Security Roundup - 2017-10-06

Posted on  by and

October is Cybersecurity Awareness Month! And MalwareBytes starts off with some simple steps to maintain online safety.

Yahoo breaches bigger than originally thought. Last year, Yahoo had a bad year with the multiple big data breaches announces. Recent news, however, has indicated that rather than 1 billion users, Yahoo’s entire user base of 3 BILLION users was impacted by one of those breaches. If you have a Yahoo account and haven’t changed it previously, now would be a good time to do so, as well as any other places that password has been reused.

Netgear Patches 50 devices. Several security firms recently disclosed vulnerabilities to Netgear, and Netgear has been quick to patch the impacted devices. Vulnerabilities were disclosed via Netgear’s new bug bounty program, and security researchers have noticed that Netgear has been more attentive to these problems than in previous years.

Security researchers identify sophisticated ATM hacks. Trend Micro researchers detail a sophisticated network based ATM attack, where attackers did not use known attacks like skimmers to steal money. Instead, they hacked into the ATMs remotely, eventually causing them to spit out money for lurking cash mules to make off with.

Deep Dive into the Flushihoc DDoS Botnet. For those that love deep dives into malware, Arbor networks provides details on Flushihoc, a DDoS malware family which they have been tracking since 2015, having gathered 500 unique samples to date.

DNSMasq gets an audit from Google. Google has been reciewing DNS implementations for vulnerabilities, recently completing an audit of Dnsmasq. Dnsmasq is regularly installed on a variety of devices, including linux desktop systems. Google uncovered several vulnerabilities that allow for overflows, contributing fixes. Google also contributed a change that would allow for extra sandboxing of dnsmasq, allowing for improved security once fully tested.

Your Mac’s Firmware may not be receiving updates. At least, that is what DUO has discovered with some of their recent research. In particular, the EFI firmware, which controls a number of security pre-boot protections for Macbooks. DUO provides a detailed blog post, which they indicate as only scratching the surface so be prepared for more news in the coming weeks.

DNS Crypto Key Rollover Postponed. DNS Crypto keys were scheduled for a rotation on October 11th. However, this has been postponed by a quarter, due to a number of large networks not being ready for that deadline. The delays are due to some previously unnoticed configuration problems, requiring additional testing to ensure the overall stability of the system.

VMWare Hypervisor Escapes. The “Backdoor” communication channel (named by VMWare) in ESX can be abused by guests to steal clipboards from other VMs on the same hypervisor. The article also mentions that there is a potential for manipulation for attached clients over the backdoor channel (macOS with VMWare Fusion was specifically mentioned).