The following is this week’s sample of ThreatScape® Media Highlights – an email roundup of security headlines augmented by insights and analysis from iSIGHT Partners. Our cyber threat intelligence clients receive this update daily.
Wednesday, 6 January 2016
Cisco Jabber Client Vulnerable To Man-In-The-Middle Attack
From The Media
Cisco’s Jabber instant messaging client possess a vulnerability that could result in a man-in-the-middle situation. The flaw affects Jabber for Windows, iOS and Android platforms. Cisco indicated they did provide warning to their customers; however, a patch was not made available.
Read the Story: Threat Post
iSIGHT Partners Analyst Comment
We believe this vulnerability poses a limited threat to enterprises utilizing vulnerable versions of Cisco’s Jabber client. Cisco reports that Cisco Jabber for Windows/Android/iPhone and iPad versions 10.6(6) and prior, 11.0(1) and prior and 11.1(2) and prior are vulnerable. To exploit encryption downgrade vulnerabilities, an attacker needs to be able to intercept messages between the client and server, which typically means the attacker already has network access or will exploit another vulnerability to gain access. However, with this type of access, attackers are more likely to go after other information or targets other than encrypted Jabber traffic.
Related iSIGHT Partners Reports
15-00014726 (Cisco Jabber Vulnerability CVE-2015-6409), 25 Dec. 2015
Intel-1267065 (‘POODLE’ Attack Method Exploiting Flaws in SSL 3.0), 15 Oct. 2014
14-00000080 (Certain 1.x Implementations Vulnerable to Modified POODLE Attack Method), 9 Dec. 2014
Google Fixes Dangerous Rooting Vulnerabilities In Android
From the Media
Google recently released firmware updates for Nexus devices and will release patches to the Android Open Source Project. The updates patch vulnerabilities that could enable actors to remotely control a victim’s device. More specially, the patches address six critical, two high and five moderate vulnerabilities.
Read the Story: The Hill
iSIGHT Partners Analyst Comment
iSIGHT Partners considers all the recent Android vulnerabilities to be either low or medium risk. These vulnerabilities, while affecting Android devices, behave similarly to their workstation counterparts, requiring user interaction for exploitation to be successful. The unique concern comes from Google not directly controlling when patches are made available to Android users. Patch availability follows the discretion of the individual mobile device manufacturers, meaning some devices may remain vulnerable in the near to midterm.
Related iSIGHT Partners Reports
16-00000148 (Google Android Mediaserver Vulnerability CVE-2015-6636), 5 Jan. 2016
16-00000146 (Google Android misc-sd Vulnerability CVE-2015-6637), 5 Jan. 2016
16-00000144 (Google Android Trustzone Vulnerability CVE-2015-6647), 5 Jan. 2016
Mystery Database Leaks Conservative’s Personal Details
From The Media
Following the recent voter registration leak of about 191 million voters comes another leak of about 56 million records. The records are thought to belong to a right-wing Christian group. The leaked database is believed to have been updated as recently as April 2015. In addition to personal information ranging from dates of birth, addresses and telephone numbers, 19 million of the records were assigned highly specific categories, such as “bible lifestyle,” hunting, fishing, NASCAR, etc.
Read the Story: CSO Online
iSIGHT Partners Analyst Comment
The existence and leak of such a database is certainly plausible. While it is doubtful this information by itself can be used to conduct identity theft or financial fraud, such large-scale specific labeling of individuals’ interests could be used to support widespread phishing campaigns. If personal information is matched to e-mail addresses, then cyber criminals would have a highly valuable database for informing phishing lure designs. Further, malicious individuals could use this database to target individuals of alternate positions on polarizing political issues, such as gun rights, via slanderous Facebook campaigns or otherwise.
Related iSIGHT Partners Reports
ThreatScape Media Highlights (191 Million U.S. Voter Registration Records Leaked In Mystery Database), 29 Dec. 2015
15-00011616 (Update: Additional Information on Possible Major Breach of Voter Data), 21 Oct. 2015
15-00010956 (Reputable Underground Vendor Allegedly Sells Information on 190 Million US Persons), 12 Oct. 2015
Xfinity’s Security System Flaws Open Homes To Thieves
From The Media
Researchers with Rapid7 have recently discovered that vulnerabilities in the Comcast Xfinity home security system could allow an attacker to alter the alarm system to make it appear that doors are open, etc., on the victim’s device. Since the system uses the ZigBee-based protocol, actors can use radio jamming equipment to intercept or block signals sent between the various sensors and hub.
Read the Story: Wired
iSIGHT Partners Analyst Comment
The device’s failure to alert users when communications have become interrupted or unreliable and the long recovery time could enable thieves to bypass the notification system. Individuals relying on home alarm systems that are susceptible to jamming and fail to alert users of such a condition should consider at least one secondary alternative for home security. Radio jamming has been used in auto thefts to prevent car owners from locking their vehicles remotely, and could be adapted for home burglary.
Related iSIGHT Partners Reports
15-00000482 (Key Fob Spoofing Used in Significant Portion of Auto Thefts Likely to Increase), 28 Feb. 2015
Intel-1234296 (September 2014 Baseline for the ‘Internet of Things’ (IoT): Excitement Continues, but Security Concerns Growing), 15 Sept. 2014
BIMCO Releases First Cybersecurity Guidelines For Shipping Industry
From The Media
The Baltic and International Maritime Council (BIMCO) recently released the first cyber security guidelines for the shipping industry. The guidelines, which are the result of a collaborative effort of several international shipping associations, aim to inform relevant personnel of the cyber security risks the shipping industry faces. The guidelines are intended to be regularly updated to reflect shifting and developing threats.
Read the Story: SC Magazine
iSIGHT Partners Analyst Comment
iSIGHT Partners believes the shipping industry’s cyber security awareness to be generally nascent; however, increasing media coverage of cyber security research related to the transportation sector may be changing this at least to some extent. While we have not yet reviewed the guidelines in detail, we believe that their establishment will likely be a positive, early step in fostering awareness and developing industry standards. It may also be worth noting that some jurisdictions might consider whether or not a ship operator followed industry standards, such as the guidelines, when determining liability following a cyber security-related incident.
Related iSIGHT Partners Reports
Intel-1266615 (Threats to the Maritime Shipping and Shipbuilding Industries), 21 Oct. 2014
15-00014446 (Maritime Voyage Data Recorders Found Vulnerable), 16 Dec. 2015
Intel-1273351 (Threats to Transportation Sectors: 2014 Update), 27 Oct. 2014
The post ThreatScape Media Highlights Update – Week Of January 6th appeared first on iSIGHT Partners.
