Daily Archives: January 18, 2020

AI is transforming the oil and gas industry: Insights from one of Canada’s largest producers

Canadian Natural Resources Limited (Canadian Natural) is one of Canada’s largest oil and natural gas producers. Which means, from a technology perspective, having a continuous innovation mindset is critically important for maintaining their leadership position

Microsoft provides mitigation for actively exploited CVE-2020-0674 IE Zero-Day

Microsoft published a security advisory to warn of an Internet Explorer (IE) zero-day vulnerability (CVE-2020-0674) that is currently being exploited in the wild.

Microsoft has published a security advisory (ADV200001) that includes mitigations for a zero-day remote code execution (RCE) vulnerability, tracked as CVE-2020-0674, affecting Internet Explorer.

The tech giant confirmed that the CVE-2020-0674 zero-day vulnerability has been actively exploited in the wild.

“A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.” reads the advisory published by Microsoft. “An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

An attacker could exploit the flaw to can gain the same user permissions as the user logged into the compromised Windows device. If the user is logged on with administrative permissions, the attacker can exploit the flaw to take full control of the system.

The CVE-2020-0674 flaw could be triggered by tricking victims into visiting a website hosting a specially crafted content designed to exploit the issue through Internet Explorer.

Microsoft announced that it is currently working on a patch to address the vulnerability, the company will likely release an out-of-band update because attackers are already exploiting the flaw in the wild.

Microsoft suggests restricting access to JScript.dll using the following workaround to mitigate this zero-day flaw.

For 32-bit systems, enter the following command at an administrative command prompt:

    takeown /f %windir%\system32\jscript.dll
    cacls %windir%\system32\jscript.dll /E /P everyone:N

For 64-bit systems, enter the following command at an administrative command prompt:

    takeown /f %windir%\syswow64\jscript.dll
    cacls %windir%\syswow64\jscript.dll /E /P everyone:N
    takeown /f %windir%\system32\jscript.dll
    cacls %windir%\system32\jscript.dll /E /P everyone:N

The company warns that implementing these mitigation might impact the functionality for components or features that use the jscript.dll.

“Implementing these steps might result in reduced functionality for components or features that rely on jscript.dll. To be fully protected, Microsoft recommends the update be installed as soon as possible. Please revert the mitigation steps before installing the update to return to a full state.” continues the advisory.

To undo the workaround, use the following procedures.

For 32-bit systems, enter the following command at an administrative command prompt:

    cacls %windir%\system32\jscript.dll /E /R everyone    

For 64-bit systems, enter the following command at an administrative command prompt:

    cacls %windir%\system32\jscript.dll /E /R everyone    
    cacls %windir%\syswow64\jscript.dll /E /R everyone

Pierluigi Paganini

(SecurityAffairs – CVE-2020-0674, hacking)

The post Microsoft provides mitigation for actively exploited CVE-2020-0674 IE Zero-Day appeared first on Security Affairs.

Weekly Update 174

Weekly Update 174

We're in Norway! More specifically, Scott Helme and I are in Hafjell and recording this after a day on the snow before heading back to Oslo and the NDC Security conference next week. For now though, we're talking about some really screwy global roaming behaviour with telcos, the Danish gov coming onto HIBP, babies in data breaches and the takedown of We Leak Info. We'll do this again together next week from Oslo and then again the following week from NDC London. For now, here's the fireside version in Hafjell:

Weekly Update 174
Weekly Update 174
Weekly Update 174
Weekly Update 174

References

  1. Babies in data breaches - yep, babies (there are no limits on who can be breached these days)
  2. We Leak Info got taken down by a collection of law enforcement agencies (not particularly surprising given the way it was operated)
  3. It was a similar story for Leaked Source a couple of years ago (pro tip: cruising around in a bright green Lamborghini isn't exactly flying under the radar!)
  4. Sponsored by Shape – App Security & Fraud Summit. Join the Virtual Web Session: Protecting Against Compromised Credentials Before They Hit The Dark Web

Turkish Hackers hit Greek Government websites and local stock exchange

Turkish hackers hijacked for more than 1 hour the official websites of the Greek parliament, some ministries, as well as the country’s stock exchange.

While eastern Libya ports controlled by commander Khalifa Haftar are shutting down oil exports, the group of Turkish hackers named Anka Neferler Tim claimed Friday to have hijacked for more than 90 minutes the official websites of the Greek parliament, the foreign affairs, and economy ministries, as well as the country’s stock exchange.

Turkish hackers

The group announced the attacks on their Facebook page, the hackers carried out the attack because “Greece is threatening Turkey in the Aegean Sea and in the eastern Mediterranean. And now it’s threatening the conference on Libya“.

The attacks were launched after Khalifa Haftar held talks in Athens, two days ahead of a peace conference in Berlin. Both Hatftar and the head of Tripoli’s UN-recognised government, Fayez al-Sarraj, are expected to attend the conference, while representatives of the Greek government have not been invited to the conference.

