Nearly 1 million Windows systems are still unpatched and have been found vulnerable to a recently disclosed critical, wormable, remote code execution vulnerability in the Windows Remote Desktop Protocol (RDP)âtwo weeks after Microsoft releases the security patch.
If exploited, the vulnerability could allow an attacker to easily cause havoc around the world, potentially much worse than what WannaCry and NotPetya like wormable attacks did in 2017.
Dubbed BlueKeep and tracked as CVE-2019-0708, the vulnerability affects Windows 2003, XP, Windows 7, Windows Server 2008 and 2008 R2 editions and could spread automatically on unprotected systems.
The vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code and take control of a targeted computer just by sending specially crafted requests to the device's Remote Desktop Service (RDS) via the RDPâwithout requiring any interaction from a user.
Describing the BlueKeep vulnerability as being Wormable that could allow malware to propagate to vulnerable systems just like WannaCry, Microsoft released a security fix to address the vulnerability with its May 2019 Patch Tuesday updates.
However, the latest Internet scan performed by Robert Graham, head of offensive security research firm Errata Security, revealed that, unfortunately, roughly 950,000 publicly accessible machines on the Internet are vulnerable to the BlueKeep bug.
This clearly means that even after the security patch is out, not every user and organisation has deployed it to address the issue, posing a massive risk to individuals and organizations, including industrial and healthcare environments.
Graham used "rdpscan," a quick scanning tool he built on top of his masscan port scanner that can scan the entire Internet for systems still vulnerable to the BlueKeep vulnerability, and found a whole 7 million systems that were listening on port 3389, of which around 1 million systems are still vulnerable.
Marriott has said it has taken measures to investigate and address a data security incident involving the Starwood guest reservation database.
As many as 500 million guests might have been impacted by the incident, with credit card, address and other details potentially compromised.
The company revealed today that there was "unauthorised access to the database", which contained guest information relating to reservations at Starwood properties on or before September 10th.
On September 8th, Marriott received an alert from an internal security tool regarding an attempt to access the Starwood guest reservation database in the United States.
The company then engaged security experts to help determine what occurred.
Marriott learned during the investigation that there had been unauthorised access to the Starwood network since 2014.
The company recently discovered that an unauthorised party had copied and encrypted information, and took steps towards removing it.
On November 19th, 2018, Marriott was able to decrypt the information and determined that the contents were from the Starwood guest reservation database.
"We deeply regret this incident happened," said Arne Sorenson, Marriott president.
"We fell short of what our guests deserve and what we expect of ourselves.
"We are doing everything we can to support our guests, and using lessons learned to be better moving forward."
The company has not finished identifying duplicate information in the database, but believes it contains information on up to approximately 500 million guests who made a reservation at a Starwood property.
For approximately 327 million of these guests, the information includes some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences.
For some, the information also includes payment card numbers and payment card expiration dates, but the payment card numbers were encrypted using Advanced Encryption Standard encryption.
There are two components needed to decrypt the payment card numbers, and at this point, Marriott has not been able to rule out the possibility that both were taken.
For the remaining guests, the information was limited to name and sometimes other data such as mailing address, email address, or other information.
Sorenson added: "Marriott is reaffirming our commitment to our guests around the world.
"We are working hard to ensure our guests have answers to questions about their personal information, with a dedicated website and call centre.
"We will also continue to support the efforts of law enforcement and to work with leading security experts to improve.
"Finally, we are devoting the resources necessary to phase out Starwood systems and accelerate the ongoing security enhancements to our network."
Marriott reported this incident to law enforcement and continues to support their investigation.
The company has begun notifying regulatory authorities.
Facebook's stunning disclosure of a massive hack on Friday in which attackers gained access tokens to at least 50 million accounts-bypassing security measures and potentially giving them full control of both profiles and linked apps-has already stirred the threat of a $1.63 billion dollar fine in the European Union, according to the Wall Street Journal.
The bug, which exploited flaws in the site's "View As" and video uploader feature to gain access to the accounts, forced Facebook to reset access tokens for 50 million users and reset those for 40 million others as a precaution. (That means if you were logged out of your devices, you were affected.) Facebook has not said whether the attackers attempted to extract data from the affected profiles, but vice president of product management Guy Rosen told reporters they had attempted to harvest private information from Facebook's systems, according to the New York Times. Rosen also said Facebook was unable to determine the extent to which third-party apps could have been compromised.
The firm would not say where in the world the 50 million users are, but it has informed Irish data regulators, where Facebook's European subsidiary is based.
The company said the users prompted to log-in again did not have to change their passwords.
"Since we've only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed. We also don't know who's behind these attacks or where they're based.
He added: "People's privacy and security is incredibly important, and we're sorry this happened."
The company has confirmed that Facebook founder Mark Zuckerberg and its chief operating officer Sheryl Sandberg were among the 50 million accounts affected.
