Imperva cloud firewall pwned, D-Link bug uncovered – plus more

Including: Visual Studio Code debug hole found

Roundup It's time for another security news catch-up.

Imperva announces database break-in

Security house Imperva says that back in October of 2018 an attacker got hold of an API that was then used to access an AWS database containing customer emails along with hashed and salted passwords.

The company found out about the intrusion in August of this year and, following several weeks of investigation, is delivering their findings.

"We have since gone back and looked for malicious activity, leveraging threat intelligence feeds in conjunction with audit logs (see product security update below), related to accounts in the dataset," said Imperva CTO Kunal Anand.

"Thus far, we have not found any malicious behavior targeting our customers (logins, rule changes, etc.) and have implemented procedures to continue monitoring for such activity. We remain vigilant, however, and will continue to monitor for malicious behavior."

DCH caves, pays ransom

Early in October, Alabama-based hospital chain DCH announced that it had fallen victim to a ransomware attack.

The US hospitals now say they are recovering, but it has come at a steep price. DCH has admitted that in order to begin the process of getting its systems back online, the hackers' ransom demands had been paid.

"In collaboration with law enforcement and independent IT security experts, we have begun a methodical process of system restoration," DCH said.

"We have been using our own DCH backup files to rebuild certain system components, and we have obtained a decryption key from the attacker to restore access to locked systems."

This is a good time to point out that paying the ransom demand is generally a bad idea and more often than not, doesn't actually work. Instead, keeping regular backups and having a recovery plan are advised.

There was a mild panic last week when tweets circulated that FireEye discovered a China-linked hacking crew, known as APT41, had broken into TeamViewer customer accounts. However, TeamViewer has stressed this is not "a compromise of TeamViewer or a previously undisclosed incident." FireEye, which was presenting at its security conference this month, was likely referring to that time a few years ago when TeamViewer was probed by hackers, and some customer accounts were pwned via their insecure passwords. So, no new hack.

Old D-Link routers get fresh crop of bugs

Fortinet has issued a warning over new security vulnerabilities in D-Link routers that can be exploited to hijack this equipment. The command-injection flaw is present in the DIR-655, DIR-866L, DIR-652, and DHP-1565 lines.

Unfortunately for users, these devices are end-of-life, so there won't be any firmware updates coming.

Direct email marketing biz Click2Mail confirmed it was hacked. "We have learned that your personal information, including name, organization name, account mailing address, email address, and phone number may have been compromised," it told customers in an email.

Ormandy strikes again with Visual Studio bug

Google bug-hunter Tavis Ormandy has disclosed a new security vulnerability, this time in Visual Studio for Linux and Windows. According to Ormandy, a miscreant could access a built-in on-by-default remote debugger, potentially allowing for a sandbox escape. The flaw has been fixed by Microsoft, and patches should be making their way to users shortly.

Manhattan prosecutors accused of hacking iPhones during investigations

A report from OneZero claims that going back to 2018, the Manhattan District Attorney's office, in the USA, has been working with phone-hacking biz Cellebrite.

"A contract obtained by OneZero shows that the Manhattan District Attorney’s office — one of the largest and most influential prosecution offices in the country — has had UFED Premium in-house since January 2018. According to the contract, the DA’s office agreed to pay Cellebrite about $200,000 over three years for UFED Premium," the report reads.

"The $200,000 fee covered software licensing and installation, training for select office personnel on the platform, and an agreed-upon number of phone cracks."

Cisco Talos warns of PDF reader flaws

The team at Talos has disclosed a set of vulnerabilities in the Nitro PDF application that could potentially allow for remote code execution via poisoned documents. There is currently no patch available, so users and admins should take care if they are using Nitro to handle PDFs obtained from untrusted sources. ®

Other stories you might like

  • Azure issues not adequately fixed for months, complain bug hunters
    Redmond kicks off Patch Tuesday with a months-old flaw fix

    Updated Two security vendors – Orca Security and Tenable – have accused Microsoft of unnecessarily putting customers' data and cloud environments at risk by taking far too long to fix critical vulnerabilities in Azure.

    In a blog published today, Orca Security researcher Tzah Pahima claimed it took Microsoft several months to fully resolve a security flaw in Azure's Synapse Analytics that he discovered in January. 

    And in a separate blog published on Monday, Tenable CEO Amit Yoran called out Redmond for its lack of response to – and transparency around – two other vulnerabilities that could be exploited by anyone using Azure Synapse. 

    Continue reading
  • Cisco warns of security holes in its security appliances
    Bugs potentially useful for rogue insiders, admin account hijackers

    Cisco has alerted customers to another four vulnerabilities in its products, including a high-severity flaw in its email and web security appliances. 

    The networking giant has issued a patch for that bug, tracked as CVE-2022-20664. The flaw is present in the web management interface of Cisco's Secure Email and Web Manager and Email Security Appliance in both the virtual and hardware appliances. Some earlier versions of both products, we note, have reached end of life, and so the manufacturer won't release fixes; it instead told customers to migrate to a newer version and dump the old.

    This bug received a 7.7 out of 10 CVSS severity score, and Cisco noted that its security team is not aware of any in-the-wild exploitation, so far. That said, given the speed of reverse engineering, that day is likely to come. 

    Continue reading
  • I was fired for blowing the whistle on cult's status in Google unit, says contractor
    The internet giant, a doomsday religious sect, and a lawsuit in Silicon Valley

    A former Google video producer has sued the internet giant alleging he was unfairly fired for blowing the whistle on a religious sect that had all but taken over his business unit. 

    The lawsuit demands a jury trial and financial restitution for "religious discrimination, wrongful termination, retaliation and related causes of action." It alleges Peter Lubbers, director of the Google Developer Studio (GDS) film group in which 34-year-old plaintiff Kevin Lloyd worked, is not only a member of The Fellowship of Friends, the exec was influential in growing the studio into a team that, in essence, funneled money back to the fellowship.

    In his complaint [PDF], filed in a California Superior Court in Silicon Valley, Lloyd lays down a case that he was fired for expressing concerns over the fellowship's influence at Google, specifically in the GDS. When these concerns were reported to a manager, Lloyd was told to drop the issue or risk losing his job, it is claimed. 

    Continue reading

Biting the hand that feeds IT © 1998–2022