Products & Services
Support

Product Categories


Popular Downloads


Manage Software

How to Buy

For Home

Linksys Products Store
Linksys is now part of Belkin
Products for everyone

All Ordering Options

Training & Events Partners
Guest

Cyber Risk Report

Cyber Risk Report: July 1-7, 2013

 
Threat Type:IntelliShield: Cyber Risk Report
IntelliShield ID:29975
Version:1
First Published:2013 July 08 18:56 GMT
Last Published:2013 July 08 18:56 GMT
Port: Not available
Urgency:Weakness Found
Credibility:Confirmed
Severity:Mild Damage
 
Version Summary:This is the Cyber Risk Report for July 1-7, 2013. The report details the significant events for this time period and covers multiple threat and risk management categories.
 

Description
 

Contents

Vulnerability
Attacks and Compromises
Legal
Mobile
Geopolitical
Upcoming Security Activity
Additional Information 

 

Listen to the Podcast (8:44 min) 

Cisco Live 2013 was a huge success, with a major increase in security training and breakout sessions. The majority of the breakout sessions are now available on CiscoLive365, and more are being added daily. Highlights, keynotes, interviews and content from previous Cisco Live locations are all available with a free registration.

We invite you to join Cisco SIO at Black Hat 2013 in Las Vegas for our two-day, hands-on Network Threat Defense, Countermeasures, and Controls course. Courses will be offered on July 27-28 and July 29-30, 2013. Make sure you visit the Cisco booth at Black Hat to meet the Cisco SIO engineers.

Vulnerability

Vulnerability activity for the period returned to elevated levels, although the metrics for June 2013 show a decrease in activity for the month. IntelliShield published 545 alerts in June 2013, down from 647 alerts published in June 2012. For the 2013 annual activity levels at the mid-year point, the activity continues to show an increase. However, with the lower activity levels in June 2013, the increase dropped to 7 percent for 2013 compared to 2012 at mid-year.

Activity for this period included new vulnerabilities in Symantec Security Information Manager Console, HP StoreOnce D2D Backup System, and Netgear DGN2200B. Proof-of-concept exploit code is publicly available for the HP StoreOnce and Netgear DGN2200B vulnerabilities. However, the majority of activity for this period was software updates from Red Hat, FreeBSD and others for previously reported vulnerabilities in Apache, Mozilla Firefox, the Oracle Java SE Critical Patch Update, and Apple QuickTime.

Researchers reported multiple vulnerabilities in the Intelligent Platform Management Interface (IPMI) and Baseboard Management Controllers (BMC) that potentially impact thousands of systems across the Internet. Also, a vulnerability was reported in the Atlassian's enterprise single sign-on and identity management tool, Crowd single sign-on software, that similarly impacts users of this widely deployed software.
 
Cisco released two Security Notices:

IntelliShield published 160 events last week: 77 new events and 83 updated events. Of the 160 events, 66 were Vulnerability Alerts, 11 were Security Activity Bulletins, two were Security Issue Alerts, 79 were Threat Outbreak Alerts, and two were Cyber Risk Reports. The alert publication totals are as follows:

Day Date
New
Updated
Total
Friday 07/05/2013
   16
      21
   37
Thursday 07/04/2013
     0
        0
     0
Wednesday 07/03/2013
   10
      11
   21
Tuesday 07/02/2013
   27
      21
   48
Monday 07/01/2013
   24
      30
   54

 

Month New
Updated
Total
January  303
    224
  527
February  386
    212
  598
March  333
    281
  614
April  387
    256
  643
May  366
    291
  657
June  324
    221
  545
Totals 2099
  1485
3584

Previous Alerts That Still Represent Significant Risk

Oracle Java SE Critical Patch Update Advisory for June 2013 
IntelliShield Security Activity Bulletin 29704, Version 4, June 18, 2013
Urgency/Credibility/Severity Rating: 2/5/4
Multiple CVEs
Oracle Java SE contains multiple vulnerabilities that could allow an unauthenticated, remote attacker to bypass security restrictions, access sensitive information, execute arbitrary code, or cause a denial of service condition on a targeted system. Updates are available. Apple, Red Hat and CentOS have released updates.

