Welcome to the Ironshare Cyber Round-up where we look back atthe events of that last week and cover some of the news, posts, views, and highlightsfrom the world of Security.
In this week’s round-up:
Google have recently introduced a new Chrome feature whichnotifies a user when their account details have been compromised in a databreach. Upon entering their credentials, the user will receive a notificationsuggesting that they change their passwords. As well as this, Google areforever expanding their list of unsafe sites that are blocked by Safe Browsingwhich is designed to make the web a more secure place for its users. They havealso dedicated time to improving their predictive phishing protection. Thisfeature, that was introduced in 2017, warns you if you input your login detailson a suspected phishing site. Google have been working hard recently on improvingaccount security and password protection, and so far, they are making goodprogress.
By Blog.Google.com
1&1 Telecom GmbH have been hit with one of the biggestfines seen under the European GDPR legislation. This fine came because of theinsufficient security measures in place in their call centre which allowedunauthorised parties to access their company data. This was in breach ofarticle 32 of the GDPR legislation and resulted in a €9.5 million fine. Theincident only affected a small number of customers, however the German dataprotection agency said that their entire customer base was at risk, so the finewas necessary.
By HotForSecurity.BitDefender.com
Children’s smart toys have become an easy target for manycriminals, and recent research suggests a large number of toys are affected bysecurity flaws. Across seven separate smart toys that were tested, more than 20concerns were raised regarding security issues; one of the most alarming flawswas the lack of secure authentication for Bluetooth connectivity, allowing anattacker to stream audio from the device. If you’re buying your children smarttoys for Christmas, we advise doing some research before hand to ensure thatthey are safe.
By Forbes.com
Password Reuse is a major problem in the world of security,and a recent survey revealed that 49% of users reuse the same password in theirworkplace, and often would only make a minor change, such as adding a capitalletter. As well as reusing passwords, the majority of users relied on humanmemory for storing their passwords, rather than using a password safe. The lackof a password safe encourages reusing passwords because it can be difficultremembering a lot of complex passwords; this was confirmed by recent researchin which 78% of users admitted to forgetting a password and resetting it. Weencourage good password practice and highly recommend the use of a password manager,to not only help you remember passwords, but also generate them and store themsecurely.
By GrahamCluley.com
Microsoft’s Patch Tuesday for December has arrived and features several updates covering 25 vulnerabilities, including 7 which are considered critical. Two critical vulnerabilities addressed in this patch are remote code executions; the first exists in the Windows font library and occurs as a result of the library improperly handling some embedded fonts. This means that an attacker could convince a user to visit a web page which features the malicious embedded font. The other flaw is in the Hyper-V hypervisor, which can occasionally fail to validate input on a guest operating system, even from an authenticated user. This can be exploited by an attacker using a specially crafted application to execute code on a host OS remotely. There are 23 other vulnerabilities addressed in this edition of patch Tuesday which we highly recommend looking into.
By Blog.TalosIntelligence.com
Microsoft have plans to roll out a new phishing protectionfeature in response to recent incidents involving MS Forms. This enhancementaims to restrict repeat offenders who are attempting to phish. Although phishingprotection was introduced in July 2019, these updates that are scheduled aredesigned to massively improve its effectiveness. The new automated review willblock users who have two or more confirmed phishing forms from distributingforms and collecting responses. Global and security admins will be sent dailynotifications regarding potential phishing attempts. There is no preparationthat needs to be done for these new features, however updating training anddocumentation is recommended.
By Microsoft.com
And that’s it for this week round-up, please don’t forget totune in for our next instalment.
Why not follow us on social media using the links providedon the right.
Edition #71 – 13th December 2019
By
Joshua Hare
on
12/12/19
Welcome to the Ironshare Cyber Round-up where we look back atthe events of that last week and cover some of the news, posts, views, and highlightsfrom the world of Security.
In this week’s round-up:
An international investigation has led to the closing downof a website known as Imminent Methods. This site has been a hotspot for peoplelooking to buy hacking tools, or more specifically spying tools; the UK’sNational Crime Agency (NCA) confirmed that around 14,500 people had purchasedsuch tools from the site. Police have raided over 80 properties around theworld in search of the sellers. One of the tools they were selling, known asthe Imminent Monitor Remote Access Trojan, gives an attacker complete controlof an infected device, allowing them to monitor the victim’s activity, accesstheir webcam and even steal data.
By BBC.co.uk
UK based music streaming platform, Mixcloud, has suffered ahuge data breach exposing the account details of over 20 million users. Thebreach, which occurred at the start of November, included the usernames, emailaddresses and passwords of all users affected; After being stolen by theattacker all of the details were listed for sale on the dark web. Shortly afterthe breach, the streaming service issued a customer-wide password reset, butinitially misled users to avoid announcing the breach; it has now been madeclear that this was done to secure the user’s accounts.
By TechCrunch.com
A recently discovered trojan known as CStealer has beendetected in the wild and has been utilising a remote MongoDB database to stashstolen passwords. The passwords are being stolen from Google Chrome and sentdirectly to the database where they can be retrieved by the attacker at a latertime. This technique allows the attacker to gain access to the stolencredentials. We recommend looking into this and taking a look at the CStealerremoval guide included in the post if you believe you may be a victim of thisattack.
By SensorsTechForum.com
A new innovative malware campaign has been discovered thatappears to be targeting educational and healthcare institutions. What makesthis campaign unique is that it utilises a trojanised variant of the populargame Tetris to steal credentials from its victims. This trojan is very advancedand is capable of performing a number of different attacks, includingman-in-the-middle, keylogging, web-injection and credential harvesting. Thisworks once the victim has downloaded the trojanised game and executes CobaltStrike binaries while the application is loading; this also allows the deviceto communicate with the command and control server
By BankInfoSecurity.com
A recently discovered wiper malware named ZeroCleare hasbeen targeting the energy and industrial sectors in the Middle East. This isbelieved to be the work of the group APT34, an Iranian cluster of cyberespionage activity. This attack supposedly started in the autumn of 2018 andcontinued to escalate until summer of 2019 when the attackers used passwordspraying on the local network to access the accounts and gain administrativeaccess. These kind of wiper attacks are typically intended to destroyinfrastructure and disrupt operations and are not interested in stealing data.
