10Fold – Security Never Sleeps – 77

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: Ransomware has become such a major threat to both consumers and enterprises that the United States and Canada recently issued a joint alert on this type of malware.  Cisco Systems has released patches to fix serious denial-of-service flaws in its Wireless LAN Controller (WLC) software, Cisco Adaptive Security Appliance (ASA) software and the Secure Real-Time Transport Protocol (SRTP) library that’s used in many products. According to a new survey out by Osterman Research of some 200 enterprises, most organizations still don’t assess database activity continuously and lack the capability to identify database breaches in a timely fashion. Malicious actors have abused PowerShell and Google Docs to deliver a Trojan known as Laziok, FireEye reported on Thursday.

Ransomware: A Formidable Enterprise Threat – Publication: SecurityWeek- Reporter name: STAFF

Ransomware’s extortion-based business model, currently the latest major trend in the cybercrime industry, is marking a major change in the purpose and outcome of malware attacks and has become a major threat to consumers and enterprises alike. Almost unheard of a few years ago, ransomware attacks are making the headlines almost daily, with new malware families emerging nearly every week. This should not be surprising, as the underlining business model for cybercriminals it to hit as many victims as possible and monetize attacks before security researchers react and block their malicious activities.


Cisco fixes serious denial-of-service flaws in wireless LAN controllers, other products – Publication: PCWorld- Reporter name: Lucian Constantin

The Cisco WLC software contains two denial-of-service vulnerabilities, one of which is rated critical and could be exploited by an unauthenticated attacker through specially crafted HTTP requests sent to the device. This can cause a buffer overflow condition that, in addition to a device reload, might also allow for execution of arbitrary code on the device. The second vulnerability, rated high, stems from how the Cisco WLC software handles Bonjour traffic and can be exploited in a similar manner as the HTTP one to cause a device reload. A third DoS vulnerability was patched in the Cisco AireOS software that also runs on some of the company’s Wireless LAN Controller devices. It can be exploited by an unauthenticated hacker by attempting to access a URL that is not generally accessible from and supported by the device’s management interface.


 Databases Remain Soft Underbelly Of Cybersecurity  – Publication: DarkReading – Reporter name: Ericka Chickowski

The study, commissioned by DB Networks, found the top three database security issues among enterprises were tracking compromised credentials; the potential for the organization to experience a major data breach; and the inability of the organization to identify data breaches until it was too late to mitigate damage. At the most basic level, 59% of organizations admit they lack a high degree of certainty about which applications, users, and clients are accessing their databases. And 43% of organizations don’t even have a high degree of certainty about the number and types of databases residing in their IT infrastructure.


Attackers Use PowerShell, Google Docs to Deliver “Laziok” Trojan – Publication: SecurityWeek – Reporter name: Eduard Kovacs

Laziok, a reconnaissance tool and information stealer, was first spotted last year when a threat group leveraged the malware in a sophisticated multi-stage attack campaign targeting energy companies in the Middle East. Attackers exploited an old Windows vulnerability tracked as CVE-2012-0158 to drop the Trojan onto users’ systems. According to FireEye, attackers found a way to bypass Google’s security checks and uploaded the malicious payload to Google Docs. The malware was uploaded in March and remained there until Google was notified by the security firm.