Products & Services
Support

Product Categories


Popular Downloads


Manage Software

How to Buy

For Home

Linksys Products Store
Linksys is now part of Belkin
Products for everyone

All Ordering Options

Training & Events Partners
Guest

Cyber Risk Report

Cyber Risk Report: February 24-March 2, 2014

 
Threat Type:IntelliShield: Cyber Risk Report
IntelliShield ID:33161
Version:1
First Published:2014 March 03 17:16 GMT
Last Published:2014 March 03 17:16 GMT
Port: Not available
Urgency:Weakness Found
Credibility:Confirmed
Severity:Mild Damage
 
 
Version Summary:This is the Cyber Risk Report for February 24-March 2, 2014. The report details the significant events for this time period and covers multiple threat and risk management categories.
 

Description
 

Contents

Vulnerability
Legal
Mobile
Geopolitical
Upcoming Security Activity
Additional Information

Listen to the Podcast (9:00 min)

Cisco Live! Milan session videos and documents are now available. Cisco Live! 2014 registration and scheduling began on February 28, 2014.

See the Cisco and Sourcefire updates from the RSA Conference USA 2014. Details of Cisco and Sourcefire events, speakers, and demonstrations are available at the Cisco at RSA Conference website and on the Cisco Security Blog.

The Cisco 2014 Annual Security Report has been released following months of collaboration between threat researchers and other cybersecurity experts at Cisco and Sourcefire. As promised, it provides a "warts-and-all analysis" of security news from 2013 and our perspective for the year ahead based on the data collected through Cisco security products and analyzed by our researchers. Multiple Cisco subject matter experts have provided additional detail and insights in multiple posts on the Cisco Security Blog.

Vulnerability

Vulnerability activity was increased for the period, and slightly increased compared to February 2013. The highlight for the period was the Apple OS X security updates, but the period also included significant security updates for Google Chrome, Juniper Networks, IBM, Symantec, and multiple ICS/SCADA products.

Apple released security updates correcting multiple vulnerabilities in OS X Mavericks, Mountain Lion, and Lion versions. While the media reporting focused on the Secure Transport vulnerability, the security updates included updates for as many as 17 vulnerabilities. Apple no longer supports the Snow Leopard OS X version, which surveys indicate is still being used by 20 percent of Apple OS X users. Apple also released an update for QuickTime, which corrected multiple vulnerabilities and impacted multiple platforms.

Significant security updates were also released for multiple vulnerabilities in Google Chrome, Juniper Networks Security Threat Response Manager, and Symantec Endpoint Protection Manager. IBM released security updates for Platform Symphony Servlet, InfoSphere, QRadar, and Rational Focal Point. Red Hat released security updates for JBoss and RubyGems.

Cisco published the following Cisco Security Advisories, Notices, and Responses:
  • Cisco Security Advisory Cisco Prime Infrastructure Command Execution Vulnerability
  • Cisco Unified Communications Domain Manager Cross-Site Scripting Vulnerability
  • Cisco Unified Contact Center Express Serviceability Page CSRF Vulnerability
  • Cisco Unified Contact Center Express DRS Sensitive Information Disclosure Vulnerability
  • Cisco Unified Contact Center Express CCMConfig Sensitive Information Disclosure Vulnerability
  • Cisco IPS MainApp SNMP Denial of Service Vulnerability
  • Cisco Unified Communications Manager CAPF Certificate Import Arbitrary File Read/Write Vulnerability
  • Cisco Unified Communications Manager CAPF CLI Command Injection Vulnerability
  • Cisco Unified Communications Manager OS Administration CSRF Vulnerability
  • Cisco Unified Communications Manager CAPF Unauthenticated Device Information Update Vulnerability
  • Cisco Unified Communications Manager CAPF CSR Arbitrary File Read/Write Vulnerability
In open source products, vulnerabilities and security updates were released for LibTIFF, OpenLDAP, OpenSSH, OpenSSL, OpenX plugin, and PostgreSQL. ESET also released a detailed analysis of the OpenSSH backdoor and credential stealer malware named Linux/Ebury.

In ICS/SCADA systems, security updates included the GE Proficy gefebt.exe Path Traversal Vulnerability which has functional exploit code available, as well as updates for Rockwell RSLogix, Schneider Electric products, and Siemens RuggedCom.

In spam and phishing activity, the latest activity includes campaigns using employment themes.