By ThreatPost.com
A new Android vulnerability has been discovered that isbeing actively exploited in the wild; the flaw allows phishing overlays andpermission requests to be displayed in legitimate applications on an infecteddevice. The flaw has been named StrandHogg and resides in the taskAffinitycontrol setting on all Android devices; root access is not required to exploitthis flaw and it was confirmed that all versions of Android are affected by it.Google have announced that they have suspended the potentially harmfulapplications to help protect users, but still advise caution when receivingnotifications and requests.
By SCMagazine.com
And that’s it for this week round-up, please don’t forget totune in for our next instalment.
Why not follow us on social media using the links providedon the right.
Edition #70 – 6th December 2019
By
Joshua Hare
on
5/12/19
Welcome to the Ironshare Cyber Round-up where we look back atthe events of that last week and cover some of the news, posts, views, and highlightsfrom the world of Security.
In this week’s round-up:
Over the holiday season, online fraud increasessignificantly, which is why it is so important that you understand how to shoponline safely and securely. The National Cyber Security Centre (NCSC) havecreated a guidance post to help you understand the dangers of online fraud, andhow to effectively minimise the risk of being hit. Some of the advice includesstrong password practice, MFA, choosing where to shop and avoiding unknownlinks. We highly suggest taking the time to read this guide so that you don’tbecome a victim of online fraud over the holidays.
By NCSC.gov.uk
Twitter has offered its users two-factor authentication fora few years now, but they have relied on a method that needed the use of theirphone number, so users been waiting for a more secure way to protect theiraccount. As of last week, twitter is allowing you to remove your mobile phonenumber from your account, while also introducing the use of WebAuthn for 2FA. Thischange was largely the result of their CEO Jack Dorsey recently having hisaccount compromised. This gives users a more secure experience that is both easierand safer to use. If you do not already, we highly recommend enabling 2FA ontwitter to prevent the risk of your account and any associated personalinformation being stolen.
By GrahamCluley.com
The Chinese manufactured kid’s smartwatch SMA M2, which isbeing used by 5,000 children worldwide, has been discovered to have multiplevulnerabilities that leak the user’s personal data; this includes GPS data.Researchers found the data in an unencrypted publicly accessible web API sentfrom the watch’s SIM card. This product is very dangerous as it can reveal thelocation of everyone using it, as well as the names of the child and parentsand ages; another flaw also allows attackers to potentially listen to alltransmitted voice messages and manipulate messages sent from the device. Ifcontinuing to use these Smart Watches we highly recommend updating or simply avoidusing them; at least consider these security risks presented by it.
By ThreatPost.com
As we get closer to the UK Tax Self-Assessment deadline on31st January, HMRC are actively trying to educate its customers onthe dangers of tax scams. They have published a blog discussing tax scams andhow you can effectively spot and avoid them. In the last year, almost 900,000customers have reported suspicious contact from HMRC and over 100,000 of thesewere confirmed to be scams. HMRC want to keep their customers safe and havecompiled a list of advice that they recommend looking into. This includes whatto look out for when checking if you’re being scammed, and what kind ofinformation attackers may ask for. We encourage all customers to take a look atthis guide to help protect you from tax scams.
By Gov.uk
Adobe recently disclosed a security breach that is affectingusers of the Magento Marketplace; the marketplace allows users to buy pluginsfor Magento-based online stores. The breach occurred because of a vulnerabilitythat allowed an unauthorised attacker to gain access to sensitive accountinformation belonging to registered users, however it was confirmed that noaccount passwords or financial information were exposed in the incident.Shortly after the breach, Adobe took the marketplace down, but have announcedthat it is now back online and fully operational.
By ZDNet.com
The research team at Kaspersky Lab has discovered 37CVE-listed vulnerabilities including memory-corruption and remote codeexecution flaws that are affecting the Virtual Network Computing’s (VNC) remotedesktop software. These flaws pose serious threat to users of the product andcan potentially allow an attacker to remotely take control of a targetcomputer. According to the research team, these flaws are affecting around600,000 users who have public-facing machines with VNC access. Immediatesoftware updates are highly recommended so that you are not at risk from theseserious vulnerabilities.
By TheRegister.co.uk
And that’s it for this week round-up, please don’t forget totune in for our next instalment.
Why not follow us on social media using the links providedon the right.
Edition #69 – 29th November 2019
By
Joshua Hare
on
28/11/19
Welcome to the Ironshare Cyber Round-up where we look back atthe events of that last week and cover some of the news, posts, views, and highlightsfrom the world of Security.
In this week’s round-up:
As we enter the holiday season, we will inevitably see the annual increase in online fraud and theft. Retail companies have become a big target for criminals in the last year and have suffered more data breaches than any other company. Due to the ease in which cybercriminals can monetise stolen information the Retail industry have become a bigger target for organised crime. The article covers typical attack methods and advise to retail companies on how they can protect themselves. This includes achieving compliance, securing data and encrypting their payment card systems. The retail industry cannot afford to ignore cybersecurity, if your retail systems are not up to scratch we suggest you get securing them immediately.
By TechRepublic.com
Hours after the release of their new streaming service, Disney+, users took to social media to complain about their accounts being compromised. It was later discovered that these stolen accounts were being listed on hacking websites and were on sale for $1 a month. This was achieved through phishing emails sent to the subscribers, which were used to gain their login credentials. The credentials were changed by the hackers immediately to lock the users out. Users are advised to take caution when responding to emails or clicking links to avoid being involved in this kind of phishing attack.
