Cyber Weekly Roundup – May 12, 2017

Written May 12th, 2017

Post Tags: Cyber, cyber news, cybersecurity, cybersecurity news, news

By Andrew Paulette

1.) The hijacking flaw that lurked in Intel chips is worse than anyone thought (May 6, 2017)


Summary: A remote hijacking flaw that lurked in Intel chips for seven years was more severe than many people imagined, because it allowed hackers to remotely gain administrative control over huge fleets of computers without entering a password. This is according to technical analyses published Friday.

Why it matters: This additional reporting on the Intel AMT vulnerability provides good analysis on how bad the vulnerability actually was. Essentially, the authentication mechanisms on the chips would allow attackers who modified the code hash to contain no characters to bypass authentication entirely and log into the machine and execute a number of powerful commands remotely such as power cycling the computer or executing programs in the device’s OS.  Thankfully there is a low number of devices (according to Shodan) that are connected to public networks (8,500 in the world, 2,000 in the US as of the date the article was published), making this serious vulnerability somewhat less viable, but as this is a firmware update, it may take time for these vulnerabilities to be remediated completely.

2.) Website Flaw Let True Health Diagnostics Users View All Medical Records (May 8, 2017)


Summary: Over the past two weeks readers have pointed KrebsOnSecurity to no fewer than three different healthcare providers that failed to provide the most basic care to protect their patients’ records online. Only one of the three companies — the subject of today’s story — required users to be logged on in order to view all patient records.

Why it matters: This article shows how far we still have to go in the world of cybersecurity.  Even with policy such as HIPAA that provides guidance on how to protect private health information and personally identifiable information, a myriad of misconfigurations and vulnerabilities still allow for threat actors to take advantage of vulnerabilities that have been on the OWASP “Top 10” projects (a list of the top 10 vulnerabilities found across the internet) for years.  All of that said, the company does at least deserve credit for responding to he incident so quickly.

3.) FCC says its comment system was hit by denial-of-service attacks (May 8, 2017)


Summary: After a John Oliver segment highlighted the FCC’s latest plans to roll back net neutrality rules, the agency’s comment system became unreachable, apparently due to a spike in traffic. But the FCC now says the issues were, in fact, related to orchestrated denial-of-service attacks.

Why it matters: There’s quite a deal of interesting speculation that can be had with this news story (who’s launching the DDOS attacks and for what benefit), but for now such speculation will be avoided due to a lack of further evidence. What is clear from the story is just how important it can be for companies and organizations to ensure they have strong DDOS protection if they are in the public eye – all it takes is the right comment at the right time on a controversial topic to open a floodgate of web traffic (both legitimate and illegitimate) to your site.

4.) Emergency Fix for Windows Anti-Malware Flaw Leads May’s Patch Tuesday (May 9, 2017)


Summary: Adobe and Microsoft both issued updates today to fix critical security vulnerabilities in their software. Microsoft actually released an emergency update on Monday just hours ahead of today’s regularly scheduled “Patch Tuesday” (the 2nd Tuesday of each month) to fix a dangerous flaw present in most of Microsoft’s anti-malware technology that’s being called the worst Windows bug in recent memory. Separately, Adobe has a new version of its Flash Player software available that squashes at least seven nasty bugs.

Why it Matters: Security software can be a bit of a double-edged sword. While it is designed to protect devices from malware, it’s made of complicated code that can have exploitable vulnerabilities – vulnerabilities that can have much more dire consequences due to the way that security software works – close to the kernel of the OS, and automatically opening and inspecting files as they are downloaded. Due to these characteristics, it is possible to exploit security software without even running an executable, as the scanner will essentially run the software itself to inspect it.

While this vulnerability has been described as one of the worst Remote Code Execution bugs in recent memory for Microsoft, kudos have to be given for the speed with which the company remediated the vulnerability and released an out-of-band patch for its user base.  This is a case of security research at its finest.

In depth details provided by security researchers Tavis Ormandy (@taviso) and Natalie Silvanovich (@natashenka) can be found at https://bugs.chromium.org/p/project-zero/issues/details?id-1252&desc=5.

5.) Keylogger Found in Audio Drivers on some HP Machines (May 11, 2017)


Summary: An audio driver that comes installed on some HP-manufactured computers records users’ keystrokes and stores them in a world-readable plaintext file, researchers said Thursday.

Why it matters: Whether accidently left in the audio driver, intentionally left for troubleshooting, or an example of the supply chain being compromised, a keylogger that stores unencrypted text files is a prime target for attackers looking for ways to collect data from a user’s computer; specifically, passwords to multiple applications. Hopefully this oversight will be corrected in a timely manner by the vendor.