Netizen Threat Brief: 6 June 2018 Edition

Threats:

Listed below is information regarding this week’s most critical threats and preventative measures to lessen the chances of a breach:

  1. Misconfigured Google Groups
  2. Git Bug
  3. Rental Car PII Risk
  4. JScript Bug

1. Misconfigured Google Groups

Overview

Thousands of organizations have been discovered to be leaking sensitive data due to a widespread misconfiguration in Google Groups. Those afflicted include Fortune 500 companies, hospitals, colleges, newspapers, T.V stations, and even government agencies.

Google Groups is a web forum that allows administrators to create mailing lists for specific recipients, and they are able to adjust privacy settings in respect to domains and certain groups. This forum is made available online to users. Many groups are visible to the Internet, and the ability to share outside of the organization is left open.

Recommendations

While this is a misconfiguration issue, Google has not issued any special sort of update or patch. The following link should be used for admins to lock down their google groups: https://gsuiteupdates.googleblog.com/2018/06/configure-your-google-groups-settings.html

Permissions and outside access to users to should be limited within the scope of the organization and respective of how it conducts its business.

2. Git Bug

Overview

Popular git repository hosting services such as Github, GitLab, and MS VSTS were discovered to have two bugs that would allow an attacker to perform arbitrary code execution. An attacker would be able to gain access when a user, or developer, accesses a malicious repository. The more serious of the two is described as a submodule configuration flaw. These submodules can be malicious and directed to execute code. Submodules are used to reference from within a project in an almost hierarchical way. Essentially, submodules allow a developer to keep a Git repository as a subdirectory of another Git repository; letting you clone another repos into your project.

The main concern with the Git vulnerabilities is that a malicious or rogue submodule will trick the repository into running code that is out of its own context (code that it should not be running). This arbitrary execution could allow an attacker to exfiltrate data, pull down a web shell, plant a cryptominer, or even take complete control over the machine that the repository or clone is being run on.

Recommendations

While the aforementioned repository hosting services have patched the vulnerabilities, there are still some best practices to follow with git repos:

  • A git repository cannot contain “..” as a path segment.
  • Examine submodule folders more closely for flaws and inaccuracies.
  • Submodule folders should not be symbolic links.

3. Rental Car PII Risk

Overview

Rental cars now pose a real threat to Personally Identifiable Information (PII). It is common for people to connect their smart phones to their car, either through Bluetooth or USB cable, to either play music, make a phone call, or charge their battery. This common habit, however, may result in the download and retention of your PII. The smart system within the car may store the cellphone number, your location data, and may also store call logs and contacts that have been previously dialed or texted.

Recommendations

Before returning your rental, we recommend the following to protect your PII:

  • A USB connection may transfer data automatically, use a cigarette lighter adapter instead to power and charge devices.
  • If your rental car is equipped, grant access to just the information you want to reveal by using the rental car’s permission screen.
  • Delete your PII from the car’s system. There should be an option to remove your phone from the list of paired devices, which should wipe call logs and remove contacts.
  • Remember to erase your location history from the car’s navigation system by entering the settings and clearing your driving record.
  • Your rental car may have an option to clear all user data or do a factory reset. Talk to a staff member or check online before you drive away in your rental, you may forget or be in a hurry at the end of your trip.

4. JScript Bug

Overview

Microsoft’s custom implementation of JavaScript, known as JScript, can be exploited to allow an attacker to execute malicious remote code on a victim’s PC. Being that the vulnerability is within JScript, that means that the attacker must trick a user into accessing a malicious web page, or download and open a malicious JS file on the system; in this case, that is Windows Script Host (wscript.exe).

It should also be noted that this vulnerability does not lead to full system compromise. Further exploits would be required to advance exploitation however, information accessed on the right computer, like that of a CEO, could be disastrous for a company.

Recommendations

Microsoft is currently working on a patch, however, there are preventative measures that can be taken. We recommend discontinuing the use of applications that rely on JScript as feasible. This includes Internet Explorer, wscript.exe, etc. that process untrusted JS code or files. Users should also be aware of:

  • Malicious email attachments
  • Scrutinize your emails before clicking anything. Did you order or ask for anything for which you’re expecting a confirmation? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
  • Verify that the sender is actually from the company sending the message
  • Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email—this is a huge red flag.

How can Netizen help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.  We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s