We present you a quick digest of cybersecurity news in April 2018.
A new code injection technique uncovered
The new injection technique allows to run a malicious code before the entry point of the main thread of the process thus making detection by protection system much harder.
A code injection is a process of injecting a malicious code into a regular system process. And this legitimate process serves as a cover-up so that anti-malware tools can’t detect and neutralize it.
The new code injection technique works as follows:
- A suspended process is created (most likely this would be a legitimate Windows process).
- A malicious code is allocated and written into this process.
- An asynchronous procedure call (APC) is queued to this process.
- The main thread of the process is resumed to execute the APC.
DataSunrise is aware of this new code injection technique and guarantees that the data of our customers will be safe!
Saks and Lord&Taylor leak information on 5 million bank card details
Saks Fifth Avenue and Lord&Taylor are high-end retailers both headquartered in New York. On April 1, 2018 the companies made an official statement confirming the theft of 5 million bank card details. The majority of the stolen records came from compromised New York and New Jersey locations, and the period of collection may have started in May 2017 until the data breach became known. The group called Fin7 is reportedly behind this attack. Previously the same group was reported to stand behind data heist from Omni Hotels&Resorts, Trump hotels, Jason Deli, Whole Foods, Chipotle. This hacking group has many names and is characterized by being very professional and disciplined. The group develops its own malware tools and attack styles which become more and more elaborate with each attack. Apparently, the hacking group has its own testing department for their tools. After getting hold of a company’s sensitive data they just sell it to anyone interested.
Finland’s 3rd largest data breach leaves 130,000 users exposed
Helsinki Enterprise Agency maintains a public service helping Finnish citizens to become entrepreneurs, to make business plans and to develop local business. However, during a routine check carried out by National Cyber Security Center, it was discovered that about 130 thousand accounts were compromised. At least the following information was stolen: usernames and passwords of the service users. Surprisingly, the passwords were not hashed so cybercriminal(s) can use user-specific information as they wish. The service was immediately closed thus disrupting its normal operation.
Millions of customer records leaked by Panerabread
Panerabread is an American chain of bakery-café fast casual restaurants. The customers of the company can order food online and pick it up later. The company has a website where customers can place their orders. However, it seems that their website was leaking for about 8 months the customers’ personal information such as names, emails, physical addresses, birthdays and the last four digits of the credit cards. The company from St. Louise has more than 2,100 retail points in the USA and Canada.
Databases’ security updates
MySQL https://nvd.nist.gov/vuln/detail/CVE-2018-2755 https://nvd.nist.gov/vuln/detail/CVE-2018-2761 https://nvd.nist.gov/vuln/detail/CVE-2018-2771 https://nvd.nist.gov/vuln/detail/CVE-2018-2773 https://nvd.nist.gov/vuln/detail/CVE-2018-2781 https://nvd.nist.gov/vuln/detail/CVE-2018-2813 https://nvd.nist.gov/vuln/detail/CVE-2018-2817 https://nvd.nist.gov/vuln/detail/CVE-2018-2818 https://nvd.nist.gov/vuln/detail/CVE-2018-2819 https://nvd.nist.gov/vuln/detail/CVE-2018-10256
Apache Hive https://nvd.nist.gov/vuln/detail/CVE-2018-1282 https://nvd.nist.gov/vuln/detail/CVE-2018-1284 https://nvd.nist.gov/vuln/detail/CVE-2018-1315 https://nvd.nist.gov/vuln/detail/CVE-2018-1308
Oracle https://nvd.nist.gov/vuln/detail/CVE-2018-2879 https://nvd.nist.gov/vuln/detail/CVE-2018-2878 https://nvd.nist.gov/vuln/detail/CVE-2018-2874 https://nvd.nist.gov/vuln/detail/CVE-2018-2873 https://nvd.nist.gov/vuln/detail/CVE-2018-2872 https://nvd.nist.gov/vuln/detail/CVE-2018-2871 https://nvd.nist.gov/vuln/detail/CVE-2018-2870 https://nvd.nist.gov/vuln/detail/CVE-2018-2866 https://nvd.nist.gov/vuln/detail/CVE-2018-2865 https://nvd.nist.gov/vuln/detail/CVE-2018-2864