Products & Services
Support

Product Categories


Popular Downloads


Manage Software

How to Buy

For Home

Linksys Products Store
Linksys is now part of Belkin
Products for everyone

All Ordering Options

Training & Events Partners
Guest

Cyber Risk Report

Cyber Risk Report: September 23-29, 2013

 
Threat Type:IntelliShield: Cyber Risk Report
IntelliShield ID:31030
Version:1
First Published:2013 September 30 19:10 GMT
Last Published:2013 September 30 19:10 GMT
Port: Not available
Urgency:Weakness Found
Credibility:Confirmed
Severity:Mild Damage
 
 
Version Summary:This is the Cyber Risk Report for September 23-29, 2013. The report details the significant events for this time period and covers multiple threat and risk management categories.
 

Description
 

Contents

Vulnerability
Physical
Attacks and Compromises
Human
Geopolitical
Upcoming Security Activity
Additional Information

Listen to the Podcast (8:13 min)

Come see Cisco at Interop New York, September 30 to October 4, 2013. Visit Interop NY and learn how to transform and create new opportunities to claim your share of the Internet of Everything economy. Join us on Wednesday, October 2, for a keynote with Cisco Chairman and CEO John Chambers.

Vulnerability

Vulnerability activity returned to previous levels this period. The highlights for the period were the Cisco IOS Software Security Advisory Bundled Publication, Oracle security updates for third-party software, and updates on threat activity targeting the Microsoft September Security Bulletin vulnerabilities.

Cisco released the Cisco IOS Software Security Advisory Bundled Publication, which included eight security advisories. Details of the security advisories are available in the Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication, and the Cisco Security Blog post: Cisco IOS Bundle: It’s Back—It’s Cisco IOS Software Security Advisory Bundle Time Again.

Oracle released multiple security advisories and updated software for third-party products affecting Oracle products. The security advisories include updates for MIT Kerberos, MySQL, PERL, Ruby, Wireshark, and others.

Proof of concept exploit code and functional exploit code was identified for the Microsoft Internet Explorer CCaret::UpdateScreenCaret Function Memory Corruption Vulnerability and Microsoft Windows Theme File Handling Arbitrary Code Execution Vulnerability reported in the Microsoft September Security Bulletins.

Other vulnerability reports included updates from Image Magic and Red Hat.

IntelliShield published 172 events last week: 89 new events and 83 updated events. Of the 172 events, there were 78 Vulnerability Alerts, 3 Security Activity Bulletins, 4 Security Issue Alerts, 85 Threat Outbreak Alerts, an Applied Mitigation Bulletin, and a Cyber Risk Report. The alert publication totals are as follows:

Day Date
New
Updated
Total
Saturday 09/28/2013
     5
        3
     8
Friday 09/27/2013
     8
        5
   13
Thursday 09/26/2013
   12
      36
   48
Wednesday 09/25/2013
   23
      14
   37
Tuesday 09/24/2013
   17
      13
   30
Monday 09/23/2013
   24
      12
   36



Significant Alerts for the Time Period


Microsoft Windows Theme File Handling Arbitrary Code Execution Vulnerability
IntelliShield Vulnerability Alert 30577, Version 3, September 23, 2013
Urgency/Credibility/Severity Rating: 2/5/4
CVE-2013-0810
Microsoft Windows contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. Functional code that demonstrates an exploit of the Microsoft Windows theme file handling arbitrary code execution vulnerability is publicly available. Updates are available.

Previous Alerts That Still Represent Significant Risk

Microsoft Internet Explorer Remote Code Execution Vulnerability
IntelliShield Vulnerability Alert 30843, Version 1, September 17, 2013
Urgency/Credibility/Severity Rating: 2/5/4
CVE-2013-3893
Microsoft Internet Explorer contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code. Microsoft has confirmed the vulnerability in a security advisory; however, software updates are not available.

