In the headlines: UK military cyber defense centre, WordPress and Joomla applications, Magnitude Exploit kit and more

UK establishes £40m military cyber defense centre

With the huge proposals and funding pumped into cyber security by the US government lately, there was no doubt the UK would soon be following suit. Plans were unveiled last week for a £40m Cyber Security Operations Centre, to be based at a Ministry of Defense centre in Wiltshire. This is a part of the 5 year, £1.9bn investment in cyber security the government has promised. As yet, we have no further information about exactly what sort of work will be carried out at this centre,only that it aims to protect defense infrastructure. This doesn’t seem to have links to the sort of activities carried out at GCHQ, which is where most cyber surveillance work is carried out.

This comes in the same week that the pentagon officially launched their ‘hack the pentagon’ bug bounty programme we’ve previously blogged about and we can’t help but wonder if something similar might soon follow in the UK.

WordPress and Joomla applications under attack

Attackers are taking advantage of the latest method to carry out injections of malicious code, using the jQuery library. Researchers have said that around 70 million WordPress and Joomla! files could be affected. The tiny script, which can only be found by looking at the source code of a site, simple points to another, malicious JavaScript source located on a malicious domain. The injected code is used to improve the SEO ranking of other sites. Sources of the malicious code appear to be based mainly in Russia and South America. Webmasters are advised to keep their WordPress and Joomla! applications up to date and to frequently scan their websites for vulnerabilities.

55m Philippines’ voter records leaked

In a national breach of epic proportions, officials have admitted that 55 million voters’ details have been leaked. The details were held on a database owned by the Philippines’ Commission on Elections which in March came under attack from the Philippines branch of Anonymous, who defaced the website. Soon after this, another hacker collective calling themselves ‘LulzSec Pilipinas’ leaked the entire database online. The data leaked including passport details and fingerprints and comes some weeks before the general election due to take place on 9 May. This might be the biggest breach to affect a government entity yet, following the breach of 20m US citizens’ data from the US Office of Personnel Management last year.

Class action from former Sony Pictures employees comes to an end

In a lawsuit which started with the now legendary hack of Sony Pictures, their former employees who made up a class action lawsuit of some 435,000 people have now been granted a maximum of $10,000 apiece, in a result due to cost Sony in excess of $15m. Sony also had to agree to providing identity theft protection for the employees until the end of 2017, and set up a reversionary fund to cover the costs of anyone who had to invest in personal protection following the hack. Sony still have at least one lawsuit pending against them following the attack but this class action was surely the most costly.

Magnitude exploit kit based on Flash zero day

We could genuinely set a placeholder for this story: Adobe have just patched yet another zero day vulnerability in Flash, found to be exploited in the “Magnitude Exploit kit” which is linked to “Locky” ransomware, whereby infected systems are encrypted and the owners held to ransom. In a further blow to Adobe this week, Microsoft revealed that they would be disabling, or rather automatically pausing, non-essential elements of Flash in their new Edge browser. This latest vulnerability is critical and should be patched immediately. Or, as Brian Krebs continues to suggest, Flash can be removed completely.

Millions of cable modems at risk of a CSRF attack

A flaw recently discovered in all Surfboard SB6141 modems is expected to send ISP helpdesks into total meltdown very soon. The Cross Site Request Forgery could allow attackers to disconnect users from the Internet. This would be triggered by the user clicking on a malicious link. With 135 million of these modems reportedly in circulation, the impact of such a flaw is potentially huge, although naturally the manufacturers are downplaying the issue and offering a firmware update should the ISPs choose to pass it on to users.