Cybersecurity Weekly: Ryuk ransomware, High Risk Vulnerabilities in Monitoring Fabric, Cisco patched authentication bypass bugs

Last week in review: Breaches, Vulnerabilities, Patches & Updates

Breaches

• The U.S. Coast Guard (USCG) has acknowledged that systems at a Maritime Transportation Security Act regulated facility were infected with Ryuk ransomware. The incident resulted in 30 hours of downtime for the facility’s primary operations. The USCG Marine Safety Information Bulletin does not identify the facility or indicate when the incident occurred beyond noting that it was “recent.”
• Landry’s, a Texas-based restaurant chain, is investigating a breach of its point-of-sale (POS) system. The company’s security team found malware designed to steal payment card data. Following a 2016 breach of its POS system, Landry’s stepped up the security with end-to-end encryption of payment card data while the information is being processed. However, order entry terminals, which are also used to swipe rewards cards, did not receive the same security upgrade; some wait staff may have mistakenly swiped customers’ cards on these machines, which exposed the data to theft. The malware is believed to have existed on the system between from March 13, 2019, to October 17, 2019, although at some locations, the malware was active since January 18, 2019.
• An insufficiently secured database that belongs to Internet of Things (IoT) vendor Wyze exposed device information and customer email addresses. Wyze sells smart cameras, smart door locks and other household IoT products. The database was unsecured for more than three weeks. The leak affects 2.4 million users. Some of the compromised data include personal health information.

Vulnerabilities

• Two high-severity vulnerabilities recently addressed in the Big Monitoring Fabric application could allow an attacker to remotely access affected systems. Security researchers revealed that the solution is impacted by a cross-site scripting (XSS) and a sensitive information disclosure flaw.
• Proof-of-concept (PoC) exploits were recently made public by researchers for remote command execution and information disclosure vulnerabilities affecting many D-Link routers. The remote command execution vulnerability, tracked as CVE-2019-17621, is related to how UPnP requests are handled and it can allow an unauthenticated attacker to take control of vulnerable devices. However, exploitation requires access to the local area network (LAN) housing the router, which, D-Link says, “narrows the risk of an attack considerably.”
• US-CERT Vulnerability Summary for the week of December 30, 2019.

Patches & Updates

• Cisco Systems has issued patches for three critical vulnerabilities impacting a key tool for managing its network platform and switches. The bugs could allow an unauthenticated, remote attacker to bypass endpoint authentication and execute arbitrary actions with administrative privileges on targeted devices.
• Two high-severity buffer overflow vulnerabilities patched in the OpenCV library could lead to arbitrary code execution. OpenCV (Open Source Computer Vision Library) is an open source library that contains over 2,500 optimized computer vision and machine learning algorithms and which aims to accelerate the use of machine perception in commercial products.
• Mozilla has announced that it's rolling out changes under the California Consumer Privacy Act (CCPA) to all Firefox users worldwide.The CCPA, known as America's toughest privacy legislation, came into effect on January 1, 2020, offering Californian users data-protection rules better suited to today's world of data collection.Much like Europe's GDPR, the CCPA gives consumers the right to know what personal information is collected about them and to be able to access it.