Monthly Security Digest, August 2017

By Paladion

August 4, 2017

In the August edition of our Cybersecurity Digest, we cover key threats and vulnerabilities we’ve observed in the past month. I am Souti Dutta, Lead Threat Analyst at Paladion’s Cyber Research Center.

First up, this patch Tuesday, Microsoft announced a list of 19 critical security patches; one of which was a highly critical termed privilege escalation patch. The privilege escalation vulnerability affects all versions of Windows released since 2007. By exploiting this, an attacker can compromise one windows machine on the network and infect the entire domain using that machine. This patch, therefore, should definitely be on the top of your priority list.

The personal data of 14 million customers of Verizon, the largest wireless telecommunications carrier in the US, was exposed in a publicly accessible Cloud server. The data was stored in an Amazon Web Services S3 bucket and was erroneously configured for public access. This means that anyone with knowledge of the URL could access and download all customer data stored in it. This incident highlights the importance of assessing security controls adopted by your third party vendor who has the custody of your critical customer information.

Ten days after the Verizon breach came the news of customer data exposure at UniCredit, Italy’s No. 1 bank, where hackers took personal information and loan account data of 400,000 accounts. There were two breaches; first in Sept 2016 and the second in June 2017. Intruders gained unauthorized access to customer data through a third party agency employed by the bank. Once again, this incident highlights the importance of security due diligence as part of selecting your third party vendors.

This month, Cisco released a patch for its WebEx video conferencing browser extension to fix a critical remote code execution vulnerability. This affects Chrome and Firefox browsers running on Windows. If not patched, using this bug the attacker could execute arbitrary code on your machine with the privileges of the browser. If your organisation uses WebEx, this patch with CVSS score of 9.6, should definitely be on your priority list.

Avanti Markets, a company who makes self-service payment kiosks, has suffered a breach of its internal networks in which hackers were able to push malicious software to those payment devices. Some 1.6 million customers use the company’s self-checkout devices, which allow users to pay for drinks, snacks, and other food items with a credit card, fingerprint scan, or cash. Avanti markets said the malware was designed to gather payment card information including the cardholder’s first and last name, credit/debit card number, and expiration date.

Soon after the Avanti Market incident came to light, the news on a new POS malware named LockPOS was released in late June 2017. LockPOS injects malicious code directly into the Windows explorer.exe process. The malware’s PoS credit card stealing functionality works similarly to other PoS malware: it scans the memory of the running programs looking for data that matches what credit card track data looks like.

Breaches at POS vendors have become regular occurrences – it is important to secure the POS devices, conduct security due diligence on third party service providers who manage these POS devices and also implement security controls for prevention and detection of well know POS attack vectors.

Yet another -crimeware-as-a-service has come into existence; The Hackshit is a Phishing-as-a-Service platform that offers a low cost, automated solution for launching phishing attacks. It allows hackers to easily manage the entire phishing campaign – from sending emails with phishing links to collecting all stolen credentials in one central place. Hackshit allows their subscribers to generate their unique phishing pages for several commonly used services, including Yahoo, Facebook, and Gmail. The phishing pages are hosted on secure HTTPS websites with “.moe” as the top level domain (TLD). It is important to educate users on identifying phishing emails and also implement IOCs to identify and block these new tools.

Before we wind up, an interesting story on How a fish tank helped hack a casino. This fish –spelled F.I.S.H refers to the real one. Hackers are constantly looking for new ways to break into a network. The hackers broke into a North American casino through an Internet-connected fish tank; the fish tank had sensors connected to a computer that regulated its temperature, food, and cleanliness. Attacker got into the fish tank and used it as a beachhead to move into other areas of the casino network. This attack demonstrated security vulnerabilities posed by the Internet of Things (IOT). Insecure IOT devices could provide an easy entry point for hackers. It is important to secure these devices using host and network level security controls.

Thank you for reading, folks. For the latest updates on new threats and vulnerabilities, follow us on twitter @ctacpaladion. Send us your feedback at

Tags: blog