By InfoSecurity-Magazine.com
The personal information of approximately 2.2 million users has been posted online, including passwords. The leaked information has come from two websites; the first is a cryptocurrency wallet service called GateHub, and the other is a RuneScape bot provider called EpicBot. Around 1.4 million accounts were breached from GateHub, and around 800,000 from EpicBot. The attacker posted the database online, which included 2FA keys, mnemonic phrases and wallet hashes; despite the leaked information, GateHub confirmed that no wallet hashes had been accessed. Any users of these websites are advised to change their passwords as soon as possible.
By ArsTechnica.com
Macy’s recently made an announcement in which they told thepublic of a MageCart skimming attack that was present on their website. Theattack was implanted in the online payment portal of the site and hasreportedly been active since October 7. The company has not disclosed how manycustomers were affected by the breach, or how the unauthorised code made itsway into their website; however they have confirmed that law enforcement and aforensics firm are looking into the incident and are actively investigating theseverity of the breach. More details on the incident included in the originalpost.
By ZDNet.com
A recent phishing scheme has emerged that sends emails using legitimate organisations’ Office 365 infrastructure. The attackers are targeting administrator accounts which they then use to send out phishing emails; by doing this, they do not have to worry about teh organisations users discovering their malicious intent. More details on the nature of this phishing scheme are included in the original post, as well as potential trends and ways to spot them.
By ThreatPost.com
The security research team at Checkmarx have discovered whatis possibly the most alarming vulnerability to date. Their most recentdiscovery is a flaw affecting all Android devices which could allow an attackerto seize control of your smartphone camera, remotely take photographs, recordconversations and discover your location. This vulnerability which is essentiallya full spyware functionality has the potential to impact hundreds of millionsof Android users worldwide. This flaw has been patched for Google devices in arecent update, but there has been no news on Samsung devices yet.
By Forbes.com
And that’s it for this week round-up, please don’t forget totune in for our next instalment.
Why not follow us on social media using the links providedon the right.
Edition #68 – 22nd November 2019
By
Joshua Hare
on
21/11/19
Welcome to the Ironshare Cyber Round-up where we look back atthe events of that last week and cover some of the news, posts, views, and highlightsfrom the world of Security.
In this week’s round-up:
The UK’s Labourparty recently went public about a denial-of-service attack that took theirwebsite offline, however it appears that they also had an unintentional dataleak. According to The Times newspaper, the names of some donors were madeaccessible to the public, as well as the size and time of their donations. Thisinformation could apparently be accessed without security checks on any webbrowser. The DDoS and data breach appear to be coincidental and were notrelated, however the unfortunate timing has made them a target for the media.
By GrahamCluley.com
Apple hasremoved an application from the App Store that allowed users to track otherpeople’s Instagram activity. The app, called Like Patrol, was found to be inviolation of Apple’s data collection policies and immediately removed it fromthe store without question. Like Patrol was charging its’ users $80 per year touse the application; this has the app’s developers unhappy since it isn’tclassified as stalkerware and doesn’t provide any more data than the Instagramservice. This app does not appear to be on any other app store, such as GooglePlay store, meaning it can no longer be downloaded from anywhere legitimate.
By NakedSecurity.com
As Windows7 and Windows Server 2008 approach end of life, users have been worried aboutthe discontinuation of security updates for the operating systems. In responseto this, Microsoft has given users the option to pay for continued securityupdates after support for the operating systems stops. Users have also beengiven the choice to sign up for an extended security update test to ensure theirsystems are ready, before the program goes live on January 14, 2020.
By BleepingComputer.com
TheBlueKeep vulnerability exploit, which is available in a module for theMetasploit penetration testing framework, has reportedly been crashing thesystems it is being used on. Most of the time it works as expected, however itcan occasionally present the user with a blue screen of death error, ratherthan the expected remote shell; this week a fix will be released for the bug,making the attack more reliable. This will likely pave the way for increaseduse against vulnerable systems. If you are yet to patch your systems to protectagainst BlueKeep, we suggest you get this done quickly.
By ZDNet.com
Microsoft’sPatch Tuesday for November has arrived and addresses 75 vulnerabilities, including13 that are considered critical. Among these flaws are remote code executionvulnerabilities in Microsoft Excel and Media Foundation; these are some of themost important flaws patched in this edition. Details on everything addressedin this patch Tuesday are included in the original Talos post. We recommendupdating your systems with these latest patches as soon as possible.
By Blog.TalosIntelligence.com
Adobe’smonthly patch for November addresses three critical vulnerabilities, as well aseight important ones. The critical flaws include two remote code executions forAdobe Illustrator that affect Windows v23.1 and earlier. The other criticalvulnerability was present in the Media Encoder application and only affectsversion 13.1. Details on the rest of the vulnerabilities in this patch areincluded in the original post.
By ThreatPost.com
And that’s it for this week round-up, please don’t forget totune in for our next instalment.
Why not follow us on social media using the links providedon the right.
Edition #67 – 15th November 2019
By
Joshua Hare
on
14/11/19
Welcome to the Ironshare Cyber Round-up where we look back atthe events of that last week and cover some of the news, posts, views, and highlightsfrom the world of Security.
In this week’s round-up:
InSeptember 2017, Equifax suffered a massive data breach affecting 147 millionpeople in the US and 14 million in the UK. The breach included the birth dates,social security numbers and payment card details of all affected users. Thisarticle covers a different, often-missed aspect of a breach; the overwhelming humanimpact on the staff. Loss of the leadership team, long hours, huge pressure,demand and criticism of the IT & Security teams, being forced to maintainsecrecy, and online abuse, all lead to a decline in the mental health of thoseinvolved. The Equifax breach should be a lesson to all Companies; focus on all thepotential impact areas, including human factors and not just the financial consequences.
