Threat Intelligence Blog

This weekly brief highlights the latest threat intelligenceThreat Intelligence: Evidence-based knowledge about an existing hazard designed to help organizations understand the risks common and severe external threats, used to inform decisions regarding the subject’s response. LookingGlass Cyber (n) - Actionable, relevant, and timely information that can help when assessing the security posture of an organization. A little more left. No no, that’s now too far... news to provide insight into the latest threats to various industries.

Information Security Risk

“MyHeritage, an online genealogy platform, announced that more than 90 million of their users had email addresses and hashed passwords compromised, after a researcher discovered a file being hosted on a private server. In addition, based on the wording of the disclosure, the company determined that the compromised data included email addresses and hashed passwords for everyone who signed up for the service from 2003 until October 26, 2017. While the other systems, such as those that manage payments, genealogy, and DNA were not compromised, the company has hired an outside firm to determine the full scope of the breach. It isn’t clear how MyHeritage hashed the user passwords, but the company recommended that everyone change their passwords on the website. They’ve also promised to implement two-factor authentication as soon as possible.”

 –CSO Online

Technology

“Security updates released by Adobe on Thursday for Flash Player patch four vulnerabilities, including a critical flaw that has been exploited in targeted attacks. The vulnerability that has been exploited in the wild is tracked as CVE-2018-5002, and it has been described by Adobe as a stack-based buffer overflow that can be leveraged for arbitrary code execution. The security hole was independently reported to Adobe by researchers. The researchers have yet to share any details, but Adobe did mention that CVE-2018-5002 has been exploited in limited, targeted attacks against Windows users. Hackers deliver the exploit via malicious Office documents that include specially crafted Flash content. The documents are distributed via email. The latest version of Flash Player, 30.0.0.113, also patches a critical type confusion vulnerability that can lead to code execution (CVE-2018-4945), an “important” severity integer overflow that can result in information disclosure (CVE-2018-5000), and an “important” out-of-bounds read issue that can also lead to information disclosure (CVE-2018-5001). espite Adobe’s plans to kill Flash Player by 2020, threat actors apparently still find zero-day vulnerabilities highly useful. This is the second zero-day discovered in 2018. The first was patched in February after North Korean hackers exploited it for several months in attacks aimed at South Korea.”

SecurityWeek

Legal, Lititgation, and Regulatory Risk

“Australia’s largest bank has agreed to pay an almost $530 million fine to settle a civil lawsuit that revealed numerous breaches of the country’s Anti-Money Laundering and Counter-Terrorism Act. The proposed agreement with the federal government’s financial-intelligence agency, which remains subject to approval by a federal court, includes further admissions by the bank that it contravened the law, including breaches of risk procedures, reporting and monitoring. Australia’s biggest bank by assets and with a market value of almost $92 billion, said it would pay a penalty of 700 million Australian dollars ($529.8 million) plus the regulator’s legal costs of A$2.5 million to resolve the civil suit.”

Market Watch

Defense

“A city official said at a public meeting on Wednesday, as she proposed an additional $9.5 million to help pay for recovery costs, that the Atlanta cyber-attack has had a more serious impact on the city’s ability to deliver basic services than previously understood. Atlanta’s administration has disclosed little about the financial impact or scope of the March 22 ransomwareRansomware: A type of malware that serves as a form of extortion by one party on a group of persons or organizations. Oftentimes takes the form of encrypting a victim’s hard drive denying them access to files or other information with demands taking the form of a ransom before access is restored. LookingGlass Cyber (n) - when an organization, group, or hacker takes control of your system to extort a user or organization for money.  Ch-ching! hack, but information released at the budget briefings confirms concerns that it may be the worst cyber assault on any US city. Atlanta Information Management head Daphne Rackley said that more than a third of the 424 software programs used by the city have been thrown offline or partially disabled in the incident. Nearly 30 per cent of the affected applications are considered “mission critical,” affecting core city services, including police and courts.”

 –Reuters

Additional Posts

Challenging the Economics of Cybersecurity with Cyber Threat Intelligence-Sharing Programs: Part 2

In the first part of this series, I defined cyber threat intelligence sharing and how it can ...

Embrace IT Modernization Without Creating Cybersecurity Risks

IT modernization alone won't fix your cybersecurity issues, but implemented correctly can make a ...