In the headlines: David Jones and T-Mobile hack, remote code execution bugs, WinRAR vulnerability, and more

Australian department store David Jones victim of hack

Australian department store giant David Jones has informed customers through a notice on their site, that they were recently hacked. However, they also assured account holders that no financial data had been breached and that there was no need to take any action. The Australian Federal Police are now investigating and the company released the following statement ‘We are committed to making this right and are taking action to reduce the likelihood of this happening again. We are reviewing our systems, security measures and working with expert security consultants. Protecting our customers is of paramount importance to us”

VMware vCenter and ESXi fall foul of remote code execution bugs

A flawed configuration of the Java Management Extension of VMware’s vCenter has been identified as the cause of an exploit which would allow remote code execution on host machines. Security researcher Doug McLeod and an anonymous source have been cited as those who discovered the bug, which could allow full compromise of an environment.

Some instances of ESXi are also affected and patches are now available for both tools.

Claims APAC region at greater risk of APT attacks

A newly published report studying Advanced Persistent Threat attacks in the APAC region has found organisations in the region are 45% more likely to be at risk of attack than the global average. In 2014, a similar report showed that 80% of all APT attacks took place in South Korea, Hong Kong, Taiwan and Japan.

Awareness of cyber security in the East has risen in the last year, thanks to breaches such as the Japanese Pension Service, where details of 125 million people were accidentally leaked. Telco company Pacnet was also a victim when a third party gained full access to its IT systems. The report authors point out that a high level of geopolitical tension is reflected in the increase of cyber activity, which they expect to continue to escalate in the coming months.

WinRAR vulnerability puts 500 million users at risk

This latest zero-day might affect the most users of any vulnerability so far this year. With 500 million users, a ‘high severity’ vulnerability was found in WinRAR, a program used to compress and decompress files. The vulnerability is yet to be patched and was said to be a remote code execution flaw. What makes this vulnerability particularly dangerous is that it affects SFX files (self-extracting files), which means a user is unable to check if the file is a genuine WinRAR SFX file or a malicious one.
As there is no patch yet available, Windows users are advised to use a different archiving software until a proper update has been made.

Windows accidentally pushes Windows 7 test update to all users

The most amusing story of this week is that an odd-looking Windows update was accidentally pushed to all Windows 7 users. The ‘test patch’ was flagged as an important update titled ‘Windows Language Pack’ but raised suspicions with strange, inaccessible URLs and a lack of details. A number of people even thought the Windows Update Service might have been hacked and users infected with malware.

A no doubt red-faced Microsoft spokesperson soon released a statement confirming that a test patch had been released accidentally and that they were in the process of removing it. Some users have reported that installing the update had led to their machine crashing frequently but as it has now been removed by Microsoft we have little information as to what it contained.

Hackers steal data of 15m T-Mobile users

You’ve probably heard of Experian; it’s a credit-checking service used by many large companies to compile user information and check their credit status. This is not the first time they’ve had a breach, but this one is particularly notable as it affects 15m T-mobile customers’ data. The stolen data includes names, dates of birth and encrypted details such as social security and passport numbers, though naturally we don’t know how good their encryption is. Considering both Experian and T-Mobile admitted that said encryption may have been cracked by the hackers, it’s likely to be out of date.

The breach affects people who applied for a plan with T-mobile in the last two years, and as recently as September 16, which is presumably when the breach occurred. The concern with this breach is the level of data held about the customers; although credit card and banking details were not included in the breach, the amount of data held could easily be used for identity theft.