The Most Comprehensive Data Protection Solution
Discover, classify, and protect your data from all threats with the only Gartner Magic Quadrant DLP and Forrester Wave EDR Leader.
First and Only Solution to Converge:
- Data Loss Prevention
- Endpoint Detection and Response
- User and Entity Behavior Analytics
Vulnerable webcams, news on DHS' FISMA ratings, and a bug in vBulletin - catch up on the week's news with the Friday Five!
1. 15,000 webcams vulnerable to attack: how to protect against webcam hacking by Christopher Boyd
The internet of things (IoT) continues to proliferate unabated and while there have been improvements, one area that's seemingly always an issue is webcam security. MalwareBytes' blog checks in with some research via Wizcase, a site that bills itself as a VPN review site, on a slew of webcams available online, without security measures in place. The blog runs through a list of affected devices and some handy tips that not everyone may know, like if a cam is integrated into your laptop, you can turn it off completely via Device Manager.
2. Apple to Patch Bug Granting Full Access to 3rd-Party Keyboards by Elizabeth Montalbano
Apple released iOS 13.1 earlier than expected this week and while many were excited about some of its new features, tweaks, and new shortcut automations, one thing that wasn't fixed was an issue that affects third party keyboard apps. Apple warned this week that its readying a fix for the issue, something that can allow some "full access" through network access even if users haven't approved it. The issue affects iOS 13 and iPadOS, which was also pushed live this week. It's worth noting the bug only affects third-party keyboards that make use of full access. Users can see whether or not they have one of those keyboard apps installed by following the prompts Apple provides here.
3. DHS FISMA ratings go up by Derek Johnson
FCW recapped a new audit (.PDF) via Homeland Security's Office of Inspector General that lauds the departments information security practices. When it comes to FISMA cybersecurity functions, apparently DHS' ability to protect and detect have improved as the report - going up from a three out of five to a four out of five score. Where DHS is still lagging behind is its ability to patch effectively and measure how its networks are blocking attempts at data exfiltration, according to the report. " DHS did not have qualitative and quantitative measures in place to gauge the performance of its network defenses against unauthorized transfer of information from a system," it reads, adding that the department didn't conduct "regular exfiltration exercises to measure the effectiveness of its data exfiltration or enhanced network defenses, as required by applicable NIST guidance."
4. Did GandCrab Gang Fake Its Ransomware Retirement? by Mathew J. Schwartz
We may have jumped the gun earlier this summer when we suggested the cybercriminals behind the ransomware GandCrab were calling it quits. By all intents and purposes that appeared to be the case after one of the alleged authors of the malware said they were "leaving for a well-deserved retirement" after making millions, if not billions of dollars. Per Bank Info Security, which references new Secureworks research, the group may be behind Sodinokibi, also known as Sodin and REvil, another strain of ransomware that's slowly been percolating on the criminal underground. According to the researchers, there's "similar URL-building logic" in how the two ransomware strains generate ransom notes. There's also code logic in REvil that matches code logic seen in GandCrab. As we've seen in attacks on Lake City, Florida, Baltimore, and multiple municipalities in Texas, ransomware is still a force to be meddled with, especially in smaller offices and government settings.
5. vBulletin Zero-Day Exploited for Years, Gets Unofficial Patch by Lawrence Abrams
Perhaps the biggest story of the week, especially in the number of potential victims, was news of a nasty flaw in vBulletin, a popular brand of internet forum software, that's existed for four years. The flaw, a pre-authentication remote code execution vulnerability, could let an attacker execute shell commands on any server running a vBulletin installation. While reports say around 0.1 percent of all internet sites run a vBulletin-powered forum, its likely millions of sites could be affected. Wayne Luke, vBulletin's Technical Support Lead, pushed a patch for the issue on Wednesday.