White Hat Hacking with TDL | Cathay Pacific Suffers Data Breach



Libssh Continues to Wreak Havoc

Libssh continued wreaking havoc into late October according to ZDNet, reporting that products from both F5 and Red Hat had been impacted by the Libssh authentication bypass vulnerability (CVE-2018-10933). Red Hat have stated that the “vulnerability affects Libssh shipped in Red Hat Enterprise Linux 7 Extras” and are planning on updating Libssh to a version that is not impacted.

The article also reports that Cisco “has not gone on the record to confirm that its products are affected, but the company has started an investigation into a long list of products that apparently also use Libssh.” A Cisco Security Advisory has been published to track the progress of these investigations. At the time of writing:

  • No products had been confirmed vulnerable;
  • Cisco Content Security Management Appliance (SMA), Cisco Cloud Object Storage, and Cisco Smart Software Manger Satellite are under investigation; and
  • A wide range of Cisco products, including ASAs, Webex, IOS XR software, Nexus 9000 switches, Umbrella, and a host of others, have been confirmed as not vulnerable.

Tenable, the company responsible for the popular Nessus vulnerability scanner, has published a list of plugins that can help identify vulnerable systems, which includes plugins for openSUSE, Slackware, Debian, FreeBSD, Ubuntu, Fedora, and SUSE.

Given that proof-of-concept code has already started to surface on GitHub, it is recommended that customers keep an eye on security advisories from their chosen vendors, and run vulnerability scans to identify potentially-impacted systems in their networks.


ZDNet has released an article reporting that the personal information of roughly 75,000 people has been stolen by hackers that have breached the sign-up system on the Healthcare.gov website in the Unites States. The Federally Facilitated Exchange (FFE) system is used by healthcare insurance agents to enrol uses into Obamacare plans through the Healthcare.gov portal. Details on how the breach occurred have not been disclosed.

Closer to home, the opt out period for Australia’s My Health Record closes on 31st January 2019.  If you want to opt out, please make sure you do so before this time. If you choose to stay enrolled, please inform yourselves on how to secure the information stored in your record.

Cathay Pacific Breaches

Cathay Pacific announced in late October that it “has discovered unauthorised access to some of its information system containing passenger data of up to 9.4 million people.” In their announcement, Cathay said:

The following personal data was accessed: passenger name; nationality; date of birth; phone number; email; address; passport number; identity card number; frequent flyer programme membership number; customer service remarks; and historical travel information.

In addition, 403 expired credit card numbers were accessed. Twenty-seven credit card numbers with no CVV were accessed. The combination of data accessed varies for each affected passenger.

ABC News is reporting that Hong Kong’s privacy commissioner has ordered an investigation/compliance check of the airline. Cathay Pacific’s stock plunged to its lowest level in over a decade in response to the breach disclosure.

Cisco Webex Meetings Desktop App for Windows Vulnerability

AusCERT have released an External Security Bulletin reporting a vulnerability in Cisco Webex Meeting Desktop App for Windows, which could allow an authenticated, local attacker to execute arbitrary commands as a privileged user.  The ESB summary states:

While the CVSS Attack Vector metric denotes the requirement for an attacker to have local access, administrators should be aware that in Active Directory deployments, the vulnerability could be exploited remotely by leveraging the operating system remote management tools.

The ESB also identifies impacted products:

This vulnerability affects all Cisco Webex Meetings Desktop App releases prior to 33.6.0, and Cisco Webex Productivity Tools Releases 32.6.0 and later prior to 33.0.5, when running on a Microsoft Windows end-user system.

As per Cisco’s Security Advisory, there are no workarounds for this issue, but Cisco have released updated versions of Cisco Webex Meetings Desktop App (33.6.0 and 33.5.6) and Cisco Webex Productivity Tools (33.0.5). Windows Webex users are encouraged to check their current version and upgrade as required.

Contact Us today to find out how Thomas Duryea Logicalis can support you with your organisation's security concerns and posture.

Tags Security, Privacy, Cisco, Google Chrome, HTTPS Sites, Cybercriminals, Spyware, Malware, Malicious Attacks, Apple, Attackers, Cybersecurity, Libssh, Supply-chain-attacks, Audits, Github, Vulnerability, Cathay Pacific


Contact Us