Microsoft Internet Explorer Use-After-Free Arbitrary Code Execution Vulnerability 
IntelliShield Vulnerability Alert 29192, Version 2, June 13, 2013
Urgency/Credibility/Severity Rating: 3/5/4
CVE-2013-2551
Microsoft Internet Explorer contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code. Functional code that exploits this vulnerability is available as part of the Metasploit framework. Microsoft has confirmed the vulnerability in Security Bulletin MS13-037 and released software updates.

Parallels Plesk Remote PHP Command Execution Vulnerability
IntelliShield Vulnerability Alert 29594, Version 2, June 12, 2013
Urgency/Credibility/Severity Rating: 3/5/3
CVE Not Available
Parallels Plesk contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary PHP script on a targeted system. Proof-of-concept code is publicly available. Parallels has confirmed the vulnerability is a variation of the CVE-2012-1823 vulnerability, which is documented in IntelliShield Alert 25816. Parallels has also confirmed that all current supported versions of Parallels Plesk Panel 9.5 or later are not vulnerable from this variation. Additional details are in the Cisco Security Blog post: Plesk 0-Day Targets Web Servers

Adobe Flash Player and AIR Security Update for June 11, 2013 
IntelliShield Security Activity Bulletin 29642, Version 3, June 13, 2013
Urgency/Credibility/Severity Rating: 2/5/4
CVE-2013-3343
Adobe Flash Player and AIR contain a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code. Updates are available. FreeBSD, Microsoft and Red Hat have released software updates for their impacted products.

Attacks and Compromises

Ubisoft Customer Accounts Compromised

Ubisoft reported that attackers had gained access to their web server systems and compromised millions of customers' usernames, email addresses and encrypted passwords. The compromised systems did not store payment account information or credit card information. Ubisoft reported that it had detected the illegal access in June, and has requested that customers change their account passwords and posted a FAQ on their blog with additional information.
Attackers Gain Access to Ubisoft Customer Data 
Hackers Attack Games Publisher Ubisoft 
Ubisoft Blog Post 
Nintendo's Fan Site Hit

Analysis: Ubisoft did not release any specific details on the illegal access or how they detected the compromise, which could be useful for other security teams in protecting their systems. Gaming websites continue to be frequently targeted, both for the account and financial information. Nintendo also recently reported illegal access to accounts on their systems. Users of these systems should understand that their accounts will be targeted, and should use strong passwords that are changed frequently. To simplify this process and avoid the use of usernames and passwords on multiple websites, users are advised to use password management software. 

Legal

New Child Privacy Rules In Effect

A new U.S. Federal Trade Commission's (FTC) Children’s Online Privacy Protection Act (COPPA) rule went into effect on July 1, 2013. The new rule expands upon the previous COPPA rule to increase who is covered by the protections, and requires additional protections be established. Indications are that many websites may not be current with these requirements, and could face fines from the FTC. Most likely impacted are those who do not specifically focus on children's content but are likely to have underage customers using their applications and websites.  
FTC: Protecting Children's Privacy 
Kids Privacy Rules, What It Means to the App Industry
Microsoft User Study

Analysis: The new COPPA rule is not extreme, but seems to primarily focus on those websites that are not specifically designed for children. Website operators could face serious fines under the rule, and this topic is top of mind with many of the consumer and privacy government agencies and organizations. As much as the new rule attempts to increase children's privacy and protection, it still requires the active participation of parents and teachers to ensure the systems the children are using are updated and have the security capabilities installed and updated, and to work with the children to teach them safe computer practices. Several government and private organizations provide no-cost guidance, presentations and additional resources to assist parents, teachers and children. The reference links also provide some insights on how children are using the Internet.

