14
NATIONAL KE-CIRT/CC CYBERSECURITY UPDATES 31 st October 2019
NATIONAL KE-CIRT/CC CYBERSECURITY UPDATES
31st October 2019
Summary Headlines
Impact Metric Against Count of Events
Critical High Medium Informative
Regional Highlights 0 0 0 2
Top Stories 0 0 0 6
System vulnerabilities
0 1 0 3
Malware 0 2 0 1
DDoS/Botnets 0 1 0 0
Spam & phishing 0 0 0 1
Web Security 0 3 0 1
Updates & alerts 0 2 0 1
Regional Highlights
Source 1: Business Today ( https://businesstoday.co.ke/ ) https://businesstoday.co.ke/atlantics-technologies-enters-open-compute-project/ Impact value: Informative Tech Disruption Inevitable for Africa’s Data Network Market. Atlantics Technologies has seized this opportunity, becoming the first cloud services provider in Africa to introduce Open Compute Project (OCP) hardware at the East Africa Data Centre, one of the largest data centers in the continent which has been set up in Kenya’s capital, Nairobi. Source 2: Standard Digital ( https://www.standardmedia.co.ke/ ) https://www.standardmedia.co.ke/business/article/2001347377/whatsapp-sues-israeli-firm-nso-over-cyberespionage Impact value: Informative WhatsApp sues Israeli firm NSO over cyberespionage. WhatsApp on Tuesday sued Israeli technology firm NSO Group, accusing it of using the Facebook-owned messaging service to conduct cyberespionage on journalists, human rights activists and others. The suit filed in a California federal court contended that NSO Group tried to infect approximately 1,400 "target devices" with malicious software to steal valuable information from those using the messaging app.
Top Stories
Source 1: The Cipher Brief ( https://www.thecipherbrief.com/ ) Impact value: Informative https://www.thecipherbrief.com/column_article/the-future-of-ai-and-cybersecurity The Future of AI and Cybersecurity. The neural network architecture that underpins a lot of modern AI is immensely powerful but presents a new class of cybersecurity risks that we are only beginning to uncover. This field is known as adversarial learning. Using adversarial learning, hackers can cause neural networks to make errors, causing systems that rely on those networks to fail or reveal confidential information. Source 2: CNBC ( https://www.cnbc.com/ ) https://www.cnbc.com/2019/10/29/facebook-sues-nso-gropu-claims-it-helped-hack-whatsapp.html Impact value: Informative Facebook sues Israeli cybersecurity company NSO and claims it helped hack WhatsApp. Facebook is suing an Israeli cybersecurity company over claims it hacked WhatsApp users earlier this year. In the complaint filed Tuesday, Facebook alleges that NSO Group used WhatsApp servers to spread malware to 1,400 mobile phones in an attempt to target journalists, diplomats, human rights activists, senior government officials and other parties. The lawsuit says the malware was unable to break the Facebook-owned app’s encryption, and instead infected customers’ phones, giving NSO access to messages after they were decrypted on the receiver’s device. Source 3: The Economic Times ( https://economictimes.indiatimes.com/ ) https://economictimes.indiatimes.com/industry/energy/power/npcil-accepts-cyber-attack-on-kudankulam/articleshow/71819958.cms Impact value: Informative NPCIL accepts cyber attack on Kudankulam. NEW Delhi, the Nuclear Power Corporation of India Ltd (NPCIL), on Wednesday accepted cyber attack on its system after issuing a denial on it a day ago.The matter was conveyed by CERT-In when it was noticed by them on September 4, 2019.
Top Stories
Source 4: Bleeping Computer ( https://www.bleepingcomputer.com/ ) Impact value: Informative https://www.bleepingcomputer.com/news/security/worlds-first-domain-registrar-network-solutions-discloses-breach/ World's First Domain Registrar Network Solutions Discloses Breach. World's first domain registrar Network Solutions disclosed a security breach that happened in late August 2019, and allowed a third-party to infiltrate some of the company's computing systems without authorization and potentially access some customers' Personally Identifiable Information (PII). Source 5: The National Law Review ( https://www.natlawreview.com/ ) https://www.natlawreview.com/article/could-your-erp-system-make-you-victim-cybercrime Impact value: Informative Could your ERP system make you a victim of cybercrime? A new survey has given an insight into the vulnerabilities companies running SAP or Oracle enterprise resource planning (ERP) software are facing – with 64% of respondents reporting a breach of their ERP systems in the past 2 years. Source 6: ZDNet ( https://www.zdnet.com/ ) https://www.zdnet.com/article/dns-over-https-google-hits-back-at-misinformation-and-confusion-over-its-plans/ Impact value: Informative DNS over HTTPS: Google hits back at 'misinformation and confusion' over its plans. Google's recent move to enable DNS over HTTPS in Chrome has been a controversial one. Intended to improve user privacy, it's been met with opposition from some ISPs and network security experts. Google this week decided to address what it says are "misconceptions" about its plans in response to claims by US ISP Comcast that Google is trying to grab all DNS data for itself.
