Cybersecurity Weekly: Philadelphia Department of Public Health, critical Linux bug and new Kubernetes builds

Each week, Wipfli’s cybersecurity professionals review the latest breaches, vulnerabilities, patches and updates.

Breaches

• The Philadelphia Department of Public Health inadvertently exposed on its website the records of thousands of hepatitis patients. The accessible health department data included reports of patients diagnosed with hepatitis B or C from 2013 to 2018.
• A northwestern Indiana hospital system is warning more than 68,000 patients that their personal information, including Social Security numbers and health records, may have been exposed during a data breach. Methodist Hospitals has been mailing letters to patients detailing the steps they can take to safeguard themselves against possible fraud.
• “BriansClub,” one of the largest underground stores for buying stolen credit card data, has itself been hacked. The data stolen from BriansClub encompasses more than 26 million credit and debit card records taken from hacked online and brick-and-mortar retailers over the past four years, including almost eight million records uploaded to the shop in 2019 alone.

Vulnerabilities

• A critical Linux bug has been discovered that could allow attackers to fully compromise vulnerable machines. A fix has been proposed but has not yet been incorporated into the Linux kernel. The flaw (CVE-2019-17666), which was classified as critical in severity, exists in the “rtlwifi” driver, which is a software component used to allow certain Realtek Wi-Fi modules, used in Linux devices, to communicate with the Linux operating system.
• A new vulnerability has been discovered in Sudo—one of the most important, powerful, and commonly used utilities that comes as a core command installed on almost every UNIX and Linux-based operating system. The vulnerability in question is a sudo security policy bypass issue that could allow a malicious user or a program to execute arbitrary commands as root on a targeted Linux system even when the "sudoers configuration" explicitly disallows the root access.
• US-CERT Vulnerability Summary for the week of October 14, 2019.

Patches & Updates

• New Kubernetes builds have been released to address a pair of vulnerabilities. Users are urged to upgrade to Kubernetes builds 1.14.8, 1.15.5 or 1.16.2. One of the vulnerabilities lies in the way the Go language handles certain HTTP headers and can be exploited to bypass authentication controls. The second flaw is a denial-of-service vulnerability in the API server.
• Adobe has released updates to address 67 vulnerabilities in Reader and Acrobat, 45 of which are rated critical. Adobe also released fixed for a dozen vulnerabilities in Experience Manager. In addition, Cisco Talos added 76 new rules for Snort.
• Symantec has released a new update for its Endpoint Protection Client software to fix a problem that was causing a Blue Screen of Death error on some Windows machines. The problem was reported after users installed the October 14 Intrusion Protection signature. Symantec recommends that users “download latest Intrusion Prevention signature 2019/10/14 r62, or rollback to an earlier known good content revision to prevent the BSOD situation.”