Security Alerts & News
by Tymoteusz A. Góral

History
#963 The average cost of a data breach is now $4 million
The average data breach cost has grown to $4 million, representing a 29 percent increase since 2013, according to the Ponemon Institute.

Cybersecurity incidents continue to grow in both volume and sophistication, with 64 percent more security incidents reported in 2015 than in 2014. As these threats become more complex, the cost to companies continues to rise. In fact, the study found that companies lose $158 per compromised record. Breaches in highly regulated industries like healthcare were even more costly, reaching $355 per record – a full $100 more than in 2013.

“The amount of time, effort and costs that companies face in the wake of a data breach can be devastating, and unfortunately most companies still don’t have a plan in place to deal with this process efficiently,” said Caleb Barlow, Vice President, IBM Security. “While the risk is inevitable, having a coordinated and automated response plan, as well as access to the right resources and skills, will make or break how much a company is impacted by a security event.”
#962 FBI raids spammer outed by KrebsOnSecurity
Michael A. Persaud, a California man profiled in a Nov. 2014 KrebsOnSecurity story about a junk email artist currently flagged by anti-spam activists as one of the world’s Top 10 Worst Spammers, was reportedly raided by the FBI in connection with a federal spam investigation.

According to a June 9 story at ABC News, on April 27, 2016 the FBI raided the San Diego home of Persaud, who reportedly has been under federal investigation since at least 2013. The story noted that on June 6, 2016, the FBI asked for and was granted a warrant to search Persaud’s iCloud account, which investigators believe contained “evidence of illegal spamming’ and wire fraud to further [Persaud’s] spamming activities.”

Persaud doesn’t appear to have been charged with a crime in connection with this investigation. He maintains his email marketing business is legitimate and complies with the CAN-SPAM Act, the main anti-spam law in the United States which prohibits the sending of spam that spoofs that sender’s address or does not give recipients an easy way to opt out of receiving future such emails from that sender.
#961 Cisco won’t patch critical RV wireless router vulnerability until Q3
Cisco has alerted users of vulnerabilities in the web interface of its RV series of wireless VPN firewalls and routers that allow for remote code execution.

The networking giant, however, isn’t planning on releasing firmware updates until the third quarter, Cisco said. Cisco says it is not aware of public attacks against these vulnerabilities, but users will remain exposed until at least September; workarounds are not available either.

“The vulnerability is due to insufficient sanitization of HTTP user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request with custom user data,” Cisco said in its advisory. “An exploit could allow the attacker to execute arbitrary code with root-level privileges on the affected system, which could be leveraged to conduct further attacks.”

Cisco said the RV110W Wireless-N VPN Firewall, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router are affected.
#960 Like macros before it, attackers shifting to OLE to spread malware
Attackers have rekindled their love affair with Windows macros over the last few years, using the series of automated Office commands as an attack vector to spread malware. And while hackers will surely continue to use macros, at least until the technique becomes ineffective, new research suggests they may be shifting gears and beginning to use another proprietary Microsoft technology to deliver threats.

Attackers have been placing malicious code alongside object linking and embedding (OLE) code, along with well-formatted text and images. According to researchers with Microsoft who observed the behavior, it’s being done to trick users into enabling the object or content and in turn, running the malicious code.

OLE technology allows for the facilitation of content, images, text, from elsewhere, usually by another application. If a user wants to edit the embedded data they can allow Windows to activate the originating application and load the content.
#959 BadTunnel bug hijacks network traffic, affects all Windows versions
The research of Yang Yu, founder of Tencent's Xuanwu Lab, has helped Microsoft patch a severe security issue in its implementation of the NetBIOS protocol that affected all Windows versions ever released.

Yu says the attacker can leverage this vulnerability to pass as a WPAD or ISATAP server and redirect all the victim's network traffic through a point controlled by the attacker.

By network traffic, Yu refers to all traffic, not just Web HTTP and HTTPS. This includes OS updates, software upgrades, Certificate Revocation List updates via Microsoft's Crypto API, and other OS maintenance operations.

"It does not require the attacker [to] reside in the same network," Yu writes in a technical preview offered to Softpedia. "The attack can even succeed when there are firewall and NAT devices in between."
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12