IntelliShield published 211 events last week: 134 new events and 77 updated events. Of the 211 events, 106 were Vulnerability Alerts, 15 were Security Activity Bulletins, six were Security Issue Alerts, 83 were Threat Outbreak Alerts, and one was a Cyber Risk Report. The alert publication totals are as follows:

Day Date
New
Updated
Total
Friday 02/28/2014
   12

      18

   30
Thursday 02/27/2014
   33

      20

   53
Wednesday 02/26/2014
   27

      13

   40
Tuesday 02/25/2014
   30

      15

   45
Monday 02/24/2014
   32

      11

   43
 
Month New
Updated
Total
January  349
   188
 537
February  442
   180
 622
Totals  791
   368
1159


Significant Alerts for the Time Period

Apple OS X Mavericks Security Updates For February 2014
IntelliShield Security Activity Bulletin 33051, Version 1, February 25, 2014
Urgency/Credibility/Severity Rating: 2/5/4
CVE-2014-1245, CVE-2014-1246, CVE-2014-1247, CVE-2014-1248, CVE-2014-1249, CVE-2014-1250, CVE-2014-1254, CVE-2014-1255, CVE-2014-1256, CVE-2014-1257, CVE-2014-1258, CVE-2014-1259, CVE-2014-1260, CVE-2014-1261, CVE-2014-1262, CVE-2014-1263, CVE-2014-1265
Apple has released a security and feature update to correct multiple vulnerabilities in Apple Mac OS X 10.9.1, and security updates for Mountain Lion 10.8.5 and Lion 10.7.5.

Previous Alerts That Still Represent Significant Risk

Adobe Flash Player and AIR Security Advisory for February 20, 2014
IntelliShield Security Activity Bulletin 32953, Version 2, February 20, 2014
Urgency/Credibility/Severity Rating: 3/5/4
CVE-2014-0498 , CVE-2014-0499 , CVE-2014-0502
Adobe Flash Player and AIR contain multiple vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. Updates are available.

Microsoft Internet Explorer Use-After-Free Vulnerability
IntelliShield Vulnerability Alert 32870, Version 2, February 20, 2014
Urgency/Credibility/Severity Rating: 3/5/4
CVE-2014-0322
Microsoft Internet Explorer contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. Exploits observed in the wild target Internet Explorer 10 with Adobe Flash. Reports also indicate that installing Microsoft's Experience Mitigation Toolkit (EMET) or updating to Internet Explorer 11 prevents the exploit. Microsoft has confirmed the vulnerability in a security bulletin; however, software updates are not available.

Apache Commons FileUpload Content-Type Header Parsing Denial of Service Vulnerability
IntelliShield Vulnerability Alert 32760, Version 2, February 12, 2014
Urgency/Credibility/Severity Rating: 2/5/3
CVE-2014-0050
A vulnerability in Apache Commons FileUpload could allow an unauthenticated, remote attacker to cause a denial of service condition. Proof-of-concept code that exploits the Apache FileUpload Content-Type HTTP header parsing denial of service vulnerability is publicly available. Apache confirmed the vulnerability in software change logs; however, stable release software updates are not yet available.

Adobe Flash Player Remote Code Execution Vulnerability
IntelliShield Vulnerability Alert 32718, Version 4, February 20, 2014
Urgency/Credibility/Severity Rating: 3/5/4
CVE-2014-0497
Adobe Flash Player contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. Reports indicate that the vulnerability is related to the previously reported zero-day attack. Adobe reports that attacks targeting this vulnerability have occurred in the wild. Adobe has confirmed the vulnerability in a security bulletin and released software updates.

Legal

Mt. Gox Under Investigation

Japan and the U.S. Department of Justice are investigating the recent activity with the Bitcoin exchange, Mt. Gox. The Mt. Gox website reportedly came under attack, stopped transactions, and then was apparently shut down. Various reports suggest that the attacks on Mt. Gox allowed criminals to steal millions in bitcoins, while other reports suggest that the owners of the site may still be holding millions in bitcoins that belong to their customers, but with the shutdown in place, customers cannot access their accounts.
Mt. Gox Implodes
Theft at Mt. Gox Shakes Bitcoin World
Mt. Gox Situation Crisis Strategy

Analysis: As many business and online e-commerce websites are considering allowing and supporting bitcoin transactions, the latest developments with Mt. Gox raises cause for concern and reconsideration. The bitcoin markets and values have generally been very volatile, but multiple governments, banking and commerce organizations have been reviewing the potential of the new currency and risk and were moving toward its more general acceptance. Mt. Gox, which is located in Japan, is under investigation by both Japan and the U.S., which could push the bitcoin markets and general acceptance in either direction, depending on the findings and details. The bitcoin markets and exchanges continue to be volatile and high risk.

