POS Malware Alert - AbaddonPOS and Cherry Picker

Two new malware files have been identified targeting point-of-sale (POS) terminals called AbaddonPOS and Cherry Picker. 

The AbaddoPOS malware is delivered by the Angler Exploit Kit or through an infected Microsoft Office document. The malware targets the memory of all processes running on the infected system (excluding its own memory space) looking for card data. Once the card data has been found, it is sent back to a Command and Control (C&C) server. 

The Cherry Picker also targets card data but there is some further functionality built-in to it. It tries to clean up after itself and this is the main reason why it went undetected for such a long time. Another characteristic of the Cherry Picker is that it focuses on just one process that is known to contain card data. That way it attracts as little attention as possible, compared to trying to target all running processes on the infected system.

Guest Speaker for Cardiff University - CyberSecurity and the Payment Card Industry

I had the pleasure to be invited as a guest speaker to Cardiff University in order to give a talk about: "CyberSecurity and the Payment Card Industry". 

The talk starts with an introduction to the Payment Card Industry (PCI),  Payment Card Industry Data Security Standard (PCI DSS) and the Payment Card Industry Security Standards Council (PCI SSC). The participants are given the opportunity to understand what is an Approved Scanning Vendor (ASV), the responsibilities of a Qualified Security Assessor (QSA) and last but not least the job of a PCI Forensics Investigator (PFI).

Adobe Flash patches 17 remote code execution vulnerabilities

Adobe Flash version 19.0.0.245 was released today. This version patches 17 remote code execution vulnerabilities if exploited [see here]. Adobe said that there are no reports of public exploits for any of the patched flaws.

In addition to the desktop version of Flash for Windows and Mac OS X, Adobe also updated Flash for Internet Explorer 11 and Microsoft Edge, both of which are expected to be included in today’s Microsoft Patch Tuesday security bulletins. Adobe also updated Flash Player for Linux and various Adobe Air products for Windows, iOS and Android mobile devices. 

To verify the version of Adobe Flash Player installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe (or Macromedia) Flash Player" from the menu. To verify the version of Adobe AIR installed on your system, follow the instructions in the Adobe AIR TechNote. 

For those of us using multiple browsers, perform the check for each browser you have installed on your system. The Flash updated packages can be found here.

CVE numbers: CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7659, CVE-2015-7660, CVE-2015-7661, CVE-2015-7662, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, CVE-2015-8046

During last month’s scheduled update, Adobe patched Flash and Acrobat Reader addressing 69 critical vulnerabilities that could lead to code execution and information disclosure. Just three days later, Adobe updated Flash once again with an emergency patch that addressed a zero-day type confusion* vulnerability. The zero-day was being exploited by a Russian-speaking APT group during Operation Pawn Storm.

*Type confusion vulnerabilities occur when the code doesn't verify the type of object that is passed to it, and uses it without type-checking. 

October’s Cyber Aftermath, CyberSecurity Awareness Month

October is known as being the Cyber Security Awareness Month. Many campaigns especially during October are trying to teach and raise the awareness about Cyber Security. Public and private initiatives especially during this month, are trying to raise the awareness further on online security and safety. 

Unfortunately there are still many steps that need to be made towards awareness and Cyber Security. Businesses and individuals are still affected by cyber-attacks and security breaches. The discovery and investigation of a breach can be a very time-consuming process and this is the main reason it takes so long to be reported.

Even though patches and updates are available for most security vulnerabilities as soon as they are discovered, new threats and zero days (0day) are constantly surface and exploited. 

During this month a number of security breaches, cyber-attacks and vulnerabilities were announced. Let's see this month's aftermath...

CyberSecurity Strategy and Essentials

Cybersecurity becomes even more complicated in the context of today’s threat landscape, which is not only constantly changing, but is also expanding at an increasingly fast rate. This is the most problematic element of Cybersecurity; its evolution is so fast and unpredictable while the nature of the risks involved are constantly changing.

Managing security by diverting resources to the most crucial system components in order to reduce the likelihood of a successful breach, is now considered to be an insufficient approach in the current environment of advanced cyber threats. Threats are changing faster than traditional risk management approaches can deal with, and a more proactive, focused and adaptive approach is needed to manage an effective Cybersecurity strategy.

Good security management is a continuous effort with preparation, readiness, and good planning being the best approach. To achieve this, there are some basic best practices that can be considered essential to organisations that need to protect their assets from the most common and opportunistic cyber-attacks.