Netizen Cybersecurity Bulletin: 26 September 2018 Edition

In this issue:

In this week’s issue, you’ll find information regarding the most current critical threats and preventative measures to lessen the chances of a breach.

  • Phish Tale of the Week!
  • Cisco Video Surveillance Manager Vulnerability
  • FEMA Tests Emergency Alert System to Mobile Devices
  • A Frozen Firefox Attack
  • How can Netizen Help?

Phish Tale of the Week

This week’s phishing email claims it originates from SharePoint. This one is poorly formatted, we do not receive fax reports, and overall looks unprofessional:

phish25

Recommendations:

A phishing email will typically direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account numbers. A legitimate company already has this sensitive information and would not ask for it again, especially via email.

  • Scrutinize your emails before clicking anything. Did you order or ask for anything for which you’re expecting a confirmation? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
  • Verify that the sender is actually from the company sending the message.
  • Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email—this is a huge red flag.
  • Do not give out personal or company information.
  • Review both signature and salutation.
  • Do not click on attachments.
  • Do not click on unrecognized links. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.
  • Be wary of poor spelling, grammar, and formatting. As can be seen with the with this email, there are multiple spelling, grammar, and formatting errors, leading us to believe that the message is illegitimate. If an email is visually unprofessional, the sender is likely not who they say they are.

Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action or that is addressing you in a threatening manner should be questionable. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Staff Pay Raises 2018” may seem like something you really want to know about, but it could just be a ploy to plant malware on your system or steal your credentials.

Cisco Video Surveillance Manager Vulnerability

A critical vulnerability contained in the Cisco Video Surveillance Manager (VSM) software has been discovered with the potential to allow unauthenticated access. Attackers would be able to remotely log in and execute arbitrary commands as the root user. The vulnerability is a straight forward one in that the affected versions contain static user credentials for the root account.

Luckily these default credentials are not documented publicly. However the chance of an exploit remains a very real possibility. The static/default credentials exist because the root account of the affected software was not disabled before the Cisco installation. As it stands, there has been no word of any exploits circulating “in the wild.”

Recommendations:

There are no workarounds for this issue, however, Cisco has released a patched for affected versions:

  • VSM 7.10
  • VSM 7.11
  • VSM 7.11.1

Affected versions are vulnerable if running on the following Cisco Connected Safety and Security Unified Computing System (UCS) platforms:

  • CPS-UCSM4-1RU-K9
  • CPS-UCSM4-2RU-K9
  • KIN-UCSM5-1RU-K9
  • KIN-UCSM5-2RU-K9

Versions not affected:

  • Cisco VSM Software Releases 7.9 and earlier
  • Cisco VSM Software Releases 7.10, 7.11, and 7.11.1 running on CPS-UCSM4-1RU-K9 and CPS-UCSM4-1RU-K9 platforms if Cisco VSM Software Release 7.9 or earlier was preinstalled on the platform by Cisco and the software was subsequently upgraded to Release 7.10, 7.11, or 7.11.1 by the customer
  • Cisco VSM Software that is running on the VMware ESXi platform

We recommend that the devices to be upgraded should contain sufficient memory and to confirm that current hardware and software configurations will continue to be supported properly by the new patch; this means performing a complete and tested backup of current device configurations.

FEMA Test Emergency Alert System to Mobile Devices

Netizen frequently provides details of phishing attempts, but this week we are bringing to your attention news of an alert which will come to your mobile device:

The Federal Emergency Management Agency (FEMA), in coordination with the Federal Communications Commission (FCC), will conduct a nationwide test of the Emergency Alert System (EAS) and Wireless Alert System (EAS) on October 3, 2018. The WEA portion of the test commences at 2:18 p.m. EDT, and the EAS portion follows at 2:20 p.m. EDT. The test will assess the operational readiness of the infrastructure for distribution of a national message and determine whether improvements are needed.

The WEA test message will be sent to cell phones that are connected to wireless providers participating in WEA. This is the fourth EAS nationwide test and the first national WEA test. Previous EAS national tests were conducted in November 2011, September 2016,  and September 2017 in collaboration with the FCC, broadcasters, and emergency management officials in recognition of FEMA’s National Preparedness Month.
The test message will be similar to regular monthly EAS test messages with which the public is familiar. The EAS message will include a reference to the WEA test:

“THIS IS A TEST of the National Emergency Alert System. This system was developed by broadcast and cable operators in voluntary cooperation with the Federal Emergency Management Agency, the Federal Communications Commission, and local authorities to keep you informed in the event of an emergency. If this had been an actual emergency an official message would have followed the tone alert you heard at the start of this message. A similar wireless emergency alert test message has been sent to all cell phones nationwide. Some cell phones will receive the message; others will not. No action is required.”

The WEA test message will have a header that reads “Presidential Alert” and text that says:

“THIS IS A TEST of the National Wireless Emergency Alert System. No action is needed.”

The WEA system is used to warn the public about dangerous weather, missing children, and other critical situations through alerts on cell phones. The national test will use the same special tone and vibration as with all WEA messages (i.e., Tornado Warning, AMBER Alert).

Additional information can be found at https://www.fema.gov/emergency-alert-test

Frozen Firefox Attack

A recently released proof-of-concept attack utilizes JavaScript to crash or freeze recent versions of Mozilla Firefox when victims visit a specially designed web-page through the browser.

The source code for this attack was released on Sunday, September 23rd by a security researcher, and has been officially dubbed as Browser Reaper. This attack is said to be able to crash Firefox versions 62.0.2 and earlier.

The security researcher who released the proof-of-concept has also released Browser Reaper source code for both Chrome and Safari as well, after a proof-of-concept was released last week that caused iOS devices to crash and restart when visiting a website with specially crafted Cascading Style Sheets (CSS) and HTML code, which makes up a large percent of websites today.

Browser Reaper currently utilizes JavaScript to follow through with its attack. Javascript is one of the top 3 core technologies that make up the majority of internet websites today. It allows for more interactive browsing experience, but can also be used for nefarious actions. In the case of Browser Reaper, it generates a file with a very long name and begins to try and download itself onto your computer. By doing this million of times within a small amount of time, the browser becomes overwhelmed and eventually crashes.

Recommendations:
  • Practice safe browsing practices by being wary of suspicious links.
  • Consider using a browser add-on that disables JavaScript and another popular web script by default.
  • Continue to update web software at regular intervals.

How can Netizen help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.  We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is an ISO 27001:2013 (Information Security Management) certified company.

ISO

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s