CSRF Flaw Allowed Hackers to Access Legal Docs

This week, the Alert Logic team highlights Scottish Parliament Under Siege from Brute-Force Cyber Attack and a New Exploit Kit Emerges on Underground Forums. Read the full report to learn more and get access to the week’s Top Malicious IP addresses.

Breach

CSRF Flaw Allowed Hackers to Access Legal Docs

A cross site request forgery (CSRF) flaw that made it possible for attackers to access court documents on the PACER system while making legitimate users pay for it has finally been plugged. The Pacer court document service used by more than a million journalists and lawyers has raked in more than $1 billion since it was established in 1995.

Free Law said the flaw was the result of Pacer failing to implement anti-CSRF protections that are standard on virtually all fee-based sites. It's likely the protections have never been present during the 22 years Pacer has been in existence. Web development tools make it easy to include the protections in Web pages, but Free Law said it suspects Pacer doesn't use these tools.

References: Uh-oh. Court Records System Vulnerable to Hackers for Decades | PACER Vulnerability Allowed Hackers to Access Legal Docs While Sticking Others with the Bill | Court Records System has Been Open to Hackers for Decades

Mitigation Strategies:

Malware

Android Malware Found on Google Play

Security researchers have discovered two apps offered in the Google Play store which contain highly malicious software components. Google performs security scans on Android apps before they can be offered from the Play store, but developers are increasingly obfuscating their code to make it harder for Google's systems to spot malicious software. As of August 24, both apps were still available to download.

The first app, called Earn Real Money Gift Cards, contains the notorious bankbot malware. This can mimic the login pages of many legitimate bank apps, fooling users into revealing their login name and password. The second, called Bubble Shooter Wild Life, contains a "dropper" which can download and install other applications or malware without the user being aware.

References: Android Malware Found on Google Play Abuses Accessibility Service | Researchers Find More Malware-Infested Apps on Google Play | Experts Believe That an Increase in the Number of Malware for Android is the Fault of One Person

Mitigation Strategies:

This Week's Suspicious IP Addresses

211.151.121.41 219.234.85.219
121.199.29.243 121.199.58.131
223.202.19.39 111.13.100.247

*IP addresses provided by Recorded Future.