Our new weekly security roundup series covers the week’s trending topics in the world of information security. In this compilation, we’ll let you know of the latest announcements, reports and controversies that the industry has been talking about recently.
Here’s what you don’t want to miss from the week of August 3rd, 2015:
- Security researcher Trammell Hudson, who last year developed the Thunderstrike exploit on Apple Macs, presented with researchers Xeno Kovah and Corey Kallenberg at Black Hat in Las Vegas this past week. Hudson’s new research demonstrates that attackers can exploit a vulnerability known as “Darth Venamis” to access a Mac’s firmware. If coupled with a Thunderstrike attack, malicious actors can create a “firmworm” that can transfer between machines via an infected Thunderbolt device and subsequently run malicious code. According to Forbes, Apple may be partially to blame as its original patch for the Darth Venamis vulnerability does not prevent attackers from accessing the System Management Mode (SMM), which can be used to access everything going into a machine’s memory.
- A white hat hacker found a vulnerability in older drug infusion pumps made by Hospira that allows an attacker to assume control of the device and change the designated dosage, which could result in life-threatening situations for patients who are in need of immediate care. The Department of Homeland Security has issued an alert on the manner, as has the Food and Drug Administration, which warned that the FTP and telnet ports on the drug pumps must be closed. Hospira is currently working with hospitals affected by this vulnerability to adopt alternate infusion systems.
- According to a report released by RSA Research, a group of Chinese hackers is using what is estimated to be a 1,500-node VPN array known as “Terracota” to launch malicious attacks against non-Chinese corporations from behind the “Great Firewall of China.” These attackers, as Brian Krebs notes, are thought to go by the names “Shell_Crew” and “Deep Panda.” Security experts have tied those malicious actors to a number of high-profile attacks in recent months, including the breaches at the Office of Personnel Management, Anthem, and Premera.
- On July 28th, security firm Malwarebytes picked up on a large malvertising campaign targeting Yahoo!’s ad network. This particular campaign leveraged Microsoft Azure websites and two separate domains to deliver unto victims the Angler Exploit Kit, the most prevalent exploit kit in existence today that earlier this year adopted “domain shadowing” as an evasion technique. Yahoo! has since taken action. As of this writing, the malvertising campaign is no longer in operation.
- WordPress announced the release of version 4.2.4 and urged users to update their sites immediately. According to an advisory posted by the company, the newest version addresses a number of vulnerabilities, including three cross-site scripting (XSS) flaws and a potential SQL injection bug that could be used to compromise a site. This update comes only a few weeks after WordPress released another update that patched a critical XSS vulnerability.
- Application security firm Prevoty released new research at Black Hat USA 2015 that illustrates the extent to which business pressures prevent app developers from dedicating more time to securing their products. Nearly 70 percent of respondents to the report, titled “The Impact of Security on Application Development,” admitted that business pressures to release new applications quickly often override security concerns. These forces, as nearly half (43 percent) of respondents reveal, result in the premature release of vulnerable applications approximately 80 percent of the time.
- FireEye published a new report explaining that it recently uncovered 11 applications within the Hacking Team arsenal that attackers could use to target non-jailbroken iOS devices via ‘Masque’ attacks. These apps, including fake versions of Twitter, Facebook, and WhatsApp, all come with an extra script designed to exfiltrate data and communicate with a remote server. The bundle identifiers for each of these apps are the same as those for the genuine apps, meaning that even iOS devices 8.1.3, which are patched against Masque attacks, can be compromised using a special bundle identifier.
- RiskIQ has published the results of new research on the state of malicious advertisements, or “malvertisements.” In the first half of 2015, malvertisements increased 260 percent (450,000) as compared to all of 2014 (250,000). June’s number of malvertisements alone jumped 60 percent (80,000) as compared to the same period last year (50,000). Much of these malicious ads have taken on the guise of fake Flash updates, among other ads for newer software versions. This class of malvertisements has surpassed exploit kits as the most common way for attackers to install malware on victims’ computers.
Title image courtesy of ShutterStock