Over thelast two years, Equifax have responded to the incident by spending $1.25billion on the transformation of their security capabilities. Equifax are now consideredone of the industry leaders in security after the changes made following thebreach.
By BBC.co.uk
A recentsecurity incident has led to customer’s personal information being leaked tothe public. Following the leak, Trend Micro, a global security firm, immediatelystarted to investigate; during the investigation their lead suspect was one oftheir own employees who had stolen the data with malicious intent. Theyconfirmed in a recent report that there was no external hack involved and theleak was in fact a result of an insider threat. Insider threats are often overlookedbut should be seen a major threat to any organisation. The company have sincerely apologized to allwho received scam calls from the criminal and responded to the incident veryquickly.
By TrendMicro.com
Scammers have found a new way to bait their victims into falling for phishing attempts; in a recent campaign, scammers have disguised themselves as the victim’s Human Resources department and tempted them with a pay rise. The email prompts them to open an excel spreadsheet which redirects them to a fake Office 365 login page. These kinds of branded phishing attacks have been very successful against a large number of employees; unless you know what you are looking for, the login page can be very deceiving and often perceived as legitimate. Always be cautious when dealing with emails such as this, and only click on links if you are certain they are from a trusted source. If it sounds too good to be true, your probably right.
By BleepingComputer.com
Researchers have recently identified a spate of MageCart attacks carried out by multiple groups on the same sites at the same time. This is believed to be the result of a cybercrime-as-a-service operation, in which various groups breach websites using card skimming kits purchased on the internet. After an attack is disclosed, it is likely that multiple groups will attempt to take advantage of it. This was seen on the online store PEXSuperstore; the site was infected with two MageCart skimmers that were completely different. The main similarity that researchers have picked up on is that both attacks targeted Magento-based websites and injected code in similar ways; it is believed that these simultaneous attacks are not intentional, with several groups running multiple campaigns without realizing.
By ThreatPost.com
A new zero-day vulnerability has been found that affects the Google Chrome web browser. The exploit was found by Kaspersky, a Russian cyber security firm, who believe it is being used in a campaign known as ‘Operation WizardOpium’; this campaign is possibly linked to the Lazarus group of attacks. The bug has been flagged as very dangerous, as it allows attackers to execute code when exploited. Google have now released a patch for this vulnerability; we recommend applying this patch as soon as possible. More details on the nature of the bug included in the original post.
By GulfNews.com
And that’s it for this week round-up, please don’t forget totune in for our next instalment.
Why not follow us on social media using the links providedon the right.
Edition #66 – 8th November 2019
By
Joshua Hare
on
7/11/19
Welcome to the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
Theelectronics retailer, Currys PC World, was recently targeted by a group offraudsters who have hijacked their eBay account to carry out a series of scams.With access to the retailer’s account, the group was able to change the paymentdetails of listed items, including the iPhone 11 which is currently in highdemand. Those paying for these items via PayPal have had their money stolenfrom their accounts; this was done using a fake PayPal account set up by thescammers. This attack has affected over 600 customers that made purchases onthe weekend of October 19-20. Following this scam, the owners of Currys PCWorld resolved the issue, and confirmed that all customers affected would berefunded.
By BBC.co.uk
Webroot hasreleased its list of 2019’s nastiest malware, including cryptomining campaigns,huge phishing schemes and dangerous ransomware strains. It has been a big year forthe constantly evolving ransomware threat, especially for Emotet. Before their extended summer break, they werecausing mass disruption across the world; the most prominent of their payloadswas Ryuk, which had a massive presence in the first half of 2019. Business EmailCompromise has been a big issue this year, and we have seen a massive rise inemail hijacking; this type of phishing has become more prominent over recentyears. Finally, cryptomining has seen an increase in popularity. The low-riskmethod of acquiring money has become more frequent in 2019 and has proven moreprofitable than most other campaigns, while remaining less malicious. The mostactive cryptomining payload we have seen in use is Hidden Bee, which startedout with Internet Explorer exploits and evolved into payloads packed into imagefiles.
By HelpNetSecurity.com
As peoplebecome more aware of phishing, attackers must find more sophisticated ways toapproach their victims. One way they do this effectively is spear phishing;emails personally tailored to an individual, often from someone they know/workwith. These types of attacks are particularly profitable when targeting thosein the financial industry; this has been an area of focus for most attackers inrecent weeks. Security researchers have really been trying to respond to therecent increase in attacks with various prevention methods, and the bestdefensive measure they recommend is two-factor authentication. More details onspear-phishing included in the original post.
By KnowBe4.com
Security firm Red Goat Cyber Security has recently completed a study on the insider threat, showing whether or not professionals would report others if they noticed suspicious activity. The study records the opinions of over 1000 professionals across various industries; they were given different scenarios and were asked how they would react if different types of people were to be involved. The result of this report was that most employees would not know what to do if they noticed suspicious activity due to their organisation not providing them with guidance or training. In response, Red Goat produced some guidance steps on what should be focused on when it comes to reporting insider threats. This list includes the importance of HR in dealing with suspicions; the full report can be found here.
By SecurityBoulevard.com
Amysterious new piece of malware, called Xhelper, has been plaguing Androiddevices recently; in the last 6 months the malware infected over 45,000 devicesand is constantly spreading. Many users have become aware of the problem anddeleted the malware from their devices, some have even factory reset just to besafe, however this has not proven successful. It appears the malware canreinstall on the target infected device, even after being factory reset. Theapplication is hidden from users and launches itself from external events, suchas installing apps and/or rebooting the device; from this, the device can beconnected to the attacker’s remote command and control server where additionalmalicious programs can be downloaded. This malware is very dangerous and hasprimarily targeted users in India, though it has been observed in the US andRussia as well. Researchers recommend keeping everything up to date to avoidany exploitable vulnerabilities and be careful when granting permissions;installing a good antivirus application would also be a good idea. More detailson the nature of the malware is included in the original post.