Oracle Java ByteComponentRaster Buffer Overflow Remote Code Execution Vulnerability
IntelliShield Vulnerability Alert 29855, Version 5, September 9, 2013
Urgency/Credibility/Severity Rating: 3/5/4
CVE-2013-2473
Oracle Java Runtime Environment contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code. Functional code that demonstrates an exploit of this vulnerability is publicly available. Updates are available.

VMware Workstation and Player vmware-mount Local Privilege Escalation Vulnerability
IntelliShield Vulnerability Alert 30501, Version 2, August 29, 2013
Urgency/Credibility/Severity Rating: 3/5/4
CVE-2013-1662
VMware Workstation and Player contain a vulnerability that could allow a local attacker to gain elevated privileges. Updates are available. VMware states that the vulnerability is present only when Workstation and Player are installed on Debian-based versions of Linux. Functional code that exploits this vulnerability is available as part of the Metasploit framework.

Physical

Drone Incident Raises Physical Security Risks

German Chancellor Angela Merkel was attending a political event when a small, multiple rotor drone flew in and hovered within close proximity to the podium. After several minutes, the security personnel for the event grabbed it out of the air. Germany's Pirate Party later claimed responsibility in an apparent protest and effort to disrupt the political rally.
Drone In Front Of German Chancellor

Analysis: This incident demonstrates the growing threat that small Unmanned Aerial Vehicles (UAVs), otherwise known as drones, present at public gatherings. We tend to focus on the larger UAVs that the military uses in combat areas, but overlook the potential physical and privacy threat that small UAVs the public can be exposed to represent. One way to mitigate the threat of small, hobby-type UAVs at public events is to jam the signal they use. Signal ranges include 72Mhz, 800Mhz, 900Mhz, 1100Mhz, 5GHz. In addition, they can use WIFI and GPS. This signal jamming will disable nearby devices using the frequency ranges; however, security and public safety can justify the jamming. GPS can be used which does not use any of the aforementioned wavelengths; therefore, additional protective measures would need to be in place to protect public events against drone threats.

Attacks and Compromises

ID Theft Service Infiltrated Major Data Aggregators

A group that sells personal information on underground forums and websites has reportedly compromised and collected personal data from some of the largest commercial data aggregators, including LexisNexis, Dun & Bradstreet, and Kroll Background America. The organization reportedly operates a botnet that infiltrated these commercial companies and extracted data from their records.
Data Broker Giants Hacked
LexisNexis, D&B, Kroll Hacked
LexisNexis Breach Highlights Identity Theft Risks

Analysis: The reports by Brian Krebs indicate that several of the largest commercial aggregators have been compromised, and many others are likely to have been breached. This not only highlights the growing criminal focus on identity theft and fraud operations, but the shift to higher level targets for their data. While the threat to individual users and organizations through the known compromise methods still exists, the criminals have shifted to higher-level targets with large repositories of this information to support their criminal activity. Considering the potential scale of these compromises, it is not surprising that they would shift to these targets, similar to the way criminals performing attacks have shifted to using the web infrastructure to add resources for their attacks. Businesses and organizations are already bound by regulatory requirements to protect personally identifiable information (PII), but individual users must understand this threat and take active measures to protect it, such as monitoring accounts, credit monitoring services, and restricting the amount of personal information they share on the Internet. Individuals should assume at least some of their PII has been compromised, and shift their actions to preventing criminal identity fraud and misuse.

Human

October Cyber Security Awareness Month

October is designated Cyber Security Awareness Month in multiple countries across the globe including the United States. The U.S. Department of Homeland Security (DHS) and several other government and private companies and organizations will be releasing information and updates to increase cyber security awareness. Cisco will be providing several security blog posts throughout the month to highlight the latest threats, trends, and recommendations.
Cyber Security Awareness Month

Analysis: While cyber security awareness is an ongoing process, security teams can use this month to focus on the topic. While many continue to debate the effectiveness of awareness training and programs, this opportunity should not be overlooked. Providing regular training, presentations, and awareness updates at a minimum keeps cyber security top of mind and can reduce the human factor risks to an organization. Security teams are advised to pass along the wealth of information that will be released throughout the month, and take this opportunity to meet and speak with their users.

