of ransomware at the Kentucky hospital, rumors of another hospital system in California being affected have surfaced. Microsoft has built in a new feature in the 2016 Microsoft Office software  that could help enterprise admins to block macro malware attacks.  

Apple zero-day vulnerability fully compromises your devices – Publication: ZDNet – Reporter name: Charlie Osborne

A zero-day vulnerability discovered within Apple’s OS X operating system allows hackers to exploit key protection features and steal sensitive data from devices. The critical issue allows for local privilege escalation and bypasses System Integrity Protection (SIP), which is Apple’s newest protection feature. System Integrity Protection was introduced in the OS version El Capitan, and restricts the root account of OS X devices — limiting the actions that the root user can perform on protected parts the system in order to reduce the chance of malicious code performing privilege escalation and hijacking a device.


Firmware bug in CCTV software may have given POS hackers a foothold – Publication: PCWorld – Reporter name: Jeremy Kirk

A researcher with RSA says faulty firmware found in security cameras sold by at least 70 vendors may be a contributor to many of the credit card breaches that have proved costly to retailers. The software, named “Cross Web Server,” proved to be for CCTV DVR (digital video recorder) equipment, which is widely used by retailers for physical monitoring. But the server software was left running and open to the Internet, which is a potential security risk. The big security problem is that this kind of software shouldn’t be accessible from the public Internet. The mere presence of camera software left open to the Internet can help attackers identify a particular network and figure out if one belongs to a retailer.


Updated: More Hospitals Felled by Ransomware – Publication: The Security Ledger – Reporter name: Paul

The Henderson,Kentucky-based facility said it was experiencing an “internal state of emergency” as a result of a computer virus. The news came amid reports by the BBC that two California hospitals: Chino Valley Medical Center and Desert Valley Hospital had also experienced outbreaks. In a statement, Prime Healthcare spokesman Fred Ortega said that no ransom was paid in either case. “Our in-house IT team was able to immediately implement protocols and procedures to contain and mitigate the disruptions. The hospitals remained operational without impacting patient safety, and at no point was patient or employee data compromised. As oftoday most systems have been brought online,” Ortega wrote in an e-mail to Security Ledger.


Now Microsoft Office 2016 can block macro malware attacks – Publication: ZDNet – Reporter name: Liam Tung

With macro-based malware infections on the rise, Microsoft has launched a new Office 2016 feature that can help enterprise admins neuter the threat. Macros are disabled by default in Word, Excel and PowerPoint but attackers behind the banking malware Dridex and the more recent Locky ransomware have well-honed techniques to trick targets into enabling them, allowing malicious macros in email attachments to install malware on a PC. The new “tactical” security feature in Office 2016 allows admins to set scenario-based rules that block macros and prevent users from enabling them in high-risk situations, such as when documents arrive from the internet.