By TheHackerNews.com
Its been abig year full of extremely dangerous vulnerabilities that have plagued ourdevices throughout 2019. This summary highlights the biggest and baddest flawsand exploits that 2019 has given us. One of the first big vulnerabilities thathad users all over the world worried was the secret surveillance flaw inApple’s FaceTime app. From this, to the major string of WinRar exploits to theiMessage bugs. This end-of-year summary includes everything you need to knowabout the scariest hacks and vulnerabilities of 2019; details of eachindividual bug is included in the original post.
By ZDNet.com
And that’s it for this week round-up, please don’t forget totune in for our next instalment.
Why not follow us on social media using the links providedon the right.
Edition #65 – 1st November 2019
By
Joshua Hare
on
1/11/19
Welcome to the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security. Following the theme of cyber awareness month, we have included a section on cyber security education!
In this week’s round-up:
It is a loteasier than you may think to give away sensitive information unwillingly, andthis post proves it. There are multiple surveys and interviews included herethat show how easy it can be for your passwords to be stolen; a large number ofpeople use personal information such as birthdays and names for theirpasswords, and in this post you can see how easily an interviewer can figureout passwords. Many people do not understand the importance of account securityand leave themselves vulnerable to attacks by simply answering personalquestions.
This isanother post in John Opdenakker’s Cyber Security Month series which includesmore great advice on how to stay safe online.
By JohnOpdenakker.com
TheNational Cyber Security Centre has reported on their efforts to prevent paymentcard fraud, and in the last year, more than 1 million suspected cases of fraudhave been prevented. Over 1,800 cyber-attacks targeting UK citizens andbusinesses have been thwarted in the first three years of the campaign. Arecent report speaking about NCSC’s efforts to protect the public includeddetails on the fraud prevention plan, as well as their attempts to speed upthreat awareness and combat malicious phishing sites. Since being set up in2016, the NCSC has made huge improvements to the UK’s cyber-security strategyand have even uncovered a Russian group that had gained access to an Iraniancyber-gang to launch attacks against UK universities.
By BBC.co.uk
Popular VPNprovider, NordVPN has responded to suspicions of a breach, and have announcedthat they were in fact hacked. They have disclosed that an expired internalprivate key had been exposed, which could potentially allow an attacker to spinout their own servers imitating NordVPN. Despite reports that the provider doesnot collect or share private data, many are still worried about the hackershaving acquired access to sensitive user data. To gain access to the server,the attackers exploited a vulnerable remote management system, which thecompany was supposedly unaware of. Many are worried about this breach,considering the provider’s promise to ‘protect your privacy online’ and it isbelieved that various other VPN providers were also hit around the same time.
By TechCrunch.com
A newMicrosoft phishing campaign has been discovered that appears to primarilytarget Office365 users. This campaign has proven troublesome due to its complexnature; it appears to target specific users regarding important work-relateddocuments that leads to the compromise of the users accounts. Upon opening thedocument, the victim is redirected to what looks like a legitimate OneDriveportal where they will be prompted to input their login credentials. There area few obvious features of the login page that can easily be recognized as fake,such as the web address; however, unless you are looking out for theseabnormalities, it is easy to fall for the scam. More details on the nature ofthis campaign are included in the original post.
By HeimdalSecurity.com
A massivedata leak of over 2 terabytes of sensitive information has been discovered inthe money-saving websites PouringPounds.com and CashKaro.com. The breachincludes the bank details, email addresses, plain text passwords, usernames andIP addresses of over 3.5 million people who use the sites. The incident wasfound by a group of researchers, who found the publicly exposed database on anelastic server that was not password protected. Upon discovering the breach,the researchers contacted PouringPounds informing them, but did not receive aresponse until over two weeks later. At this point, the database had beenexposed for six weeks; this raises the issue that many companies do not respondto breaches as fast as they should, and often allow the situation to escalatebefore taking action.
By InfoSecurity-Magazine.com
A recentlydiscovered vulnerability in Microsoft SQL Server could potentially allow aremote attacker to take control of a compromised system without the ownerknowing. The backdoor, named Skip-2.0, only works after a device has alreadycompromised, as it is a post-exploitation tool; in addition the malware candisable the machine’s logging capabilities and auditing functions to avoiddetection, this happens every time the ‘magic password’ is used to connect to anyaccount on the server. All of this allows the attacker to change or delete anycontent stored on the server without being detected; this exploit has beenrecognized as the work of Winnti Group, as it uses a variety of their known tools.
By TheHackerNews.com
And that’s it for this week round-up, please don’t forget totune in for our next instalment.
Why not follow us on social media using the links providedon the right.
Edition #64 – 25th October 2019
By
Joshua Hare
on
24/10/19
Welcome to the Ironshare Cyber Round-up where we look back atthe events of that last week and cover some of the news, posts, views, and highlightsfrom the world of Security.
In this week’s round-up:
In John Opdenakker’s CyberSecurity Month series of blogs, he talks about the threat of Tech Support Scamsand what you can do to avoid and protect yourself against them.
A tech support scam is a fraudulent operation in which thecriminals try to convince people that they have serious problems on theircomputer that put them at risk. The scams can be initiated either by thecriminals calling people out of the blue or when people call the numbers thatare shown on this kind of pop-ups in the browser…. Use the link above to headover to his blog and continue reading.
By John Opdenakker.
The UKgovernment announced their plan to implement an age verification system intoporn-hosting websites that would block users if they were deemed under the ageof 18. The idea was first promoted in 2015 and was said to launch in April2018; however, they encountered an overwhelming amount of delays along the way.As a result, the government has decided that the system would not work and havedecided to drop it. Some of the issues encountered were the use of VPNs, socialmedia platforms that allow pornographic content and various providers refusingto allow the verification system. Because of this, the block will not becommencing and an alternate approach is being taken.
