Saturday, March 25, 2017

Cyber Updates - 25/03

Hey all,
Here are this week's cyber updates:

(1) For those of you who haven’t noticed, last week WikiLeaks has disclosed several exploits allegedly used by the CIA. A thorough analysis of the exploits has revealed a vulnerability (CVE-2017-3881) in Cisco devices, allowing remote unauthenticated users to execute code on numerous Cisco devices.
While the vulnerability exists in the Cluster Management Protocol, Cisco devices in their default configuration are also vulnerable (even if no cluster configuration was set).
According to Cisco, the vulnerability exists due to the combination of two factors:
The failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device, and
The incorrect processing of malformed CMP-specific Telnet options.
To date, Cisco has yet to issue a patch, thus causing numerous Cisco devices (listening on the Telnet protocol) to remain vulnerable.
Organizations that use Cisco devices are urgently requested to block Telnet access to all Cisco devices.

Here are all the details:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp

(2) A hacking group, known as the “Turkish Crime Family”, have claimed to hack numerous iCloud accounts. The group has threatened Apple that they will wipe more than 200 million accounts if their ransom demand is not paid by April 7th. 
Apple has claimed that there was no evidence of their system being hacked, but couldn’t rule out that 3rd party websites were hacked and that users have reused their passwords for their Apple ID.

In any case, it is advised to change your Apple ID password as a precaution.

Here are all the details:
https://motherboard.vice.com/en_us/article/hackers-we-will-remotely-wipe-iphones-unless-apple-pays-ransom
https://twitter.com/turkcrimefamily/status/844225625909051393

(3) Google Chrome has begun distrusting Symantec Extended Validation certificates after the company was caught improperly issuing EV certificates.
The EV status of Symantec CA will no longer be recognized by the Chrome browser for at least a year, until Symantec fixes its certificate issuance processes so that it can be trusted again.
Whether Google wants to make the internet safer, or wants to push clients into using their own CA, clients would definitely think twice in the near future before issuing an EV certificate from Symantec.

Here are all the details:
http://thehackernews.com/2017/03/google-invalidate-symantec-certs.html

Stay tuned for more updates,

Dan Gurfinkel
Head of Offensive Security & Response Unit