NCF Blog/Press

Recent Cybersecurity News for Week Ending 8 June 2018

Genealogy Firm Suffers Massive Data Breach

Israeli genealogy firm MyHeritage announced on 4 June 2018 that over 90 million user accounts were compromised in a data breach last October. Email addresses and password hashes were found by a researcher on a private server, resulting in the announcement of the compromise. MyHeritage noted that anyone who signed up for their services from 2003 until 26 October 2017 had their email and password hashes compromised in the breach. MyHeritage stores only the hashes, not the actual passwords, but they recommended that users change passwords as a precaution. Meanwhile, the company is implementing two-factor authentication. The MyHeritage breach may be the first one since implementation of the EU’s General Data Protection Regulation (GDPR) in May. GDPR requires notification within 72 hours of any breach affecting EU citizens. CSO Online, 5 June 2018

Congress Working to Thwart ZTE Despite President’s Direction

In response to President Trump’s recent direction to ease up on Chinese telecommunications manufacturer ZTE after the U.S. imposed a seven-year ban on U.S. companies selling parts to ZTE, imposed a $1 billion fine, and other penalties, the U.S. Congress is moving forward with legislation to continue blocking Federal Government purchases or leases of ZTE equipment. Sen. Marco Rubio (R-FL) is leading a bi-partisan effort to reinstate the penalties imposed on ZTE by the Commerce Department for violating sanctions against North Korea and Iran. The measure to include language in the defense spending bill was co-sponsored by Sen. Tim Cotton (R-Ark), Sen. Chris Van Hollen (D-MD), and Senate Minority Leader Chuck Shumer (D-NY). Senators from both parties consider ZTE a security risk because of its closeness to the Chinese government. Source: The Washington Post “The Cybersecurity 202,” 8 June 2018

Russian Threat Actor Changes Tactics

Researchers at Palo Alto Labs have identified a new trend in use by Russian APT-28, also known as the Sofacy threat group, and widely assumed to be associated with Russian Military Intelligence. In contrast to Sofacy’s past tactics, techniques and procedures (TTP) of surgical attacks like spearphishing against targeted organizations, the hacking group recently has used a shotgun approach to target many users in the same organization, with most targets in government foreign affairs organizations of various countries. The new tactics also include parallel attacks, meaning that multiple types of malware are used at the same time, sometimes in different coding languages like AutoIT, C++, and Delphi. The reason for these changes in Sofacy’s TTP are not clear. Researchers noted that the “noisier” approach makes the intrusions more visible to network monitors and contrasts with Sofacy’s typical “quieter” and harder to detect TTP. Bleeping Computer, 7 June 2018

Atlanta Continues to Recover from Cyberattack

The March ransomware attack on the City of Atlanta continues to impede delivery of basic services, according to a recent report. The attack affected more than a third of the city’s 424 software programs. At least 30 of these programs impacted critical services such as the police and court system. The city is allocating an additional $9.5 million to help remediate the damage in addition to $35 million earmarked for technology upgrades in the city’s budget. This amount may increase after completion of the full assessment of the damage caused by the attack. Atlanta did not pay the $51,000 in Bitcoin demanded by the hackers. Reuters, 6 June 2018

Cisco Releases Security Fixes

On 6 June, US-CERT released updates to address vulnerabilities in multiple products. Left unpatched, the vulnerabilities could allow a malicious actor to take control of a system. Click HERE to see main article with links to individual product security fixes - listed below.

* Cisco Prime Collaboration Provisioning Unauthenticated Remote Method Invocation Vulnerability

* Cisco IOS XE Software Authentication, Authorization, and Accounting Login Authentication Remote Code Execution Vulnerability

* Cisco Web Security Appliance Layer 4 Traffic Monitor Security Bypass Vulnerability

* Cisco Prime Collaboration Provisioning SQL Injection Vulnerability

* Cisco Prime Collaboration Provisioning Unauthorized Password Reset Vulnerability

* Cisco Prime Collaboration Provisioning Unauthorized Password Recovery Vulnerability

* Cisco Prime Collaboration Provisioning Access Control Bypass Vulnerability

* Cisco Prime Collaboration Provisioning Access Control Vulnerability

* Cisco Network Services Orchestrator Arbitrary Command Execution Vulnerability

* Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Session Initiation Protocol Denial of Service Vulnerability

* Multiple Cisco Products Disk Utilization Denial of Service Vulnerability

* Cisco Meeting Server Information Disclosure Vulnerability

* Cisco Adaptive Security Appliance Web Services Denial of Service Vulnerability

Return to our HOME PAGE