Imperva cloud firewall pwned, how Teamviewer was ransacked, D-Link bug uncovered, etc
Roundup It’s time for another security news catch-up.
Imperva announces database break-in
Security house Imperva says that back in October of 2018 an attacker got hold of an API that was then used to access an AWS database containing customer emails along with hashed and salted passwords.
The company found out about the intrusion in August of this year and, following several weeks of investigation, is delivering their findings.
“We have since gone back and looked for malicious activity, leveraging threat intelligence feeds in conjunction with audit logs (see product security update below), related to accounts in the dataset,” said Imperva CTO Kunal Anand.
“Thus far, we have not found any malicious behavior targeting our customers (logins, rule changes, etc.) and have implemented procedures to continue monitoring for such activity. We remain vigilant, however, and will continue to monitor for malicious behavior.”
DCH caves, pays ransom
Early in October, Alabama-based hospital chain DCH announced that it had fallen victim to a ransomware attack.
The hospitals now say they are recovering, but it has come at a steep price. DCH has admitted that in order to begin the process of getting its systems back online, the hackers’ ransom demands had been paid.
“In collaboration with law enforcement and independent IT security experts, we have begun a methodical process of system restoration,” DCH said.
“We have been using our own DCH backup files to rebuild certain system components, and we have obtained a decryption key from the attacker to restore access to locked systems.”
This is a good time to point out that paying the ransom demand is generally a bad idea and more often than not, doesn’t actually work. Instead, keeping regular backups and having a recovery plan are advised.
Old D-Link routers get fresh crop of bugs
Fortinet has issued a warning over new vulnerabilities in D-Link routers. The command injection flaw was uncovered by Fortinet and is present in the DIR-655, DIR-866L, DIR-652, and DHP-1565 lines.
Unfortunately for users, these routers are end-of-life, so there won’t be any firmware updates coming.
FireEye says Teamviewer was target of hacking crew
A group of researchers with FireEye say that a hacking group known as APT41, thought to be operating out of China, used vulnerabilities in the admin tool TeamViewer to get into the networks of their targets. From there, the attackers were able to move on to get access to SMS messages and other communications.
Direct email marketing biz Click2Mail confirmed it was hacked. “We have learned that your personal information, including name, organization name, account mailing address, email address, and phone number may have been compromised,” it told customers in an email.
Ormandy strikes again with Visual Studio bug
Google bug-hunter Tavis Ormandy has disclosed a new security vulnerability, this time in Visual Studio for Linux and Windows. According to Ormandy, an attacker could be able to trigger a remote debugger with a webpage, potentially allowing for a sandbox escape. The flaw was fixed before Ormandy went public, so a software update should keep you safe.
Manhattan prosecutors accused of hacking iPhones during investigations
A report from OneZero claims that going back to 2018, the District Attorney’s office has been working with phone-hacking company Cellebrite.
“A contract obtained by OneZero shows that the Manhattan District Attorney’s office — one of the largest and most influential prosecution offices in the country — has had UFED Premium in-house since January 2018. According to the contract, the DA’s office agreed to pay Cellebrite about $200,000 over three years for UFED Premium,” the report reads.
“The $200,000 fee covered software licensing and installation, training for select office personnel on the platform, and an agreed-upon number of phone cracks.”
Cisco Talos warns of PDF reader flaws
The team at Talos has disclosed a set of vulnerabilities in the Nitro PDF application that could potentially allow for remote code execution via poisoned documents. There is currently no patch available, so users and admins should take care if they are using Nitro to handle PDFs obtained from untrusted sources. ®
Sponsored:
How to Process, Wrangle, Analyze and Visualize your Data with Three Complementary Tools
Article source: http://go.theregister.com/feed/www.theregister.co.uk/2019/10/14/security_roundup_october/