Security News for the Week Ending June 14, 2019
SandboxEscaper Releases Yet Another Windows Zero-Day
SandboxEscaper has it in for Microsoft. He or she has released over a half dozen zero-days including four of them just a couple of weeks ago. He or she has put Microsoft behind the power curve multiple times and now he or she is doing it again.
This time SandboxEscaper has figured out how to exploit the patched version of one of the previous exploits. This exploit can be triggered silently with no obvious warning to the user. There is no patch available for it yet. Source: The Hacker News.
If history is any example, this is probably not the last time we will hear from SandboxEscaper.
License Plate Pictures Taken by CBP Cameras Available on the Dark Web
As reported last month but not confirmed by Customs and Border Protection until this week, an unnamed vendor of license plate readers to CBP and others was hacked and hundreds of gigabytes of data stolen.
Included in that data was thousands of photos of license plates captured at the US border and travelers at US Airports and they are available on the dark web.
The government (no surprise) has a poor vendor cyber risk management program. The vendor, widely believed to be Perceptics, although the government is shielding it for some unknown reason, copied data from the government’s computers to their own. After this, the vendor was hacked and hundreds of gigabytes of data stolen. Source: The Register.
A Year Later, U.S. Government Websites Are Still Redirecting to Hardcore Porn
Dozens of U.S. government websites appear to contain a flaw enabling anyone to generate URLs with their domain names that redirect visitors to porn sites.
Gizmodo reported this a year ago and it is still not fixed, Actually a few sites were fixed and a few more added to the broken list.
Users were being redirected from government sites to sites with names like” Two Hot Russians Love Animal Porn”. One site infected was the Department of Justice’s Amber Alert site. To be clear, the government is not running porn sites.
And these are folks that we are relying to to protect our cyber universe. Source: Gizmodo.
Philly Courts Still Down After Cyber-Attack Last Month
Another day, another city. In this case, it was the court system in Philadelphia was hit by a cyber-attack.
After the attack, e-filing, docketing and email systems were taken down and now there are still problems.
So far, the courts have released very little information – not even the name of the firm that they hired to fix their mess. Likely, that will come out later.
Suffice it to say, with each of these attacks, it becomes more and more important to evaluate YOUR disaster recovery system. Can you afford to be down for weeks in case you suffer an attack? Source: Infosecurity Magazine.