By BBC.co.uk
Chinesetelecoms manufacturer, Huawei Technologies, have began meeting with EU members toappeal for a 5G network security partnership, despite concerns raised by theUS. The United States added Huawei to their trade blacklist back in May due toconcerns of their devices being used for spying; following these concerns, theUS advised other allies to do the same. The Chinese manufacturer has announcedits plans to work with European partners and denies the claims made againstthem. German partners finalized their build-out 5G mobile network plans andhave not excluded Huawei from bidding for those networks. Does this mean thatother European countries are going to follow suit, time will tell.
By UK.Reuters.com
The SilentLibrarian threat group that operates out of Iran has launched a new phishingcampaign targeting university students. The scheme involves highly targeted,socially engineered emails that redirect the victim to a landing page whichthen requests their credentials. These attacks have proven very successful;researchers discovered that in September, 20 new phishing domains weretargeting more than 60 universities all over the world. The targeted attackswere especially successful, including topics such as university services andloan claims. Details on how the attacks are carried out are included in theoriginal post.
By ThreatPost.com
Researchersat Morphisec have discovered a new vulnerability in iCloud for Windows andiTunes for Windows that allows an attacker to bypass endpoint protection andactive antivirus software. The flaw was discovered in the update deliverymechanism included in iTunes for Windows, known as Bonjour. Researchers foundthis flaw being exploited as part of a BitPaymer ransomware campaign that hasbeen targeting US public and private companies for six months. Apple have nowreleased a patch for this vulnerability; we recommend updating your devices assoon as possible.
By NationalCyberSecurity.com
The latestWordPress update has addressed six vulnerabilities, including cross-sitescripting, cache poisoning, unauthorized access and server-side request forgery.These flaws affect versions 5.2.3 and earlier; which have all been addressed in5.2.4. Those who have not yet upgraded to the 5.2 branch can also find updatesavailable for WordPress 5.1.
By SecurityWeek.com
Today,Adobe released a pre-announced out-of-band security update that addresses 82vulnerabilities. Products affected by these flaws include Adobe Acrobat andReader, Experience Manager, Experience Manager Forms and Download Manager. 45of the 82 flaws were rated critical, all of which were present in Adobe Acrobatand Reader and allowed remote code execution. We recommend applying the mostrecent Adobe updates as soon as possible to mitigate the risk of an attack.
By TheHackerNews.com
And that’s it for this week round-up, please don’t forget totune in for our next instalment.
Why not follow us on social media using the links providedon the right.
Edition #63 – 18th October 2019
By
Stuart Hare
on
17/10/19
Welcome to the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security. Following the theme of cyber awareness month, we have included a post on cybersecurity education!
In this week’s round-up:
The firsthalf of 2019 has been difficult for local councils across the UK as theysuffered an average of 800 cyber attacks an hour. This information was takenfrom research into just 201 of the 405 local councils that were contacted. Thenumber of attacks is rapidly increasing, and lack of security is still anissue. Just 13% of councils have a cyber insurance policy in place, meaning themajority of them have no effective recovery process in the event of asuccessful attack. As well as this, of the 114 councils that suffered breachesbetween 2013 and 2018, 56% did not report them out of embarrassment; this callsfor an increase in education for cyber awareness, to both improve security andresponse time if or when a breach does occur.
By Teiss.co.uk
CyberAwareness Month is here, and Cisco want to make the most of it by educating asmany people as they can. One way they are doing this is through free onlinecourses which would be beneficial to those interested in cyber security. Thesecourses can benefit anyone who is unsure of the threat they face online, aswell as those interested in exploring the path in cyber. We recommend takingadvantage of this offer and looking at these as an introduction tocybersecurity; you can never be too safe.
By Cisco.com
EA Sportswere forced to shut down the FIFA 20 Global Series competition registrationprocess after suffering a data leak, which included the personal information ofthose who registered for the event. When a player tried to register, they wereinstead presented with the personal information of those who had alreadyregistered. This incident included the compromise of usernames, emailaddresses, country of residence and date of birth. This occurred on October 3rd;the site has since been closed and the issue has been resolved. EAannounced that the leak affected around 1,600 players, and they are taking thenecessary steps to ensure this doesn’t happen again; despite this, FIFA 20players are demanding compensation on social media.
By Forbes.com
The hackergroup known as Magecart has launched an attack on e-commerce and shopping cartservice provider Volusion; once compromised, the service was used to deliver acredit card-skimming code. Security researchers initially discovered the scamthrough the webstore for the Sesame Street Live! touring show, which runs onthe Volusion e-commerce platform. The site has been taken down until the issueis resolved. Researchers have said that this attack is likely affecting manyother websites using the same platform and advises users to consult the list ofpotentially affected sites included in the original post.
By SCMagazine.com
Microsoft’sOctober 2019 Patch Tuesday has addressed nine critical vulnerabilitiesincluding a remote code execution bug in the Windows Remote Desktop Client.Another four critical memory corruption flaws were also patched in the ChakraScripting Engine, as well as two critical VBScript RCE flaws in the InternetExplorer browser. The final two vulnerabilities addressed in this patch are RCEbugs for the Azure App Service and MSXML parser of XML Score Services. Furtherdetails on these flaws are included in the original post; We suggest updatingas soon as you get the chance.
By Computing.co.uk
A7-year-old critical vulnerability has been found in the macOS terminal emulatorapp, iTerm2. This flaw exists in the tmux integration of iTerm2 and allows anattacker to execute arbitrary code on the user’s Mac computer. Thevulnerability affects all versions of iTerm2 up to 3.3.5 and was recentlypatched in 3.3.6. We recommend updating as soon as possible due to the criticalnature of this vulnerability; you can either check for updates in theapplication or download it manually.
