Cyber incidents are fast moving and increasing in number and severity. When a cyber incident occurs, the attacked enterprise responds with a set of predetermined actions. Get trending information on exploits, and vulnerabilities every week to help your organisation to be better equipped to avoid being victim of cybercrimes. Anglo African brings you the weekly cyber-attack news wrap-up and remedy tips to support your business to defend against hackers.
Attackers are already exploiting a dangerous privileged account creation hole in the Joomla! content management system attempting, with attempts made on about 30,000 sites in the days days after a patch for the flaw landed. The vulnerability, which allows anyone to create privileged accounts on Joomla! sites, was first flagged in a scant Joomla! pre-release notice warning administrators to prepare for a then un-described but critical patch
Google’s Threat Analysis Group revealed a vulnerability in most versions of Windows that is actively being exploited by malware attacks. Today, Terry Myerson, executive vice president of Microsoft’s Windows and Devices group, acknowledged the exploit was being used actively by a sophisticated threat group—the same threat group involved in the hacks that led to the breach of data from the Democratic National Committee and the Clinton campaign.
A remote code execution vulnerability in popular website backend performance tool Memcached has been found and squashed. Cisco penetration tester Aleksandar Nikolich reported three remote code execution holes in the tool used by big name sites including Facebook, Twitter, YouTube, and Reddit to help decrease database burdens and increase performance. Nikolich says the flaws can compromise the many sites that expose Memcache servers to the internet.
Mozilla has shuttered more than 130 serious vulnerabilities reported by community hackers this year. The browser-backing outfit announced the statistics in a post covering its bug bounty program and broader information security efforts. More than 500 million users ran Firefox at the close of 2015. It’s since become the world’s second-most-used browser.
A new active Angler phishing social media scam campaign has been identified by security researchers, which is targeting all major UK banks and their customers. The scam campaign involves hackers creating fake Twitter accounts, posing as customer support staff, in efforts to hoodwink customers into divulging credentials. In this case, ProofPoint researchers noted that the hackers operating the Angler phishing campaign were monitoring bank customers’ accounts on Twitter.
THe application of digital forensics to cyber security.
Cyber incidents are fast moving and increasing in number and severity. When a cyber incident occurs, the attacked enterprise responds with a set of predetermined actions. Applying digital forensics to aid in the recovery and investigation of material on digital media and networks is one of these actions. Digital forensics is the “process of identifying, preserving, analyzing and presenting digital evidence in a manner that is legally acceptable in any legal proceedings (i.e., a court of law).
Many cyber incidents can be handled more efficiently and effectively if forensics considerations are incorporated into the information system life cycle. Considerations to follow:
• Perform regular backups of systems and maintain previous backups for a specific period of time.
• Enable auditing on workstations, servers and network devices.
• Forward audit records to secure centralised log servers.
• Configure mission-critical applications to perform auditing and include the recording of all authentication attempts.
• Maintain a database of file hashes for the files of common operating system and application deployments, and use file integrity checking software on particularly important assets.
• Maintain records (e.g., baselines) of network and system configurations.
• Establish data retention policies that support the performance of historical reviews of system and network activity, comply with requests or requirements to preserve data that are related to ongoing litigation and investigations, and destroy data that are no longer needed.