Mobile

Mobile Getting Malicious

Multiple reports this week highlighted the increasing levels of vulnerability research and the levels of malicious activity occurring in the mobile sector. Researchers reported a vulnerability in Android systems that could allow attackers to insert malicious code in signed applications without impacting the signature of the file. McAfee released a new report on mobile malware with the latest details on malicious activity impacting mobile devices, and the Chinese CERT (CNCERT/CC) reported a major increase in mobile malware detection. The vast majority of mobile malware is currently targeting Android mobile systems, which continue to increase in popularity and are often not using the latest software versions. 
Android Master Key Vulnerability 
Chinese CERT Mobile Malware 
McAfee: Mobile Security Consumer Trends

Analysis: While some of this increased detection and malware could be the result of increased mobile security practices, the report from the Chinese CERT is particularly concerning due to it being an early indicator.   Mobile malware activity is predominantly limited to Asia, but will eventually spread to impact additional geographic areas and markets. The South Korean government recently responded to this threat by announcing that it will not allow Android systems. While Android system popularity continues to grow globally, the issue of service providers not distributing and updating the customers' operating systems to the latest versions remains. It is also important to recognize that the primary source of mobile malware continues to be third-party applications, although SMS spam and associated malware is also increasing. Users should contact their service providers about updating their software, avoid third-party applications regardless of the applications reviews, ratings or popularity, and as with email spam, not open or respond to suspicious SMS messages.

Geopolitical

U.S.-E.U. Trade Talks Begin

The U.S. and E.U. will hold trade talks in the coming weeks to negotiate the latest round of the Transatlantic Trade and Investment Partnership. Several topics are due for review and renegotiation, including tariffs, financial services regulations, privacy protections and information sharing, intellectual property protections, and increasing trade in several sectors. The talks may also be impacted by the current U.S. NSA activity, the economic conditions in several of the E.U. countries, and multiple countries increasing trade with Asian countries.
U.S., Europe Head Into Negotiations

Analysis: These talks will likely continue for multiple years, but could significantly and directly impact several key cyber security issues. Both sides are calling for increased regulation in specific but different sectors, such as financial reporting and regulations, import and exports of computer electronics and cryptography rules. Particularly with the current NSA activity reports, the privacy rights and protections will likely be a hot topic. While the governments have increased their information sharing to address terrorism and criminal activity, a significant divide remains in U.S. and E.U. privacy protections. Possibly the best outcome for those involved in cyber security would be a consistent and shared position on monitoring, information sharing, and privacy rights that would allow organizations operating in multiple E.U. countries to have one set of regulatory requirements. Organizations are advised to monitor these talks as they develop, to anticipate the direction of the talks and avoid surprises when a final agreement is reached.

Upcoming Security Activity

Black Hat 2013: July 27-August 1, 2013
DEFCON 2013: August 1-4, 2013
22nd USENIX Security Symposium: August 14-16, 2013
(ISC)2 Security Congress 2013: September 24-27, 2013
Interop New York 2013: September 30-October 4, 2013

Because of the potential for increased risk on multiple vectors, organizations' security teams should be aware of and consider making special preparations for the following:

Ramadan: July 9-August 7, 2013

Additional Information

For information and commentary from the experts in Cisco Security Intelligence Operations, please visit the Cisco Security Blog.

For timely information from across Cisco Security Intelligence Operations, please consider following @CiscoSecurity  on Twitter.

 
Alert History
 
Initial Release


Product Sets
 
The security vulnerability applies to the following combinations of products.

Primary Products:
IntelliShieldCyber Risk Report Original Release Base

Associated Products:
N/A



LEGAL DISCLAIMER
The urgency and severity ratings of this alert are not tailored to individual users; users may value alerts differently based upon their network configurations and circumstances. THE ALERT, AND INFORMATION CONTAINED THEREIN, ARE PROVIDED ON AN "AS IS" BASIS AND DO NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE ALERT, AND INFORMATION CONTAINED THEREIN, OR MATERIALS LINKED FROM THE ALERT, IS AT YOUR OWN RISK. INFORMATION IN THIS ALERT AND ANY RELATED COMMUNICATIONS IS BASED ON OUR KNOWLEDGE AT THE TIME OF PUBLICATION AND IS SUBJECT TO CHANGE WITHOUT NOTICE. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.
Powered by  IntelliShield