By TheHackerNews.com
And that’s it for this week round-up, please don’t forget totune in for our next instalment.
Why not follow us on social media using the links providedon the right.
Edition #62 – 11th October 2019
By
Joshua Hare
on
10/10/19
Welcome to the Ironshare Cyber Round-up where we look back atthe events of that last week and cover some of the news, posts, views, and highlightsfrom the world of Security.
In this week’s round-up:
Email spoofing is becoming more of an issue for companies ofall sizes and the best thing we can do is spread awareness. It only takes oneemployee falling for this type of deception for your entire company topotentially collapse, so ensuring everyone understands what to look out for isa big priority. Spoofing methods such as Business Email Compromise is done byimpersonating a user’s email (typically an executive) and requesting somethingfrom the company that seems legitimate; this often results in a massive loss ofmoney for the company affected. This post details the different types ofspoofing and how to be aware of them. We recommend you take a look and educate yourstaff to help protect your business.
By BBC.co.uk
The DCH Health System has reported that a cyber-criminal isrestricting use of their computer systems until a payment is made. Ransomwareis reportedly affecting the operation of three hospitals in Alabama, and thelimitations have forced them to turn away patients. In a separate incident,seven hospitals in Australia have been hit by ransomware, resulting in theircomputer systems being shut down. The loss of patient record, booking andmanagement services has significantly hindered their ability to operate. CyberIncident Response Services for the Australian Government have reportedly had todeal with more than 600 cyber-attacks since July 2018, and the problem doesn’tseem to be getting any better.
By BBC.co.uk
The mobile gaming industry is massive, which makes bigdevelopers like Zynga a prime target for hackers. The company amassed anestimated $671 million in 2018 and is expected to have earned much more by theend of this year. Zynga are responsible for making games such as Farmville,Mafia Wars and Zynga Poker, which are all very popular; one of their morepopular games, Words with Friends, has reportedly suffered a data breachaffecting all players on both Android and iOS. The breach apparently containsthe names, email addresses, login IDs, hashed passwords and connected socialmedia IDs. This breach is massive, and we recommend that any users who haveinstalled this game reset their passwords on all linked accounts to preventfurther compromise.
By Forbes.com
Users of the Jamf Pro management software are being urged toupdate to 10.15.1 as soon as possible. A flaw was recently discovered in thesoftware that could allow an attacker to remotely execute code and delete filesfrom your computer systems. Although no attacks have been reported in the wild,this is still a potentially dangerous vulnerability; however, it only affectsversions older than 10.15.1 so we recommend updating when you can.
By TheRegister.co.uk
Cybersecurity firm, Comodo, has suffered a potential data breach on their forums due to a flaw in the vBulletin software, which the site uses for its forum commenting. This vulnerability appears to have been exploited, resulting in a breach affecting 245,000 registered users. No further details have been disclosed by Comodo however they do recommend an immediate password change for all forum users as a precaution. The firm have apologized for any inconveniences and have confirmed that they are working hard to implement the appropriate security measure to ensure this doesn’t happen again.
By Forums.Comodo.com
Despite the decreased usage of legacy TLS versions, the riskpresented by them is something that Chrome plans to remove entirely. Their planto remove support for TLS 1.0 and 1.1 is said to arrive in Chrome 81. Startingon January 13, 2020, Chrome will begin a pre-removal phase, where a warningwill be issued when accessing a site using these legacy TLS versions. Theseoutdated configurations will no longer be supported from March 2020, and Chromewill begin blocking connections to sites using them. This is all part of alarger plan to improve the overall security of the internet and move into asafer future.
By Blog.Chromium.org
And that’s it for this week round-up, please don’t forget totune in for our next instalment.
Why not follow us on social media using the links providedon the right.
Edition #61 – 4th October 2019
By
Joshua Hare
on
3/10/19
Welcome to the Ironshare Cyber Round-up where we look back atthe events of that last week and cover some of the news, posts, views, and highlightsfrom the world of Security.
In this week’s round-up:
The McAfeeteam has announced its views on the ongoing issues surrounding data leaks. Dataleaks are becoming more common by the day, with the majority going unnoticed. McAfeebelieve that lack of visibility is to blame for the problem; their recentreport revealed that enterprises are unaware of 99% of the exposed instancesthey are running. These instances are typically databases and storage bucketsthat were left accessible to the public on the internet, which makes up a largeportion of the data leaks in recent years. A recent study proved that just 26%of organisations have tools to audit their cloud configurations, meaning themajority of companies have no idea what is happening within their cloudinstances. By simply introducing cloud auditing to an organization, they canknow exactly what needs changing to keep their data secure.
By TheRegister.co.uk
Notorioushacker group GandCrab, who were originally known for building ransomware forother criminals, have reappeared after retiring from their activities earlierthis year. Researchers have been analyzing a new strain of viruses that showsigns of GandCrab’s involvement. Their customized ransomware that they sell toothers, has reportedly hit over 1.5 million machines, including devices locatedin hospitals. This code that appears to have surfaced shares many similaritieswith GandCrab’s old work, including their mistakes. Researchers are notsurprised of the group’s return and remain on the lookout for any further activity.
By BBC.co.uk
A massivesurge of account hijacks has hit YouTube creators over the last few days; thescheme has mainly targeted those in the car review and auto-tuning community,although others have reported issues. The attack was part of a coordinatedcampaign that involved a phishing scheme to lure users into giving up theiraccount credentials. A user who managed to recover their account providedinsight into the attack chain that led to the hijack. It appears that thehackers use phishing emails to gain credentials and use them to access theirgoogle accounts; from there they can re-assign channels to new owners andchange the channel’s custom URL, so it appears the account has been deleted. AsSMS based 2FA was also compromised during these account takeovers its recommendedto move your accounts to 2FA using hardware keys or authentication apps.