System
vulnerabilities
Source 1: ZDNet ( https://www.zdnet.com/ ) https://www.zdnet.com/article/nordvpn-introduces-bug-bounty-program-as-part-of-security-overhaul/ Impact value: Informative NordVPN introduces bug bounty program as part of security overhaul. NordVPN has announced a series of initiatives that it says will significantly improve the security of its infrastructure after an attacker gained access to one of its servers following the confirmation last week that a server it was renting from a data center in Finland was exploited by an attacker via an insecure remote management system left by the data center provider. Source 2: Security Week ( https://www.securityweek.com/ ) https://www.securityweek.com/critical-vulnerabilities-found-rittal-cooling-system Impact value: Informative Critical Vulnerabilities Found in Rittal Cooling System. Two critical authentication-related vulnerabilities have been found in a chiller made by Germany-based Rittal for cooling IT applications. One of the flaws uncovered by Applied Risk in the Rittal SK chiller, tracked as CVE-2019-13549, allows an attacker to bypass authentication and access critical functions by navigating to a specific URI. The second weakness, CVE-2019-13553, is related to the existence of hardcoded credentials that allow an attacker to access the system. https://www.securityweek.com/apple-patches-tens-vulnerabilities-macos-catalina-ios-13 Impact value: Informative Apple Patches Tens of Vulnerabilities in macOS Catalina, iOS 13. Security updates released by Apple this week for iOS 13 and macOS Catalina 10.15 address roughly 40 vulnerabilities, including issues that affect both operating systems.
System
vulnerabilities
https://www.securityweek.com/mikrotik-router-vulnerabilities-can-lead-backdoor-creation Impact value: High MikroTik Router Vulnerabilities Can Lead to Backdoor Creation. Researchers uncovered vulnerabilities in MikroTik routers that can lead to the creation of a backdoor. These vulnerabilities, when chained together, can be exploited to change system passwords and gain a route shell. Mikrotik has released patches for these vulnerabilities.
Malware
Source 1: Cyber Scoop ( https://www.cyberscoop.com/ ) Impact value: High https://www.cyberscoop.com/winniti-charming-kitten-cylance/ BlackBerry Cylance: More and more APT groups are relying on mobile malware to track dissidents. State-backed hackers from China and Iran have long been spying on their country’s political dissidents using mobile malware, but new research from BlackBerry’s Cylance shows these same nation-state hackers, including groups that have previously been unknown, also are using the malware to monitor targets abroad. Source 2: Bleeping Computer ( https://www.bleepingcomputer.com/ ) Impact value: High https://www.bleepingcomputer.com/news/security/maze-ransomware-attacks-italy-in-new-email-campaign/ Maze Ransomware Attacks Italy in New Email Campaign. The Maze ransomware has been spotted in a new malicious campaign in Italy. The campaign sends spam emails under the guise of the country's Tax and Revenue Agency. The email contains a word document that claims to be the new guidelines for businesses and citizens. Source 3: ITPRO ( https://www.itpro.co.uk/ ) Impact value: Informative https://www.itpro.co.uk/security/34710/forget-ransomware-a-lack-of-global-norms-is-killing-the-security-industry Forget ransomware, a lack of global norms is killing the security industry. One of the biggest challenges for businesses around the world is the inability to properly attribute cyber attacks and enforce prosecution. The industry also needs globally accepted rules on data sharing agreements so businesses and nations can collect adequate evidence needed to prosecute cyber attackers. These rules simply don't exist today and there is a complete lack of agreement as reported IT Pro.
DDoS/Botnets
Source 1: The Diplomat ( https://thediplomat.com/ ) https://thediplomat.com/2019/10/kyrgyz-news-site-kloop-knocked-offline-by-ddos-attack/ Impact value: High Kyrgyz News Site Kloop Interrupted by DDoS Attack. In another DDoS attack reported today, the Kloop website was a successful target. This attack led to the site being inaccessible to some of the readers. The attack, that reportedly began at 3 am UTC on September 29, 2019, was mitigated.
Spam & Phishing
Source 1: Cambridge News ( https://www.cambridge-news.co.uk/ ) https://www.cambridge-news.co.uk/news/uk-world-news/amazon-prime-phone-call-scam-17118345 Impact value: Informative Amazon Prime phone call scam defrauds elderly woman of £25k. A new phone call scam involving Amazon Prime has come to light. An automatic phone call informs the victim that they’ve been charged for an Amazon Prime subscription. There are many variations of this scam but all of them convince the victim to press ‘1’ and connect them to a premium rate number.
