The art of illusion has fascinated us for thousands of years. From the early days when magic was associated with the devil and the occult; to Harry Houdini, who was known for his amazing escape acts; to David Copperfield , who is the most successful illusionist in history. There is an expression that applies to magic (and sometimes our industry): “It’s all done with smoke and mirrors,” which is usually used to explain something that can’t be explained. But in the end, we know there is always an explanation for magic.
Unfortunately, “bad” magic can happen in your network and there’s no trick to make the bad things disappear. We’ve almost become numb to the headlines we see every day where a major retailer or a healthcare provider is being compromised by cyberattacks, losing millions of dollars, critical data and even their good reputation. As individuals, we’re somewhat at the mercy of organizations we deal with to ensure that our account information is secure from malicious outsiders, but we also have a personal responsibility to make sure we’re using multi-factor authentication and not writing down passwords on a sticky note. So imagine if you’re a prospect in the National Football League (NFL) who is projected to be picked number one in the NFL draft. Laremy Tunsil was an offensive tackle from the University of Mississippi who was on his way to being the number one pick in the draft. Right before the draft was scheduled to start, “magic” happened and he dropped to number 13. Why? Someone hacked Tunsil’s Twitter account and posted a video of him smoking an illegal substance. Then his Instagram account had a posting of his alleged conversations with his college coaches about paying his rent. As you can imagine, NFL teams are cautious about paying millions of dollars to an individual who participates in questionable off-field activities. It’s one thing to participate in activities your future employer might not approve of; it’s another when those activities are all over social media. It doesn’t matter if you’re an enterprise or an individual…security is your responsibility. Laremy Tunsil ended up losing over $8 million dollars as a result of the hacks on his accounts!
It’s No Illusion – ImageMagick Vulnerabilities are “ImageTragick”
Last week, flaws were found in the ImageMagick library of tools. ImageMagick is a popular open-source image processing tool used in many content management systems, social media sites and Web servers. According to researchers, these vulnerabilities can allow attackers to take complete control over those systems. US-CERT issued an alert about the vulnerability (CVE-2016-3714) and there are already reports of exploits in the wild with attackers attempting to upload seemingly innocent images that contain malicious malware.
Last Thursday, TippingPoint released DVToolkit CSW file CVE-2016-3714.csw to detect attempts to exploit a command injection vulnerability in ImageMagick. The specific flaws are due to insufficient validation when running delegate commands in MVG or SVG files. A remote attacker can leverage the vulnerability to execute arbitrary code in the context of the application. That CSW file will be made obsolete by the following Digital Vaccine (DV) filter released in this week’s DV package to our customers:
This week’s DV package also includes the following filters to address the additional ImageMagick vulnerabilities found:
Microsoft Patch Tuesday Update
This week’s Digital Vaccine (DV) package includes coverage for the Microsoft Security Bulletins released on or before May 10, 2016. The following table maps Digital Vaccine filters to the Microsoft Security Bulletins. Filters designated with an asterisk (*) shipped prior to this week’s package, providing zero-day protection for our customers:
|Bulletin #||CVE #||Digital Vaccine Filter #||Status|
|MS16-055||CVE-2016-0170||Local only, not network exploitable|
Missed Last Week’s News?
There are five new zero-day filters covering one vendor in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website.
Updated Existing Zero-Day Filters
This section highlights specific filter(s) of interest in this week’s Digital Vaccine package that have been updated as a result of a vendor either issuing a patch for a vulnerability found via the Zero Day Initiative or a vulnerability that has been published by the Zero Day Initiative in accordance with its Disclosure Policy.
Today’s featured updated filters include Microsoft vulnerabilities that were found at Pwn2Own 2016: