Network Security News Weekly | February 19th, 2018 | Ingalls Information Security
Scroll To Top

Network Security News Weekly - February 19, 2018
February 19, 2018

Current cybersecurity news to keep you informed.
IT Services | Government | Financial | Healthcare | Non-Profit

Articles of interest from the past week:

XXE Vulnerability in HP Project and Portfolio Management Center
An XXE vulnerability was recently discovered in the way that HP Project and Portfolio Management Center (HP PPM) processes imported tickets. Specifically, this recently discovered XML external entity injection vulnerability allows an attacker to exploit the application that parses XML input and reflects it back to the user without any validation. Misconfiguration of the XML parser permits the execution of malicious input. This XXE vulnerability allows for a local file read of the system, providing file read access to any authenticated user, and can also be remotely exploited to execute a Man-in-the Middle (MitM) attack and Cross-site Request Forgery (CSRF). (By: Dwight Hohnstein, Rhino Security Labs)

Amazon AWS Servers Might Soon Be Held for Ransom, Similar to MongoDB
Amazon AWS S3 storage servers have been leaking data all 2017, being behind some of the most notable data leaks of last year, including breaches at the NSA, the US Army, analytics providers, and more. Those incidents happened because companies left data on publicly-readable S3 buckets. Publicly-writeable buckets allow any user, with or without an Amazon S3 account, to write or delete data on the AWS S3 instance, which is even more dangerous than publicly-readable servers. 7% of all Amazon AWS S3 buckets are reported as publicly-writeable. (By: , BleepingComputer)

Small Business Web Hosting Services Could Leave Small Businesses at Risk of Facilitating Phishing Scams
Many web hosts are helping small businesses implement SSL/TLS, with the majority of hosts integrating the process into their basic hosting plans or offering them as straightforward options for an additional fee. SSL/TLS technology ensures users are visiting a legitimate website and not an imposter. It also provides encrypted communications to protect personal information sent between the website and a user’s computer, as well as other website security safeguards. FTC staff recently discovered that only two of their reviewed web-hosting companies implement SPF or DKIM by default, while none offer support for DMARC as a standard feature of their hosting services. Three of the 11 hosts also do not provide any method for configuring DMARC. (By: Federal Trade Commission)

Taking cybersecurity beyond a compliance-first approach
With high profile security breaches continuing to hit the headlines, organizations are clearly struggling to lock down data against the continuously evolving threat landscape. Yet these breaches are not occurring at companies that have failed to recognize the risk to customer data; many have occurred at organizations that are meeting regulatory compliance requirements to protect customer data. Organizations and regulators alike need to stop trying to build trust into an infrastructure and adopt a ‘Zero Trust’ mindset. This means decoupling security from the complexity of the IT infrastructure and addressing specific user/ IoT device vulnerability. Instead of firewalls, network protocols and IoT gateways, organizations should consider data assets and applications; and then determine which user roles require access to those assets. (By: , Contributor, CSO)

A secure web is here to stay
For the past several years, Google has moved toward a more secure web by strongly advocating that sites adopt HTTPS encryption. Within the last year, they’ve also helped users understand that HTTP sites are not secure by gradually marking a larger subset of HTTP pages as “not secure”. Beginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as “not secure”. (By: Emily Schechter, Chrome Security Product Manager, Official Google Blog)

Skype can't fix a nasty security bug without a massive code rewrite
Researchers recently found that the Skype update installer could be exploited with a DLL hijacking technique. This would allow an attacker to trick an application into drawing malicious code instead of the correct library. An attacker could then download a malicious DLL into a user-accessible temporary folder and rename it to an existing DLL that can be modified by an unprivileged user, such as UXTheme.dll. The bug works because the malicious DLL is found first when the app searches for the DLL it needs. Once installed, Skype uses its own built-in updater to keep the software up to date. When that updater runs, it uses another executable file to run the update, which is vulnerable to the hijacking. (By:  for Zero Day)


Contact Us

If you are concerned about a potential breach or if you are currently experiencing a breach and require immediate assistance, contact our 24x7x365 Emergency Hotline:

Or fill out our contact form:


Our Goal

We are committed to preventing and responding to data security breaches. We have the most dedicated and qualified analysts in the cyber industry and can identify areas that you should focus on to enhance your level of security and awareness.

Ingalls Information Security