Web Security
Source 1: BBC News ( https://www.bbc.com/ ) Impact value: High https://www.bbc.com/news/technology-50222778 Currys PC World customers scammed via eBay. Thousands of pounds were stolen from Currys PC World customers when malicious actors hijacked the firm’s eBay account. The hackers are said to have changed the payment details on the eBay listings. The affected customers have been promised a refund. Source 2: ZDNet ( https://www.zdnet.com/ ) Impact value: High https://www.zdnet.com/article/largest-cyber-attack-in-georgias-history-linked-to-hacked-web-hosting-provider/ Largest cyber-attack in Georgia's history linked to hacked web hosting provider. More than 15,000 websites have been defaced and taken offline in Georgia’s reportedly largest cyberattack. These websites belong to government agencies, media, banks, and courts, among others. The attack is said to have happened by breaching the network of a web-hosting provider Pro-Service. Source 3: Security Affairs ( https://securityaffairs.co/ ) Impact value: High https://securityaffairs.co/wordpress/93139/deep-web/card-database-sale-dark-web.html Details for 1.3 million Indian payment cards available on the dark web, its the biggest single card database ever. More than 1.3 million payment card details were found to be up for sale on Joker’s Stash, a large carding shop on the internet. These card details were found to be primarily belonging to Indian card owners. Early analysis indicates the possibility of the details being obtained from skimming devices in POS systems or ATMs.
Web Security
Source 4: Naked Security ( https://nakedsecurity.sophos.com/ ) Impact value: Informative https://nakedsecurity.sophos.com/2019/10/29/php-team-fixes-nasty-site-owning-remote-execution-bug/ PHP team fixes nasty site-owning remote execution bug. The PHP team has released patches for a remote execution flaw that potentially allows the take over of any site. The flaw was in the PHP7 version, and only affects instances running on the Nginx web server and using the PHP FastCGI Process Manager (PHP-FPM).
Bulletins
Source 1: US-CERT - Security Bulletin Mailing List ( http://www.us-cert.gov/cas/bulletins/ )
https://www.us-cert.gov/ncas/bulletins/SB19301 Vulnerability Summary for the Week of October 21, 2019. Recorded by National Institute of Standards and Technology and National Vulnerability. Source 2: Oracle Security Bulletins ( http://www.oracle.com/technetwork/topics/security/alerts-086861.html )
https://www.oracle.com/security-alerts/cpuoct2019.html Oracle Critical Patch Update Advisory - October 2019; advised action to run available security updates. https://www.oracle.com/security-alerts/alert-cve-2019-2729.html Oracle Security Alert Advisory - CVE-2019-2729. Decentralization vulnerability in Oracle WebLogic Server exploitable without authentication requirements; advised action to run security updates. https://www.oracle.com/security-alerts/bulletinoct2019.html Oracle Solaris Third Party Bulletin - October 2019; advised action to apply necessary patches. https://www.oracle.com/security-alerts/linuxbulletinoct2019.html Oracle Linux Bulletin - October 2019; advised action to apply necessary Oracle Linux Bulletin fixes. https://www.oracle.com/security-alerts/public-vuln-to-advisory-mapping.html Map of CVE to Advisory/Alert; advised action to apply the critical patch update for protection against known vulnerabilities. https://www.oracle.com/security-alerts/linuxbulletinoct2019.html Oracle VM Server for x86 Bulletin - October 2019; advised action to apply necessary Oracle VM Server for x86 Bulletin fixes.
Updates & Alerts
Source 1: Cisco Security Advisories & Alerts(http://tools.cisco.com/security/center/publicationListing.x )
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fmc-rce
Impact value: High
Cisco Firepower Management Center Remote Code Execution Vulnerability. Due to insufficient input
validation, an attacker could execute arbitrary commands within the affected device.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fmc-
com-inj
Impact value: High
Cisco Firepower Management Center Command Injection Vulnerability. Due to insufficient validation
of user-supplied input to the web UI, a remote attacker could inject arbitrary commands that are
executed with the privileges of the root user of the underlying operating system.
Source 2: Bleeping Computer ( https://www.bleepingcomputer.com/ ) Impact value: Informative https://www.bleepingcomputer.com/news/google/chrome-78-disables-code-integrity-check-to-mitigate-aw-snap-crashes/ Chrome 78 Disables Code Integrity Check to Mitigate "Aw Snap!" Crashes. Google decided to temporarily disable the Code Integrity feature activated in Chrome as users report more "Aw Snap!" crashes caused by incompatible software on the system. The issue was initially identified on systems with outdated versions of Symantec Endpoint Protection (SEP) and was pinned to incompatibility with the Renderer Code Integrity feature from Microsoft that had been just enabled in Chrome 78.
www.ke-cirt.go.ke