Geopolitical

Middle East Game Changers, Implications For Infosec

Three recent, major developments in the Middle East should be considered for their potential impact on cyber risk. First, over the summer, U.S. Secretary of State John Kerry pushed for a revitalization of peace talks between Israel and the Palestinian Territories, bringing representatives of both parties to the table for the first time in several years. Second, the apparent use of chemical weapons by the Assad regime against Syrian opposition forces resulted in an unexpected U.S.-Russian diplomatic effort to resolve the Syrian crisis. And third, new Iranian President Hassan Rouhani indicated at the United Nations General Assembly in New York this month that he wants to work to resolve the impasse over Iran's nuclear program, leading to the first high-level talks between the parties in almost 30 years.
Iran, US Talks Seen As Good Start
Iran-backed Hackers Infiltrated US Navy Computers
BRICs Bond Over Syria, Cyber Security

Analysis: Of the three, only the second development—the diplomatic effort to resolve the chemical weapons crisis in Syria—was unexpected. A second-term U.S. presidential push to broker an Israeli-Palestinian agreement has become a familiar recurrence, and the legitimate election in June of Iran's new President, a Western-educated lawyer and former nuclear negotiator, presaged change. However, the coincidence of these three developments, and the rededicating of US foreign policy toward them, may affect the cyber context in unexpected ways. First, as diplomatic efforts get underway, there is likely to be a pause, as the various parties assess the new landscape and allow time for the dust to settle. While it is tempting to be optimistic that solutions will emerge that benefit all parties, that outcome is less likely than the coalescence within a few weeks or months of winners and losers. Perceptions of United States weakness and Russian assertiveness may benefit Syria's Assad, while the charm offensive of Iran's president may lead some regional players, particularly Israel, Saudi Arabia, or Qatar, to worry that the United States has been hoodwinked, and spur them to unilateral action. Cyber has proven to be a relatively low-cost, high-impact way to make a point and demonstrate power, so government or ideologically-led attacks may tick upward after the first of the year in the event that initial hopes for diplomatic breakthroughs prove unrealistic.

Upcoming Security Activity

Interop New York 2013: September 30–October 4, 2013
SecTor 2013: October 7–9, 2013
Seoul Conference on Cyber Space: October 17–18, 2013
Cloud Security Alliance Congress 2013: December 4–5, 2013

Because of the potential for increased risk on multiple vectors, organizations' security teams should be aware of and consider making special preparations for the following:

United Nations General Assembly: September 17–October 2, 2013
Al Adha Holiday: October 14, 2013
First of Muharram: November 4, 2013
US Election Day: November 5, 2013
Ashura Holiday: November 15, 2013
Hanukkah Holiday: November 27, 2013
World Economic Forum: January 22–25, 2014
Winter Olympics: February 7–23, 2014

Additional Information

For information and commentary from the experts in Cisco Security, please visit the Cisco Security Blog.

For timely information from across Cisco Security, please consider following @CiscoSecurity on Twitter.

 
Alert History
 
Initial Release


Product Sets
 
The security vulnerability applies to the following combinations of products.

Primary Products:
IntelliShieldCyber Risk Report Original ReleaseBase

Associated Products:
N/A



LEGAL DISCLAIMER
The urgency and severity ratings of this alert are not tailored to individual users; users may value alerts differently based upon their network configurations and circumstances. THE ALERT, AND INFORMATION CONTAINED THEREIN, ARE PROVIDED ON AN "AS IS" BASIS AND DO NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE ALERT, AND INFORMATION CONTAINED THEREIN, OR MATERIALS LINKED FROM THE ALERT, IS AT YOUR OWN RISK. INFORMATION IN THIS ALERT AND ANY RELATED COMMUNICATIONS IS BASED ON OUR KNOWLEDGE AT THE TIME OF PUBLICATION AND IS SUBJECT TO CHANGE WITHOUT NOTICE. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.
Powered by  IntelliShield