Products & Services
Support

Product Categories


Popular Downloads


Manage Software

How to Buy

For Home

Linksys Products Store
Linksys is now part of Belkin
Products for everyone

All Ordering Options

Training & Events Partners
Guest

Cyber Risk Report

Cyber Risk Report: November 11-17, 2013

 
Threat Type:IntelliShield: Cyber Risk Report
IntelliShield ID:31797
Version:1
First Published:2013 November 18 19:19 GMT
Last Published:2013 November 18 19:19 GMT
Port: Not available
Urgency:Weakness Found
Credibility:Confirmed
Severity:Mild Damage
 
Version Summary:This is the Cyber Risk Report for November 11-17, 2013. The report details the significant events for this time period and covers multiple threat and risk management categories.
 

Description
 

Contents

Vulnerability
Trust
Legal
Human
Geopolitical
Upcoming Security Activity
Additional Information

Listen to the Podcast (8:21 min)


Vulnerability

Vulnerability activity was down compared to previous periods, but highlighted by the monthly security bulletins and software updates from Microsoft, Adobe, and Google.

Microsoft published its monthly security bulletin release on November 12, 2013. Microsoft released eight bulletins that addressed 19 vulnerabilities. The bulletins address vulnerabilities in Microsoft Windows, Microsoft Internet Explorer, Microsoft Office, and Microsoft Outlook. The vulnerabilities could allow an attacker to execute arbitrary code, cause a denial of service condition, access sensitive information, or gain elevated privileges. Details of this release are in Cisco Event Response: Microsoft Security Bulletin Release for November 2013.

In addition to the Microsoft release, Adobe released updates that address multiple vulnerabilities in Flash Player and ColdFusion. Google released the monthly update for Chrome, correcting multiple vulnerabilities.

IntelliShield published 160 events last week: 113 new events and 47 updated events. Of the 160 events, 49 were Vulnerability Alerts, 12 were Security Activity Bulletins, one was a Security Issue Alert, 96 were Threat Outbreak Alerts, one was an Applied Mitigation Bulletin, and one was a Cyber Risk Report. The alert publication totals are as follows:

Day Date
New
Updated
Total
Friday 11/15/2013
   15
      10
   25
Thursday 11/14/2013
   11
      13
   24
Wednesday 11/13/2013
   25
        9
   34
Tuesday 11/12/2013
   35
        8
   43
Monday 11/11/2013
   27
        7
   34

Significant Alerts for the Time Period

Microsoft Internet Explorer CAnchorElement Remote Code Execution Vulnerability
IntelliShield Vulnerability Alert 31049, Version 4, November 12, 2013
Urgency/Credibility/Severity Rating: 2/5/4
CVE-2013-3871
Microsoft Internet Explorer contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. This vulnerability was previously announced as fixed as part of the Cumulative Security Update for Internet Explorer Security Bulletin MS13-080. However, Microsoft stated that the vulnerability was incorrectly included in the bulletin and that the available patches did not correct the vulnerability. Microsoft has confirmed the vulnerability in security bulletin MS13-088 and released software updates.

Previous Alerts That Still Represent Significant Risk

Multiple Microsoft Products Microsoft Graphics Component Remote Code Execution Vulnerability
IntelliShield Vulnerability Alert 31655, Version 2, November 8, 2013
Urgency/Credibility/Severity Rating: 3/5/4
CVE-2013-3906
Multiple Microsoft products contain a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. This vulnerability has been exploited in the wild in targeted attacks and used in Operation HangOver attacks as documented in IntelliShield Alert 29383. This vulnerability has also been exploited by the Arx group, which has been identified by various reports for delivering the Citadel trojan as documented in IntelliShield Alert 28396. Microsoft has released a security advisory and Fix It solution.

Apple Remote Desktop Username Format String Arbitrary Code Execution Vulnerability
IntelliShield Vulnerability Alert 31443, Version 2, October 24, 2013
Urgency/Credibility/Severity Rating: 3/5/4
CVE-2013-5135
Apple Remote Desktop contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code. Multiple factors contribute to an easily exploited vulnerability, which may be attractive to a wide variety of attackers. Updates are available.

Oracle Critical Patch Update for October 2013
IntelliShield Security Activity Bulletin 31270, Version 8, November 8, 2013
Urgency/Credibility/Severity Rating: 2/5/4
Multiple CVEs
Oracle has released the October 2013 Critical Patch Update. The update contains 127 new security fixes that address multiple Oracle product families. The October CPU also includes Java security updates, which were previously issued separately. Red Hat and Apple have released additional security updates for their products.

