Welcome to the weekly dose of cyber security news and views.
Date – 14th Jan 2018
Reliance Jio is set to introduce its own cryptocurrency “JioCoin”
• Year of the blockchain. Reliance Jio is the latest on the list.
• Akash Ambani, son of Mukesh Ambani will lead the young team of 50 blockchain experts and cryptocurrency veterans for the Blockchain project to launch “JioCoin”
• Although not confirmed by Reliance or Jio as of now, but the report has sent shockwaves across India, and globally.
• Reliance Jio’s entry into the blockchain, and creating their own cryptocurrency can actually shift the equilibrium, and incite a new wave of growth.
Blackberry mobile website targeted by crypto/Monero mining code/hackers
• Official website of Blackberry was using its visitors’ CPU power to mine Monero digital coins.
The advice, as always, is to practice safe internet: Do not download unknown apps/software from Android stores, make sure to have up-to-date antivirus software installed and keep an eye on your processor usage because cryptocurrency miners trigger high usage.
Oracle WebLogic Exploit used in Cryptocurrency Mining Campaign
• After Chinese security researcher, Lian Zhang, published a proof-of-concept exploit of an Oracle Web application server vulnerability in late December, hackers were quick to take advantage of the information to make a quick buck. Oracle issued a patch for the flaw in October.
• The ongoing campaign targets Oracle’s PeopleSoft and WebLogic servers, leveraging the newly revealed vulnerability to mine cryptocurrencies and had mined 611 Monero coins, which carries a current value of $226,070.
• This WebLogic vulnerability enables hackers to remotely run arbitrary instructions with WebLogic server consumer privileges and allows them to steal data from affected PeopleSoft systems, or even install ransomware, yet the group so far has only use the vulnerability to install a Monero miner as it’s paying off!
• The compromised machines were detected because the script that downloads the Monero miner “accidentally” kills the WebLogic service after compromise.
WebLogic is a Java EE application server and the script replaces its java binary with the Monero miner xmrig — a legitimate miner that the attackers are illegitimately using on others’ hardware.
• It is recommended that organisations check 3333
• Enterprises tend to be slow in deploying Oracle updates,
• Virtual patching by creating a WAF and DBF is one workaround
Patch Tuesday: Zero Day gap in Microsoft Office
• Microsoft released several patches that close a total of 56 new security holes in. Of these:
16 are considered “critical”
39 are “important”
01 is “moderate”
• These vulnerabilities impact ASP.NET, Edge, Internet Explorer, Office, Windows, and more.
• Do not include the Spectre/Meltdown (ADV180002) or Adobe Flash (ADV180001) CVEs.
• Currently, various hacker groups are actively attacking a vulnerability ( CVE-2018-0797 ) in Office.
• Critical gaps can be found in the Scripting Engine. This threatens the web browsers Edge and Internet Explorer. Here, attackers could initiate the execution of malicious code by visiting a specially crafted website. The critical flash update for Edge and Internet Explorer 11 will automatically serve users of Windows 8.1 and 10.
MacOS high Sierra’s App Store Preferences can be accessed with ANY password
• Let anyone access to your system and bypass your password.
• On can easily disable security updates to take advantage of system vulnerabilities.
• This is second time, remember the ‘root user’ bug in December 2017.
• The bug doesn’t exist in macOS Sierra version 10.12.6 or earlier.
• Apple has fixed the bug in the latest beta of macOS 10.13.3, which currently remains in testing and will likely be released at some point this month.
• Trot Hunt’s post on Aadhar.
• @fs0c131y troll.
• Should there by penalties on vendors who did security testing?