Go to:

May 2018
< Apr Jun >
Leaguer Email Subscription

You are not currently subscribed. Click Subscribe below to receive the Leaguer email.

Breaches on the Rise in U.S. Business Sector; MS Word Vulnerability
Monday, April 17, 2017 6:30 AM

The U.S. business sector has seen a 54 percent jump in the number of total breaches reported so far. As of April 11, the total number of breaches captured in the 2017 ITRC Breach Report from the San Diego-based Identity Theft Resource Center now totals 431, an increase of 37.3 percent over last year’s record pace (314) for the same time period. The total number of reported records exposed totals almost 8 million, with the business category representing more than half of the breaches and more than 6 million records.

With 21 breaches added in just the last week reported, the five industry sectors are broken down by number of breaches as follows: business 54.1 percent; medical/healthcare 24.1 percent; educational 14.4 percent; government 5.6 percent; and banking/credit/financial 1.9 percent.

The number of reported records, by category, included: banking/credit/financial 20,000; business 6,194,367; educational 41,448; government/military 170,683; and medical/healthcare 1,499,258.

The business category encompasses retail services, hospitality and tourism, professional, trade, transportation, utilities, payment processors, and other entities not included in the other four sectors. It also includes nonprofit organizations, industry associations, and non-government social service providers, as well as life insurance companies and insurance brokers (non-medical).

A new cybersecurity survey shows a significant drop in business' confidence in security technology.

McAfee reported attackers are exploiting a previously unidentified vulnerability in Microsoft Word, which security researchers said can install malware even on fully patched computers. Because the HTML application is executable, the attacker can run code on the affected computer while evading memory-based mitigations designed to prevent these kinds of attacks.

Activation of the vulnerability takes place when a mark opens a fake Word document, which downloads a malicious HTML application from a server, masked as a rich text document file. The HTML application downloads and runs a malicious script that can stealthily install malware. The exploit connects to a remote server (controlled by the attacker), downloads a file that contains HTML application content, and executes it as an .hta file. Because .hta is executable, the attacker gains full code execution on the victim’s machine.

“Thus, this is a logical bug and gives the attackers the power to bypass any memory-based mitigations developed by Microsoft,” McAfee said in a blog post. “At McAfee, we have put significant efforts in hunting attacks such as advanced persistent threats and zero days. Yesterday, we observed suspicious activities from some samples. After quick but in-depth research, we have confirmed these samples are exploiting a vulnerability in Microsoft Windows and Office that is not yet patched.”

The samples detected are organized as Word files (more specially, RTF files with “.doc” extension name). The exploit works on all Microsoft Office versions, including the latest Office 2016 running on Windows 10. The earliest attack McAfee detected dates back to late January.

Source: Credit Union Times


Assess Your Systems and Manage Your Risk
As technology changes, every credit union faces new security issues. Let Credit Union Resources help you stay on top of it—your future could depend on it. Our team of technology professionals provides guidance on compliance, shares best practices, and performs audits. We have a vested interest in your success, and your cybersecurity matters to us. To find out how we can help you manage cybersecurity and operational risks, contact:

Idrees Rafiq
800-442-5762, ext. 6799

Deanna Brown
800-442-5762, ext. 6464

About Credit Union Resources Inc.
Credit Union Resources is a service corporation that provides industry-leading solutions and expertise to credit unions across the country. Credit Union Resources is a part of the Cornerstone Credit Union League, a regional trade association representing the interests of credit unions in Arkansas, Oklahoma, and Texas.