Mobile

"Black" Mobile Phones Blitz

One of the hot topics at both the RSA Conference and the Mobile World Congress last week were the announcements by multiple vendors of new high privacy and security mobile phones, marketed as "Black" phones. Some of these phones are already available, while others were announcements of phones soon to be released. While they vary slightly by vendor, these phones are designed to provide high levels of encryption, security, privacy, and identity protection to prevent monitoring, information leaks, and compromise, both from a electronic and physical perspective.
Boeing Extra Secure Phone Reaches FCC
Blackphone Plans More Secure Devices

Analysis: It may be too early in this market development to determine if these high security devices will be widely adopted, or only reach a niche market. These developments may be good news for Blackberry as it attempts to recapture market shares, and customers in general as other vendors could develop higher security models. While these more secure phones will likely cost more and have higher service costs, those that determine they want the higher levels of security might consider these offerings. And of course, the criminal groups will likely also be interested in protecting their communications from law enforcement and security intelligence organizations. The phones could also challenge businesses and organizations in monitoring their networks and enforcing their BYOD policies. Businesses should be proactive and address this developing market by becoming familiar with these devices and consider how they will impact their policies and practices.

Geopolitical

Turkey Tightens Internet Controls Amid Uptick in Political Unrest

In February, the Turkish government approved a new law weakening the courts and strengthening its ability to censor the Internet, according to a variety of reports. The move angered many Turkish citizens and prompted thousands of protesters to take to the streets of Istanbul, where they were dispersed by police using water cannons and tear gas. Not all English language reports on the topic agree, so details are difficult to confirm, but under the new law, it appears that law enforcement authorities would be authorized to block websites without a court order. Permission to obtain "Internet data" would require a court order. In recent weeks, Turkish language social media has been flooded with leaked recordings and documents purportedly exposing high-level corruption related to the administration of Prime Minister Recep Tayyip Erdogan. Laws governing websites and social media in Turkey are already tight, and speech freedoms have been strictly curtailed for years, according to a variety of reports.
Turkey's Gul Approves Law Tightening Internet Controls
Turkey's Internet Crackdown
Turkish Police Clash with Protesters over Internet Restriction Laws

Analysis: The law comes amid an intensifying standoff between political rivals in Turkey, and during an election year. The new law is seen as an effort to counter the growing influence of Pennsylvania-based cleric Fethullah Gulen, a former political ally-turned-rival of Prime Minister Erdogan. Gulen is said to virtually control the courts and police forces in Turkey, and supporters of Prime Minister Erdogan see the recent corruption revelations implicating him as orchestrated by Gulen. From an information security perspective, the intensifying standoff in Turkey merits watching. After a decade of relative political stability and strong economic growth, Turkey appears to be entering a volatile period. Given the role of social media and mobile communications in Turkey's protest flare-up last summer, coupled with Turkey's history of censorship of speech and journalism, it is likely that the government will continue to use Internet controls as a tool in asserting control over protests. Companies with network assets in-country may want to consider contingency plans in the event of prolonged outages or in case of government moves to censor outward-facing websites and content.

Upcoming Security Activity

CanSecWest: March 12-14, 2014
Cisco Live Melbourne: March 18-21, 2014
Cisco Partner Summit: March 24, 2014
Black Hat Asia: March 25-28, 2014
Interop: March 31, 2014-April 4, 2014
Infosec World: April 5-11, 2014
Cisco Live 2014: May 18-22, 2014
Black Hat USA: August 2-7, 2014
DEF CON 22: August 7-10, 2014
(ISC)2 Security Congress and ASIS 2014: September 29-October 2, 2014

Because of the potential for increased risk on multiple vectors, organizations' security teams should be aware of and consider making special preparations for the following:

ITU 6th World Telecom Development Conference: March 31-April 11, 2014
2014 FIFA World Cup Brazil: June 12-July 13, 2014

Additional Information

For information and commentary from the experts in Cisco Security, please visit the Cisco Security Blog.

For timely information from across Cisco Security, please consider following @CiscoSecurity on Twitter.
 
Alert History
 
Initial Release


Product Sets
 
The security vulnerability applies to the following combinations of products.

Primary Products:
IntelliShieldCyber Risk Report Original ReleaseBase

Associated Products:
N/A



LEGAL DISCLAIMER
The urgency and severity ratings of this alert are not tailored to individual users; users may value alerts differently based upon their network configurations and circumstances. THE ALERT, AND INFORMATION CONTAINED THEREIN, ARE PROVIDED ON AN "AS IS" BASIS AND DO NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE ALERT, AND INFORMATION CONTAINED THEREIN, OR MATERIALS LINKED FROM THE ALERT, IS AT YOUR OWN RISK. INFORMATION IN THIS ALERT AND ANY RELATED COMMUNICATIONS IS BASED ON OUR KNOWLEDGE AT THE TIME OF PUBLICATION AND IS SUBJECT TO CHANGE WITHOUT NOTICE. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.
Powered by  IntelliShield