The Most Comprehensive Data Protection Solution

Discover, classify, and protect your data from all threats with the only Gartner Magic Quadrant DLP and Forrester Wave EDR Leader.

First and Only Solution to Converge:

  • Data Loss Prevention
  • Endpoint Detection and Response
  • User and Entity Behavior Analytics
DATAINSIDER

Digital Guardian's Blog

Friday Five: 10/27 Edition



Catch up on all the week's InfoSec news with this roundup!

1. EternalRomance Exploit Found in Bad Rabbit Ransomware by Mike Mimoso

Researchers with Cisco said Thursday that Bad Rabbit, a strain of ransomware that hit hundreds of targets in Russia and Ukraine earlier this week, did indeed use the leaked NSA exploit EternalRomance. This isn’t particularly a surprise; many experts compared the ransomware to NotPetya, a strain of ransomware that also exploited EternalRomance, responsible for taking down multiple businesses in June. The news does contradict statements made by many researchers who said earlier this week the ransomware didn't use EternalRomance or EternalBlue. Cisco researchers said Thursday that Bad Rabbit uses a "different implementation of the EternalRomance exploit" to overwrite a kernel's session security context to launch remote services.

2. High Severity Vulnerability Found in SecureDrop System by Patrick Howell O'Neill

Engineers behind SecureDrop, open source software that helps facilitate communication between journalists and sources, were forced to fix a bug last week that could have left users at risk. The software is used by a number of media outlets, namely the New York Times, the Washington Post, and The Intercept. SecureDrop developers said the vulnerability, which could have rendered systems unable to verify key packages, would have been difficult to exploit. Because of its severity – it also could have opened the door to remote code execution against targets – sites like the New York Times and The Intercept said this week they were in the process of updating how SecureDrop is configured.

3. Hacker Takes Over Coinhive DNS After Company Reuses Old Password by Catalin Cimpanu

Coinhive, a service that allows customers to purchase legitimate JavaScript site miners for the Monero cryptocurrency, was hacked this week. To blame? Password reuse. Officials with the company told Bleeping Computer’s Catalin Cimpanu earlier this week that the root cause was the fact that the company’s Cloudflare account was the same as one leaked in a 2014 breach of Kickstarter. "We have learned hard lessons about security and used 2FA and unique passwords with all services since, but we neglected to update our years old Cloudflare account," a Coinhive official said. The attacker had control of the company’s domain for six hours, something which allowed them to replace DNS records and make it so thousands of sites mined Monero for the attacker.

4. Equifax Was Warned by Lorenzo Franceschi-Bicchierai

Nice scoop here from Lorenzo, who reports that a security researcher uncovered a nasty bug in Equifax's site last year that could have let an attacker search for the personal information of millions of Americans. The vulnerability was reported to the company and apparently separate from the Apache Struts vulnerability that ultimately wound up leaking the information of 145M Americans earlier this year. The researcher, who told Franceschi-Bicchierai he wished to remain anonymous, said the bug was essentially a basic "forced browsing" bug. "All you had to do was put in a search term and get millions of results, just instantly—in cleartext, through a web app," the researcher said.

5. 30% of Major CEOs Have Had Passwords Exposed by DarkReading

Password breaches happen to us all eventually, even major CEOs. According to a new study carried out by security firm F-Secure, thirty percent of CEOs had their passwords exposed by a breach. The staff at DarkReading say researchers at the firm analyzed company email addresses for CEOs representing more than 200 of the biggest companies across 10 countries and found that 81% of the leaders had some form of information - email addresses, phone numbers, birthdates - leaked. The biggest breach culprits? LinkedIn and Dropbox.

 

Chris Brook

WHITEPAPERS

Digital Guardian Technical Overview

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.