British Telecommunications plc (BT) has been fined
[Updated] MyHeritage, a DNA and genealogy firm, announced Monday that the access credentials of 92 million users had been stolen. It only discovered the breach when a security researcher informed the company he had found a file named MyHeritage stored outside of MyHeritage.
The file contains, writes MyHeritage CISO Omer Deutsch in a statement, "the email addresses and hashed passwords of 92,283,889 users who had signed up to MyHeritage up to and including Oct 26, 2017 which is the date of the breach." He stresses that the passwords are stored as "a one-way hash of each password, in which the hash key differs for each customer" (possibly implying that each password is hashed with a unique salt).
Deutsch believes that only the credentials were stolen. "We have no reason to believe that any other MyHeritage systems were compromised." Furthermore, he adds, "we have not seen any activity indicating that any MyHeritage accounts had been compromised." Payment data, user DNA data and family trees have not been affected.
Windows 10 black screen problems fixed, as Microsoft patches 50 security flaws.
Microsoft has fixes for 50 security flaws in its June Patch Tuesday update and has released quality improvements and fixes for Windows 10 version 1803 or the Windows 10 April 2018 Update.
The KB4284835 update moves Windows 10 version 1803 to OS Build 17134.112 and addresses an issue that caused systems to start up in a black screen: "This issue occurs because previous updates to the Spring Creators Update were incompatible with specific versions of PC tune-up utilities after installation."
The personal data of 500m user accounts worldwide were compromised during a state-sponsored cyber attack in 2014, which was only revealed in 2016. The stolen data included names, email addresses, telephone numbers, passwords and encrypted security questions and answers, the ICO said on Tuesday.
The ICO said the fine related to the impact on 515,121 accounts that were co-branded as Sky and Yahoo services in the UK, for which Yahoo! UK Services Ltd is the data controller. ICO said Yahoo had failed to take appropriate measures to prevent the theft of data and failed to ensure that data was processed by Yahoo
Google, Facebook, Instagram and WhatsApp have been hit with a privacy complaint within hours of GDPR taking effect Friday. Privacy-advocacy group Noyb.eu said all four companies are forcing people to adopt a "take it or leave it" approach with regard to privacy - essentially demanding that users submit to intrusive terms of service.
The European Union
n the dynamic world of cyber security, breaches are both tightly guarded and, sadly, imminent.
Combing through data, market research and threat-defense efforts taken by enterprises can be a daunting task. Here at Cyber Security Hub, we both track the latest industry news and make it more navigable for the IT professional. CSHub coverage extends outwards
ThreatMetrix recently analysed more than a billion web transactions taking place in the travel and entertainment industries.
Southeast Asian telcom giant Singapore Telecommunications Limited left approximately 1,000 customer routers wide open to a potential attack via an unprotected port. The flub occurred after the region
The feds are warning that the North Korean APT group known as Hidden Cobra is mounting active attacks on U.S. businesses (and others globally), including organizations in the media, aerospace, financial and critical infrastructure sectors.
According to a United States Computer Emergency Readiness Team (US-CERT) bulletin released Tuesday, the state-sponsored group is using two families of malware against U.S. assets: A remote access tool (RAT) dubbed Joanap; and a Server Message Block (SMB) worm known as Brambul. https://threatpost.com/hidden-cobra-strikes-again-with-custom-rat-smb-malware/132375/
Two Canadian banks have reported that they may be targets of a hack, after bad actors claimed that they electronically accessed personal and account information.
On Monday, both Bank of Montreal and Simplii Financial (the banking subsidiary of the Canadian Imperial Bank of Commerce) announced that
Watch out for malware suspected of being distributed by North Korea, troubleshooting by an Internet service provider could have led to big trouble and reset your routers.
The defences to these attacks are simple: Keep operating systems and software up-to-date with the latest patches. Make sure your anti-malware software is up to date. Scan all software downloaded from the internet before it runs.
Companies need to restrict the permission of employees to install and run unwanted software applications. Disable Microsoft
As Cyber security attacks has been increasing in industries, and it has reach to the airline industry too.
While every business is a potential target when it comes to hacking personal information of customers, consider for a moment taking that threat to a new level. Not only is contact information accessible but a hacker who wants to do serious harm to a group of traveling diplomats, for example, can easily access their flight itinerary to see where they will be and when.
Imagine what terrorists could do with this information. While they may be looking to target individuals and groups on the ground by knowing their destination, they may seek to do even greater harm by hacking into the aircraft controls. Everyone aboard the plane could be at risk.
Canada-based SecurMatic has announced the launch of SecurMatic (Pvt) Ltd, a cyber-security services company supporting organizations in Sri Lanka and South East Asia, with the opening of its Development and Global Security Operations Centre in Colombo.
Airbnb customers are being targeted by scammers who are sending convincing phishing emails