HP Data Protector Cell Request Service Buffer Overflow Vulnerability
IntelliShield Vulnerability Alert 31269, Version 1, October 15, 2013
Urgency/Credibility/Severity Rating: 2/5/4
CVE-2013-2333
HP Data Protector contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code. Functional code that exploits this vulnerability is publicly available as part of the Metasploit framework. HP has confirmed the vulnerability in a security bulletin and released software updates.

vBulletin Administrator Injection Vulnerability
IntelliShield Security Activity Bulletin 31285, Version 2, October 17, 2013
Urgency/Credibility/Severity Rating: 3/4/4
CVE Not Available
A vulnerability in the vBulletin content management system could allow an unauthenticated, remote attacker to perform PHP injection attacks on a targeted system. Proof-of-concept code that demonstrates an exploit of this vulnerability is publicly available. Reports indicate that widespread attacks are ongoing, resulting in recent exploitation of more than 35,000 websites because of this vulnerability. The vendor has advised customers to delete /install and /core/install directories in versions 4.x and 5.x respectively.

Microsoft Internet Explorer CDisplayPointer Memory Corruption Vulnerability
IntelliShield Vulnerability Alert 31096, Version 2, October 15, 2013
Urgency/Credibility/Severity Rating: 2/5/4
CVE-2013-3897
Microsoft Internet Explorer contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. Functional code that demonstrates an exploit of this vulnerability is publicly available. Microsoft has confirmed the vulnerability in a security bulletin and released software updates.

Trust

Additional Impacts and Widening Scope from October Adobe Information Breach

More information has been discovered regarding the October 2013 Adobe data breach. The breach was initially reported to affect 3 million customer records. That number has increased to a reported 150 million records. Password hint information and weaknesses in the password storage methods were also discovered, possibly allowing attackers to recover valid credential pairs more easily. Third parties, including Facebook, have already taken action to lock or reset accounts that belong to users affected by the Adobe breach incident.

Adobe Source Code and Customer Data Breach
After Adobe Hack, Other Sites Reset Passwords

Analysis:
The cascading effects from the breach, both real and imagined, continue to impact users. The response from Facebook in proactively locking and resetting user accounts that match records compromised in the breach may start a trend that other services may follow. Users and businesses affected by the breach should expect continuing impacts as attackers use the information to conduct additional exploitation.

Legal

Undisclosed Data Breaches by U.S. Companies

A report by ThreatTrack Security found that in October 2013, U.S. enterprises did not disclose company data breaches to customers, partners, or other stakeholders. The report also indicates that many malware analysts may have the tools necessary to properly protect companies from cyberattacks; however, internal challenges such as companies that do not report data breaches may make it more difficult for these analysts to protect networks.

Malware Analysts Have the Tools to Defend Against Cyber-Attacks, But Challenges Remain (PDF)
Enterprise data breaches often left undisclosed, malware analysts say

Analysis:
The increase in security breaches and compromises is a growing concern for a number of company stakeholders, whether investors, customers, security personnel responsible for protecting customers' assets, or management. These stakeholders have much to lose, while on the other end, attackers have much to gain from a successful breach or compromise. Recent reports indicate that more than half of U.S. enterprises surveyed in October 2013 did not disclose a data breach or compromise to their stakeholders. Possible reasons may include the fear of losing customers or developing a bad reputation. However, for the IT security industry to help detect or mitigate threats that may result in a successful data breach or compromise, companies should disclose information if they've become a victim of such attacks. A collaborated effort is needed from every company that may have been impacted by a data breach, along with personnel in the security industry, to gain valuable knowledge that may help protect against future attacks.

Human

Online Shopping; Awareness Is Key

With the U.S. Thanksgiving holiday approaching, the holiday shopping season will also be kicking off with Black Friday, November 29, and Cyber Monday, December 2. Stores have already begun their marketing campaigns for onsite and online shopping bargains, specials, and coupons. Online and mobile shoppers need to take a few actions to make sure their shopping experience, financial accounts, and identity are protected against the scammers, spammers, and web-based attacks that could ruin their holidays.
Online Shopping Tips: E-Commerce and You
StaySafeOnline.org Online Shopping
Credit Card Online Shopping Security

Analysis:
Each year we see a variety of threats targeting online shoppers with tempting offers of deals and savings through web advertisements, spam, and other means. Before beginning online shopping, users should install all available updates for their systems, and in particular update their Java versions and check their browsers with a tool such as Qualys BrowserCheck. Shoppers can avoid the majority of threats simply by not clicking on web advertisements or hyperlinks provided in email and instead using bookmarks or entering the store's URL directly in the browser to view the offers. For businesses, we question whether Cyber Monday is an outdated phenomenon. Cyber Monday referred to employees returning to work on the Monday following the Thanksgiving weekend and using the better business systems and networks to do their holiday shopping. Today, most users have very capable systems and networks at their homes and aren't requiring to wait until Cyber Monday to shop online. For mobile shoppers we have a reminder that many stores track users by their mobile device GPS. If this is a privacy concern, users may consider turning off or disabling their mobile device GPS and Bluetooth. Mobile users are also reminded that the mobile devices do not have many of the security features of the typical PC, requiring extra caution when handling email, using the browser, or connecting to public wireless networks.

