Siemens SIMATIC S7-300 Profinet-enabled CPU devices with firmware before 3.2.12 and SIMATIC S7-300 Profinet-disabled CPU devices with firmware before 3.3.12 allow remote attackers to cause a denial of service (defect-mode transition) via crafted (1) ISO-TSAP or (2) Profibus packets.
Monthly Archives: June 2016
CVE-2016-4440 (linux_kernel)
arch/x86/kvm/vmx.c in the Linux kernel through 4.6.3 mishandles the APICv on/off state, which allows guest OS users to obtain direct APIC MSR access on the host OS, and consequently cause a denial of service (host OS crash) or possibly execute arbitrary code on the host OS, via x2APIC mode.
CVE-2016-4470 (linux_kernel)
The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.
CVE-2016-5243 (linux_kernel)
The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel through 4.6.3 does not properly copy a certain string, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.
CVE-2016-5244 (linux_kernel)
The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message.
CVE-2016-5728 (linux_kernel)
Race condition in the vop_ioctl function in drivers/misc/mic/vop/vop_vringh.c in the MIC VOP driver in the Linux kernel before 4.6.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (memory corruption and system crash) by changing a certain header, aka a “double fetch” vulnerability.
CVE-2016-5828 (linux_kernel)
The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel through 4.6.3 on powerpc platforms mishandles transactional state, which allows local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly have unspecified other impact by starting and suspending a transaction before an exec system call.
CVE-2016-5829 (linux_kernel)
Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call.
Fraudulent Emails Threaten Businesses withâ€Whalingâ€; A New Scam with a Long History
Last year, an undisclosed employee from Pennsylvania based Alpha Payroll was wrongly fired because he fell for a deceptive cyber-criminal’s trap. The company, Alpha Payroll, is known for processing payroll solutions for businesses, but now the company will be remembered as the victim of a very large Phishing scam.
It all started when an employee received an email from the company’s CEO that stated, “send me copies of all the 2015 W-2 forms produced by Alpha Payroll on behalf of its customers.”
Of course, the employee believed the email was legitimate and he fulfilled the CEO’s request. Attentive and obedient, the assistant fulfills his mission.
But the CEO never sent this email, in fact the company had a policy that prohibits employees from sharing W-2 information. But put yourself in the victim’s shoes, a bottom level employee… would you question an email sent to your from the CEO? Unaware that he was victim of a phishing scam, and that his boss was being impersonated, the employee fell for the scam and, later, was fired.
It wasn’t until one of the company’s clients discovered something strange on payrolls and notified the authorities that an investigation was opened. Alpha Payroll was finally involved in the mess but by then it was too late, they were already involved in a cyber-criminal’s Whaling scheme.
Phishing is old-school. It is the most basic form of impersonation without any specific objective. Then spear phishing was discovered, which is more personalized and directed. Now we have what is called whaling, because cyber-attackers are aiming for senior managers exclusively.
How does Whaling work?
It is easy for an attacker to steal identities that belong to company executives and deceive employees. The fraudsters simply go after employees who are less cautious or unfamiliar with detecting internet fraud.
According to the FBI, whaling has become such a big problem that it has already cost companies in 80 different countries more than 2.3 million dollars (more than 2 billion euros) in the last three years. Since January 2015, the number of identified victims had increased by 270%, including well-known companies like Mattel, Snapchat and Seagate Technologies.
Whaling has already cost companies in 80 different countries more than 2.3 million dollars (more than 2 billion euros).
A great way to protect your business is with a team of duly trained employees, especially those who have access to highly sensitive information or who perform delicate operations like transfers. It is also very important to establish clear policies for transferring information or reports between departments, employees and executives.
The usual protection solutions don’t begin working until after the attack has already been successful, making them impossible to remedy. In order to proactively protect yourself against this type of attack, next-generation EDR solutions are the only option because they look for both unknown and known vulnerabilities. They control 100% of the processes, whether they are malware or goodware, and they are always in control of any strange behaviors.
The post Fraudulent Emails Threaten Businesses with”Whaling”; A New Scam with a Long History appeared first on Panda Security Mediacenter.