Greek Prime Minister Kyriakos Mitsotakis met with Haftar, the government of Athens encouraged Libyan military commander Khalifa Haftar to be constructive in Berlin.

“We encouraged the commander to take part with a constructive spirit in Berlin’s procedure and try to achieve a ceasefire and the restoration of safety in Libya,” Greek Foreign Minister Nikos Dendias told reporters after the meeting.

The Turkish government is providing military support for the government of Sarraj and plans to send its military troops to Libya to fight against Haftar’s army. 

The Berlin conference aims at establishing peace in Libya under the aegis of the United Nations. 

Pierluigi Paganini

(SecurityAffairs – Turkish hackers, hacking)

The post Turkish Hackers hit Greek Government websites and local stock exchange appeared first on Security Affairs.

Microsoft Warns of Unpatched IE Browser Zero-Day That’s Under Active Attacks

Internet Explorer is dead, but not the mess it left behind. Microsoft earlier today issued an emergency security advisory warning millions of Windows users of a new zero-day vulnerability in Internet Explorer (IE) browser that attackers are actively exploiting in the wild — and there is no patch yet available for it. The vulnerability, tracked as CVE-2020-0674 and rated moderated, is a remote

Cybercrime Statistics in 2019

I’m preparing the slides for my next speech and I decided to create this post while searching for interesting cybercrime statistics in 2020

Cybercrime will cost as much as $6 trillion annually by 2021.

The global expense for organizations to protect their systems from cybercrime attacks will continue to grow. According to the Cybersecurity Ventures’ cybercrime statistics 2017 cybercrime damages will amount to a staggering $6 trillion annually starting in 2021. Experts fear that the cost of cybercrime should exceed annual costs for natural disasters by 2021. These figures suggest that cybercrime is becoming more profitable than other criminal activities, such as the illegal drug trade. 

Financial losses reached $2.7 billion in 2018.

According to the IC3 Annual Report released in April 2019 financial losses reached $2.7 billion in 2018. Most financially devastating threats involved investment scams, business email compromises (BEC), and romance fraud

The total cost of cybercrime for each company in 2019 reached US$13M.

The total cost of cybercrime for each company increased from US$11.7 million in 2017 to a new high of US$13.0 million—a rise of 12 percent, states the “NINTH ANNUAL COST OF CYBERCRIME STUDY” published by Accenture.

The total annual cost of all types of cyberattacks is increasing.

According to Accenture, malware and Web-based attacks continue to cause higher financial losses to organizations worldwide. The cost of ransomware attacks accounts for 21 percent of the overall expenses, while the cost of malicious insider accounts for 15 percent. The cost of malware attacks is now an average of US$2.6 million annually for organizations.

Source Accenture

Which countries have the worst (and best) cybersecurity?

According to a the report published by Comparitech that used the Global Cybersecurity Index (GCI) scores, Bangladesh saw the highest number of malware infections approximately 35.91% of the country’s mobile users have fallen victim to malware infections. The same report states that Japan is the most equipped country at preventing cybersecurity threats, with the smallest number of mobile malware infections, with only 1.34% of its mobile users affected by the attacks. Other top-performing countries included France, Canada, Denmark, and the United States.

Algeria is the least cyber-secure country, followed by Indonesia and Vietnam.

Which is the impact of cybercrime on small business?

According to the 2019 Data Breach Investigations Report, 43% of all nefarious online activities impacted small businesses. Giving a look at suffered by organizations, 69% of the attacks were perpetrated by outsiders, 34% involved Internal actors, 5% of them featured multiple parties, 2% involved partners.

According to the annual study conducted by IBM examining the financial impact of data breaches on organizations, the cost of a data breach has risen 12% over the past 5 years and now costs $3.92 million on average. These rising expenses are representative of the multiyear financial impact of breaches, increased regulation and the complex process of resolving criminal attacks. Small businesses with fewer than 500 employees lose an average of $2.5 million due to security incidents.

What about data breaches?

The majority of security breaches were financially motivated, 71%, while 25% of breaches were motivated by the gain of strategic advantage (espionage).

29% of breaches involved use of stolen credentials, 32% of them were the result of phishing attacks. 25% of breaches were motivated by the gain of strategic advantage (espionage)

cybercrime statistics

What about malware?

According to the Symantec 2019 Internet Security Threat Report, The number of attack groups using destructive malware increased by +25, the number of ransomware attack increased for 12%, very concerning it +33% increase in mobile malware.

Bots and worms continue to account for the vast majority of Internet of Things (IoT) attacks, in 2018 Symantec reported a significant increase of targeted attack actors against smart objects confirming the high interest in IoT as an infection vector.

Pierluigi Paganini

(SecurityAffairs – cybercrime statistics, hacking)

The post Cybercrime Statistics in 2019 appeared first on Security Affairs.