Security Bulletin #121 – 6 Juin 2017
A new technique to deliver Malware via PowerPoint presentations
Security researchers recently discovered several malicious PowerPoint files that exploit the mouseover events to execute PowerShell code. Threat actors are sending out spam messages with subject lines such as “Purchase Order #130527” and “Confirmation,” and attachments named “order.ppsx” or “invoice.ppsx.” If the user hovers the mouse over the link, the execution of PowerShell code is triggered. Note that the code is triggered even if the users doesn’t click it. The Protected View security feature will inform the user of the risks and prompts them to enable allow the execution. If the user enables the content, the PowerShell code is executed and a domain named “cccn.nl” is contacted to download and execute a file that is responsible for delivering the malware downloader.
Over 8,600 Vulnerabilities Found in Pacemakers
``If you want to keep living, Pay a ransom, or die.`` This could happen, as researchers have found thousands of vulnerabilities in Pacemakers that hackers could exploit. Millions of people that rely on pacemakers to keep their hearts beating are at risk of software glitches and hackers, which could eventually take their lives. The White Scope analysis covered implantable cardiac devices, home monitoring equipment, pacemaker programmers, and cloud-based systems to send patient's vital data over the Internet to doctors for examining. All of the programmers examined by the security firm had outdated software with known vulnerabilities, many of which run Windows XP. Researchers discovered that the Pacemaker devices do not authenticate these programmers, which means anyone who gets their hands on an external monitoring device could potentially harm heart patients with an implanted pacemaker that could harm or kill them. The list of security vulnerabilities the researchers discovered in devices made by four vendors includes hardcoded credentials, unsecured external USB connections, the failure to map the firmware to protected memory, lack of encrypted pacemaker firmware updates, and using universal authentication tokens for pairing with the implanted device.
Enterprise patching... is patchy
Delays in updating software and operating systems are putting organizations at greater risk of attacks, according to research by Duo Security. The survey, based on real-world data*, found that less than a third (31 per cent) of Windows endpoints are running the latest version, Windows 10. More than half (53 per cent) of endpoints are running an out-of-date version of Flash, leaving them wide open to various vulnerabilities. And one in eight (13 per cent) endpoints are running an unsupported version of the Internet Explorer browser. Three quarters of all healthcare organizations are running Windows 7 – higher than the industry average and likely a factor in why the NHS fared so badly during the recent WannaCrypt ransomware attack. A minority (3 per cent) of all endpoints are still running totally unsupported Windows XP.