Microsoft® recently acknowledged and patched a vulnerability in Microsoft Word and WordPad, CVE-2017-0199, that allows attackers to execute malicious Visual Basic script with PowerShell commands when users open an RTF with an embedded exploit. When the script is executed, it can download and deploy a malicious payload and display decoy documents to the user.
The United States Computer Emergency Readiness Team (“US-CERT”) announced last week that HTTPS interception may weaken Transport Layer Security (TLS), a widely used cryptographic protocol that encrypts communication between the client and the server. This issue may cause browsers to not validate HTTPS connections, therefore increasing the probability of a man-in-the-middle (“MiTM”) attack via malware that uses HTTPS connections to malicious servers. MiTM attacks may cause sensitive information to be stolen.
Cisco reports that over 300 of its products, including many popular switches using Cisco IOS, are affected by a critical security flaw that allows attackers to potentially execute privileged code remotely on affected devices. The vulnerability was discovered by Cisco researchers via the WikiLeaks Vault 7 CIA data dump. Cisco stated that they are working on software updates to fix the issue and that there are no known workarounds for the vulnerability at this time
A spear phishing campaign that targets individuals involved in regulatory filings with the U.S. Securities and Exchange Commission ("SEC") was identified in late February 2017. The spear phishing emails have a spoofed sender of "EDGAR <email@example.com>" with an attachment named "Important_Changes_to_Form10_K.doc." The attachment contains a malware-infected VBS script that installs a PowerShell backdoor that can be used to steal sensitive information from the infected machine.
A new critical security flaw has been discovered in iOS 8 and later, including 10.2 beta 3, that allows anyone with a target's mobile phone number to bypass the iPhone passcode or Touch ID if Siri is enabled on the phone, gaining access to personal information, including photos and contacts. Further details and exact methodology can be found here.
ACA Aponix urges our clients and friends to be on high alert for possible cyber-attacks around or on U.S. Election Day, November 8, 2016. In particular, individuals who may become the target of such attacks include those who have known and public connections to:
The election candidates, or
Namesake entities related to the candidates (whether business-related or charitable).
Types of cyber-attacks related to the election that could occur include:
Multiple ACA Aponix clients have reported receiving a phishing email that claims to be about a credit card charge and contains an attachment the sender claims is a screenshot of their credit card statement. Do not open or download the attachment, as it contains malware. The email targets persons listed on the recipient firm's Form ADV, such as the firm's CFO, and the subject line specifically mentions the recipient firm's domain.
Yahoo confirmed today that at least 500 million of its user accounts were stolen as part of a data breach in 2014. Yahoo believes that a "state-sponsored" actor is responsible for the breach. Information stolen may include names, email addresses, telephone numbers, dates of birth, hashed passwords, and security questions and answers. For more information, see Yahoo's statement on the breach.