Skip to content

AT&T suffers insider data breach


AT&T has become the latest multinational company to suffer a data breach after one of its own employees gained access to customer data. The US mobile telecoms giant has started informing around 1,600 customers in Vermont that their personal data was breached in August.

In a letter posted on the Vermont government’s website, AT&T confirmed that a former employee had broken the company’s privacy policy and obtained customer data, including unique customer numbers, social security numbers and driver’s license numbers. AT&T has not said why the employee stole the information or whether he used it for malicious purposes, but it is nevertheless a serious breach and the federal authorities have been informed.

Although this is a smaller incident in comparison to recent cyber-attacks on JPMorgan Chase and iCloud, it is a reminder to IT managers about the dangers of insider data breaches. Whether intentional or not, internal breaches can be equally as damaging as external attacks and IT departments ignore this at their peril. Ensuring that your internal policies and controls are watertight and that employees are educated in data security is just as important as protecting your network from outside cyber-attacks.

New security flaw uncovered in WordPress


Researchers have revealed a potentially serious flaw in WordPress software, that allows hackers to search for abandoned or inactive WordPress sites before mounting phishing attacks aimed at enticing users to install infected updates.  Hackers can then quickly hijack the website and direct visitors to deliver malicious content.

WordPress is by far the most popular content management system. Having initially found success as a blogging platform, it is now hugely popular for business websites, operating as either a framework or a hosting service. However, the open-source nature of the system, as well as its popularity among web novices, does make it vulnerable when flaws are found. The report encountered several compromised WordPress websites.

WordPress offers a potentially easy entry point for hackers to introduce malware onto networks. Failing to maintain and update WordPress websites and plugins businesses are leaving themselves susceptible to attack. Businesses should be informing staff to only install updates and plugins from trusted sources and increasing awareness of this tactic. By properly educating staff and regularly updating WordPress businesses will be able to close off any potential weaknesses and reduce their susceptibility to attack.

Shell Shock Rapid 7 Threatsweeper


By now, you may have heard about CVE-2014-6271, also known as the “bash bug“, or even “Shell Shock”, that may affect your organisation. It’s rated the maximum CVSS score of 10 for impact and ease of exploitability. The affected software, Bash (the Bourne Again SHell), is present on most Linux, BSD, and Unix-like systems, including Mac OS X. New packages were released today, but further investigation made it clear that the patched version may still be exploitable, and at the very least can be crashed due to a null pointer exception. The incomplete fix is being tracked as CVE-2014-7169.

How do you protect yourself?

The most straightforward answer is to deploy the patches that have been released as soon as possible. Even though CVE-2014-6271 is not a complete fix, the patched packages are more complicated to exploit. We expect to see new packages arrive to address CVE-2014-7169 in the near future. If you have systems that cannot be patched (for example systems that are End-of-Life), it’s critical that they are protected behind a firewall. And test whether that firewall is secure.

How can we help?

Pentura Threatsweeper service (Powered by Rapid7) has been updated with authenticated and remote checks for CVE-2014-6271. Checks for CVE-2014-7169 will follow as soon as they are verified.

If you have any questions, please contact the Pentura support team:

Many thanks,

The Pentura Team

Chat Forums the Latest Method of Attack for Hackers


Reports surfaced this week that Amazon’s Twitch.TV gaming site had been hit by a malware attack that targeted chat forums to access user’s machines.  Hackers were found to be sending phishing messages across the site’s chat forums, which lured users with offers of raffle prizes, then drops a malicious Windows binary file on anyone who replies with their name and email address.

The news presents an interesting twist on traditional phishing scams and provides yet another platform for hackers to target sensitive information.  The obvious attraction for criminals are the large numbers of users on chat forums and the fact that the platforms offer a haven for phishing scams.

With chat forums becoming increasingly popular in the corporate environment this is a trend that businesses should be monitoring closely and reacting quickly to adjust data loss prevention strategies to maintain security. With employees turning to chat forums to share best practice and problem shoot they need to be aware that they don’t know the identity, or credentials, of the people they are interacting with.

Hackers targeting chat forums will rely upon users trusting they are there to legitimately share information and assist one another to increase the chances of them opening links and files that contain malware. The attack on Twitch is a warning shot to organisations and has given them advanced warning of this latest tactic of the cyber-criminal.

Pentura Recruiting

Pentura are currently recruiting for CHECK Team Members (CTM) with Web Application Testing experience.

Please send CVs to:

James Taylor

Head of Penetration Testing Services

Flexible Working Enlarges Scope of IT Security


New Kaspersky research released this week reported that Children are a major threat to internet security with 20% of parents reporting losing money or information due to their children’s online activity. While parents are already feeling the repercussions of children using devices, businesses should also be taking note of the threat posed.

With professionals increasingly working from home and employees offering flexible working it is important that organisations and their employees are aware of the implications for both security and data loss prevention. While flexible, home based working provides many benefits it is critical that organisations pay careful consideration to the expanded IT, security and data protection implications that accompany these changing working patterns. This extends beyond children using devices with business critical information stored on but also the other challenges posed by the home environment.

Employees working from home need to consider setting up separate work accounts with robust access controls on personally owned devices to ensure that family members, including children, cannot inadvertently put business information at risk. Equally employers need to be setting out clear guidelines on the use of business issued devices for home use and providing relevant security and data loss prevention for home working.

Ultimately employers need to be treating data security in home ‘offices’ with the same level of importance as they would on any business owned property, providing employees with the training and solutions required to holistically secure business data. An out of sight, out of mind approach to data security towards home based employees could prove a costly mistake.

Gmail Flaw Highlights Mobile App Risks


Researchers at the University of California’s College of Engineering and the University of Michigan have identified a weakness in Gmail’s mobile application that could allow malicious third party apps to obtain personal information from users’ email accounts. Researchers found that 92 percent of Gmail accounts, and around 82 per cent of the several apps they tested, can be cracked using the memory interrogation technique.

While this is an alarmingly high success rate the important fact is that this predominantly results from social engineering attacks or downloads of infected applications rather than a direct flaw in the Gmail application. This can probably be linked to the fact that both businesses and individuals are increasingly using a range of mobile applications from a variety of developers and sources. While these applications can have a lot to offer it is important that users consider the access they may be inadvertently offering to third parties by using such services.

With applications often requiring a variety of access permissions, people need to be aware of the other functionality and systems running on their device that they might be making accessible to external parties and hackers. Individuals and businesses alike should carefully consider and research what applications they are downloading to their mobile devices to ensure they don’t inadvertently leave themselves open to attacks from hackers. Simple steps like only downloading apps from trusted stores and developers can massively reduce the risks of cyber-attacks that people are exposed to.

In the case of businesses this should fall under a clearly defined data loss prevention strategy that covers all aspects of their IT operations. This includes both managing the applications used on corporate devices and ensuring staff receive the required training to reduce the risk of an infected app making its way onto the corporate network.