Data Security News Headlines 30th March 2017

  1. Millions of Websites Affected by IIS 6.0 Zero-Day

An IIS web server accepts requests from remote client computers and returns the appropriate response. This basic functionality allows web servers to share and deliver information across local area networks, such as corporate intranets, and wide area networks, such as the internet. According to researcher more than 8 million websites could be exposed to a buffer overflow vulnerability in Internet Information Services (IIS) 6.0 that has been exploited in the wild since July 2016. The bug was found in the ScStoragePathFromUrl function of the Web Distributed Authoring and Versioning (WebDAV) service in Windows Server 2003 R2’s IIS 6.0. The issue tracked as CVE-2017-7269, resides in the improper validation of an ‘IF’ header in a PROPFIND request and could allow an attacker to cause a denial of service or to run arbitrary code. The WebDAV extension of the HTTP protocol allows clients to perform remote Web content authoring operations, offering support for new HTTP methods, including COPY, LOCK, MKCOL, PROPFIND, and UNLOCK. According to the researcher, the vulnerability could be exploited with an overly large ‘IF’ header in the ‘PROPFIND’ request with at least two http resource in the IF header and successful exploitation could lead to remote code execution or denial of service.

Cyber Security Tips:  Users and administrators are recommended that disabled the WebDAV service on the vulnerable IIS 6.0 installations or install the latest version of IIS.

  1. Police Arrest Man Potentially Linked to Group Threatening to Wipe Millions Of iPhones

From last few months, iPhone users are targeted by hackers to wipe out data from their iPhone as well as iCloud accounts. The British authority has reportedly arrested a 20-years-old young man who is one of a member of a cyber-criminal gang ‘Turkish Crime Family’ who threatened Apple last week to remotely wipe data from millions of iOS devices unless Apple pays a ransom of $75,000.  Last week, the hacking group claimed to have access to over 300 million iCloud accounts and threatened Apple to remotely wipe data from those millions of Apple devices. Apple released a statement, saying that there have not been any breaches to its servers and databases; instead, the data in possession with hackers appears to be from previously compromised third-party services, such as LinkedIn. The company also said it is working with law enforcement to identify the criminals. Apple is actively monitoring to prevent unauthorized access to user accounts and is working with law enforcement to identify the criminals involved,” Apple said in the statement according to news published by Hacker News.

Cyber Security Tips: Arrest doesn’t mean your iCloud data is safe, there’s still the possibility of them remotely wiping victim’s Apple devices and resetting iCloud accounts. Users are strictly recommended that change your iCloud passwords immediately and enable two-step authentication.

  1. Siemens RUGGEDCOM Devices Affected by Several Flaws

Siemens has shared recommendations for mitigating several medium and high severity vulnerabilities affecting some of the company’s RUGGEDCOM products. Four types of security holes have been identified in RUGGEDCOM appliances running any version of ROX I. A majority of the vulnerabilities were discovered and reported by researcher Maxim Rupp, including cross-site scripting (XSS), path traversal, privilege escalation and cross-site request forgery (CSRF) issues. One XSS flaw was also discovered by Siemens itself. The security hole exists due to several issues related to improper access control mechanisms, missing checks for unrestricted file uploads, and server misconfigurations. The vulnerabilities affect the web interface on port 10000/TCP and they either require the targeted user to click on a link according to news published by Security Week.

Cyber Security Tips: company hasn’t released any updates, Siemens has advised users to obtain a mitigation tool that can be used to disable the web interface and guest/operator accounts on the affected ROX I devices.

 

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a free website or blog at WordPress.com.

Up ↑

%d bloggers like this: