Select Page
Experian South Africa Suffers Data Breach Affecting Millions; Attacker Identified

Experian South Africa Suffers Data Breach Affecting Millions; Attacker Identified

The South African arm of one of the world’s largest credit check companies Experian yesterday announced a data breach incident that exposed personal information of millions of its customers.

While Experian itself didn’t mention the number of affect customers, in a report, the South African Banking Risk Information Centre—an anti-fraud and banking non-profit organisation who worked with Experian to investigate the breach—disclosed that the attacker had reportedly stolen data of 24 million South Africans and 793,749 business entities.

Notably, according to the company, the suspected attacker behind this breach had already been identified, and the stolen data of its customers had successfully been deleted from his/her computing devices.

“We have identified the suspect and confirm that Experian South Africa was successful in obtaining and executing an Anton Piller order which resulted in the individual’s hardware being impounded and the misappropriated data being secured and deleted.”

Experian South Africa has already reported the breach to law enforcement and the appropriate regulatory authorities.

The company claims there is no evidence indicating whether the stolen data includes consumers’ credit or financial information or used for fraudulent purposes before authorities had it deleted.

“Our investigations also show that the suspect had intended to use the data to create marketing leads to offer insurance and credit-related services.”

“The compromise of personal information can create opportunities for criminals to impersonate you but does not guarantee access to your banking profile or accounts. However, criminals can use this information to trick you into disclosing your confidential banking details,” says SABRIC CEO, Nischal Mewalall.

images from Hacker News

Microsoft Issues Emergency Security Updates for Windows 8.1 and Server 2012 R2

Microsoft Issues Emergency Security Updates for Windows 8.1 and Server 2012 R2

Microsoft has issued an emergency out-of-band software update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 systems to patch two new recently disclosed security vulnerabilities.

Tracked as CVE-2020-1530 and CVE-2020-1537, both flaws reside in the Remote Access Service (RAS) in a way it manages memory and file operations and could let remote attackers gain elevated privileges after successful exploitation.

In brief, the Remote Access Service functionality of the Windows operating system allows remote clients to connect to the server and access internal resources from anywhere via the Internet.

A patch for both vulnerabilities was first released on August 11 with the batch of August Patch Tuesday updates, but it was for Windows 10, Windows 7, and Windows Server 2008, 2012, 2016, 2019, and Windows Server versions 1903, 1909, and 2004 systems.

A week later, yesterday, on August 19, the company announced that Windows 8.1 and Windows Server 2012 R2 systems are vulnerable to both privilege escalation vulnerabilities and released out-of-band patches.

images from Hacker News

Experts Reported Security Bug in IBM’s Db2 Data Management Software

Experts Reported Security Bug in IBM’s Db2 Data Management Software

Cybersecurity researchers today disclosed details of a memory vulnerability in IBM’s Db2 family of data management products that could potentially allow a local attacker to access sensitive data and even cause a denial of service attacks.

The flaw (CVE-2020-4414), which impacts IBM Db2 V9.7, V10.1, V10.5, V11.1, and V11.5 editions on all platforms, is caused by improper usage shared memory, thereby granting a bad actor to perform unauthorised actions on the system.

By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service, according to Trustwave SpiderLabs security and research team, which discovered the issue.

“Developers forgot to put explicit memory protections around the shared memory used by the Db2 trace facility,” SpiderLabs’s Martin Rakhmanov said. “This allows any local users read and write access to that memory area. In turn, this allows accessing critically sensitive data as well as the ability to change how the trace subsystem functions, resulting in a denial of service condition in the database.”

IBM released a patch on June 30 to remediate the vulnerability.

images from Hacker News

A New Fileless P2P Botnet Malware Targeting SSH Servers Worldwide

A New Fileless P2P Botnet Malware Targeting SSH Servers Worldwide

Cybersecurity researchers today took the wraps off a sophisticated, multi-functional peer-to-peer (P2P) botnet written in Golang that has been actively targeting SSH servers since January 2020.

Called “FritzFrog,” the modular, multi-threaded and file-less botnet has breached more than 500 servers to date, infecting well-known universities in the US and Europe, and a railway company, according to a report released by Guardicore Labs today.

“With its decentralised infrastructure, it distributes control among all its nodes,” Guardicore‘s Ophir Harpaz said. “In this network with no single point-of-failure, peers constantly communicate with each other to keep the network alive, resilient and up-to-date.”

In addition to implementing a proprietary P2P protocol that’s been written from scratch, the communications are done over an encrypted channel, with the malware capable of creating a backdoor on victim systems that grants continued access for the attackers.​

images from Hacker News

Critical Jenkins Server Vulnerability Could Leak Sensitive Information

Critical Jenkins Server Vulnerability Could Leak Sensitive Information

Jenkins—a popular open-source automation server software—published an advisory on Monday concerning a critical vulnerability in the Jetty web server that could result in memory corruption and cause confidential information to be disclosed.

Tracked as CVE-2019-17638, the flaw has a CVSS rating of 9.4 and impacts Eclipse Jetty versions 9.4.27.v20200227 to 9.4.29.v20200521—a full-featured tool that provides a Java HTTP server and web container for use in software frameworks.

“Jenkins bundles Winstone-Jetty, a wrapper around Jetty, to act as HTTP and servlet server when started using java -jar jenkins.war. This is how Jenkins is run when using any of the installers or packages, but not when run using servlet containers such as Tomcat,” read the advisory.

“The vulnerability may allow unauthenticated attackers to obtain HTTP response headers that may include sensitive data intended for another user.”

The flaw, which impacts Jetty and Jenkins Core, appears to have been introduced in Jetty version 9.4.27, which added a mechanism to handle large HTTP response headers and prevent buffer overflows.

“The issue was in the case of a buffer overflow, we released the header buffer, but did not null the field,” Jetty’s project head Greg Wilkins said.

To handle this, Jetty throws an exception to produce an HTTP 431 error, which causes the HTTP response headers to be released to the buffer pool twice, in turn causing memory corruption and information disclosure.

Thus, due to the double release, two threads can acquire the same buffer from the pool at the same time and potentially allow one request to access a response written by the other thread, which may include session identifiers, authentication credentials, and other sensitive information.

images from Hacker News