Geopolitical

Bitcoin and Geopolitics

After a high-profile failure early this month, the five permanent United Nations Security Council members plus Germany (the so-called P5+1 countries) will convene in Geneva again at month's end to try to hammer out an agreement with Iranian negotiators on their nuclear program. Many observers attribute the new impetus toward an agreement not only to Iran's new president, but also to the strict economic sanctions that have crippled Iran's economy. Particularly painful have been financial restrictions, including Iran's expulsion in 2012 from the international banking transfer system known as SWIFT, which virtually shut off Iran's access to legal foreign trade. According to a variety of press reports, some Iranian businesses have found ways around the sanctions by using the crypto-currency Bitcoin. Bitcoin functions outside of official foreign currency transaction channels and is not subject to international banking laws.

Dollar-Less Iranians Discover Virtual Currency
A Bitcoin evangelist on the advantages of cryptocurrency
Tweeting Gulf Arabs Wire War Chest to Fight Assad on Every Front

Analysis:
Iran is not the only place where Bitcoin is helping people circumvent the official banking system; indeed, crypto-currencies (Bitcoin is just the best known and most successful so far) have proven useful to criminals and ne'er-do-wells of many stripes, threatening to give the currency a bad name. There is nothing illegal about Bitcoin, but it currently functions outside laws because laws have not yet evolved to cover it. In fact, some users of the currency point not only to its extra-legal nature but also to its apolitical nature as a selling point: unlike national currencies, it neither underwrites nor represents any government or country. Bitcoin is already proving useful for individuals in countries where banking systems are not trustworthy or are underdeveloped. Lately it has been trendy to forecast Bitcoin's downfall in light of its rapid rise in value. In fact, whether or not Bitcoin's swift rise is followed by a crash is beside the point; crypto-currencies are probably here to stay. A more interesting debate may be whether their success may eventually help nudge the U.S. dollar out of its position as the world's primary foreign exchange currency, thanks in part to the apolitical nature of this new payment medium.

Upcoming Security Activity

Egypt Events Converge: November 18, 2013 (Protest shootings anniversary, Egypt-Ghana football match, General Al Sisi birthday)
Black Friday: November 29, 2013
Cyber Monday: December 2, 2013
Cloud Security Alliance Congress 2013: December 4-5, 2013
SHMOOCON 2014: January 17-19, 2014
Cisco Live Milan: January 27-31, 2014
RSA Conference USA 2014: February 24-28, 2014
Cisco Live Melbourne: March 18-21, 2014
Cisco Live 2014: May 18-22, 2014

Because of the potential for increased risk on multiple vectors, organizations' security teams should be aware of and consider making special preparations for the following:

Hanukkah Holiday: November 27, 2013
U.S. Thanksgiving Holiday: November 28-29, 2013
Cloud Security Alliance Congress 2013: December 4-5, 2013
U.S. Affordable Care Act: January 1, 2014
World Economic Forum: January 22-25, 2014
Winter Olympics-Sochi: February 7-23, 2014
ITU Sixth World Telecom Development Conference: March 31-April 11, 2014

Additional Information

For information and commentary from the experts in Cisco Security Intelligence Operations, please visit the Cisco Security Blog.

For timely information from across Cisco Security Intelligence Operations, please consider following @CiscoSecurity on Twitter.

 
Alert History
 
Initial Release


Product Sets
 
The security vulnerability applies to the following combinations of products.

Primary Products:
IntelliShieldCyber Risk Report Original Release Base

Associated Products:
N/A



LEGAL DISCLAIMER
The urgency and severity ratings of this alert are not tailored to individual users; users may value alerts differently based upon their network configurations and circumstances. THE ALERT, AND INFORMATION CONTAINED THEREIN, ARE PROVIDED ON AN "AS IS" BASIS AND DO NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE ALERT, AND INFORMATION CONTAINED THEREIN, OR MATERIALS LINKED FROM THE ALERT, IS AT YOUR OWN RISK. INFORMATION IN THIS ALERT AND ANY RELATED COMMUNICATIONS IS BASED ON OUR KNOWLEDGE AT THE TIME OF PUBLICATION AND IS SUBJECT TO CHANGE WITHOUT NOTICE. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.
Powered by  IntelliShield