By ZDNet.com
Gamedevelopers Blizzard, who created World of Warcraft, have made an announcementfollowing a recent DDoS attack targeting their game service. They revealed thatshortly after the attack, the developers began working with law enforcement tofind the person responsible; it was confirmed that law enforcement havearrested the individual they suspect was behind the attack. Although thehacker’s identity was not disclosed, a twitter account by the name of‘UKDrillas’ claimed responsibility shortly before the attack took place; uponanalysis of the twitter account it appears that the hacker is based in theUnited Kingdom. Another Blizzard title, Overwatch, was also reportedly affectedby the DDoS, however the suspect has since been arrested and the game servicesshould return to normal.
By HotForSecurity.BitDefender.com
Adobe hasreleased updates for the 2016 and 2018 versions of ColdFusion after identifyingthat they are affected by three new vulnerabilities; 1 rated important & 2 ratedcritical. ColdFusion is Adobe’s commercial rapid web-application developmentplatform. The first critical vulnerability is a command injection flaw thatallows an attacker to execute arbitrary code; the second is a path traversalexploit that allows attackers to bypass access controls. The twovulnerabilities were addressed in a recent unscheduled update; Adobe recommendupdating to the latest version of ColdFusion to minimize the risk of an attack.More details on the flaws are included in the original post.
By ThreatPost.com
Its been arough few weeks for Microsoft and Windows users due to the overwhelming amountof severe security issues. As well as the problems that recent Windows updateshave presented, including breaking Windows Defender, warnings have been issuedfor exploits such as weaponized worms and device driver flaws. Among the massof issues is a critical zero-day vulnerability in the scripting engine memoryof Internet Explorer 9, 10 and 11. This remote code execution flaw allows anattacker to corrupt memory and execute arbitrary code in the context of thelogged in user. Most of the issues have been patched, including the flawmentioned above; however, the update does have to be installed manually, so werecommend seeking out updates from the official Microsoft website.
By Forbes.com
And that’s it for this week round-up, please don’t forget totune in for our next instalment.
Why not follow us on social media using the links providedon the right.
Edition #60 – 27th September 2019
By
Joshua Hare
on
26/9/19
Welcome to the Ironshare Cyber Round-up where we look back atthe events of that last week and cover some of the news, posts, views, and highlightsfrom the world of Security.
In this week’s round-up:
A marketinganalytics company was storing a massive amount of sensitive information in an unsecuredopen database, and reportedly included the personal data of the entirepopulation of Ecuador. The leak was discovered by vpnMentor, who revealed thatthe database included records for 20 million individuals, which covers the 16.5million living in Ecuador. The leaked database included records such as fullnames, date of birth, home address, phone numbers and taxpayer IDs. This alsoincludes extensive information on family members, as well as social securitynumbers and vehicle purchases. The amount of information leaked from thisdatabase has researchers questioning how necessary it was for the marketingcompany to store this, and where they obtained it from in the first place.
By ThreatPost.com
Thesoftware hosting service, GitHub, has acquired the code analysis platform knownas Semmle; the idea behind this venture is to assist developers and researchersin discovering critical vulnerabilities and zero-day threats. Semmle offers avariety of tools and products that are capable of investigating and addressingsecurity issues, as well as uncovering vulnerabilities in third-partydependencies. In other news, GitHub has also announced it’s recent role as aCVE Numbering Authority, meaning the company can officially identify new flawsas they are discovered; this can also integrate with Semmle products sincetheir new collaboration.
By TheNextWeb.com
The privatemedical records of 24.3 million patients have been left on unprotected servers,freely accessible on the internet. The leak has exposed records from 52different countries and includes confidential images such as X-rays, CT and MRIscans. The leaked information includes patient names, dates of birth,examination dates; as well as compromising 13.7 million social security numbersfor American patients. Researchers confirmed that they did not have to exploitany software to access the database, all they did was visit a public webpage.The lack of security in place has researchers concerned, especially consideringthe amount of information that was being stored.
By GrahamCluley.com
Security experts have begun issuing warnings regardingcyber-insurance companies. Recently, cyber-insurance companies have beenencouraging ransomware victims to pay the criminals to recover their encryptedfiles, thus funding further criminal activity. Security researchers see this asa huge long-term impact on the cyber-security industry; the wealthier criminalsbecome, the more advanced the ransomware becomes along with them. Despiterequiring more downtime, companies should look to recovering their files frombackups, and use alternate methods instead of paying ransoms, as the long-termeffects could be extremely harmful.
By ZDNet.com
A new spamcampaign has hit Germany that masquerades as a job application, including a pdfclaiming to be a resume; the pdf is actually an executable that installs theOrdinypt Wiper onto the victim’s device and destroys files stored on it.Although this malware destroys files, it is disguised as ransomware andrequests payment; regardless of whether payment is made, the files cannot berecovered. This campaign was first spotted in use on September 11th,2019 and has almost exclusively targeted German speaking users.
By BleepingComputer.com
The well-known password manager, LastPass, has recentlypatched a vulnerability present in browser extensions for Chrome and Opera.This flaw could allow an attacker to steal the username and password of itsvictim, through the ‘fill-in’ feature. The fill-in feature allows a user tosave their login credentials to automatically input their username and passwordfor certain websites. Because of this vulnerability, if a user was to visit amalicious site their login details for the last site visited would be exposed.In practice, there is a lot more steps required to exploit this bug, and it wasnot actively exploited according to security researchers. This bug was patchedin LastPass version 4.33.0, an update which has been automatically applied to allusers’ browser extensions.
By GrahamCluley.com
Emotet, one of the world’s most dangerous botnets and malware droppers, stopped all activity at the start of June 2019; even their command and control sites went inactive. The constantly evolving botnet started out as a banking trojan five years ago and has since then been deemed one of the most prominent threats in cyber security (see our blog post for more info on Emotet). As of September 16th, 2019, the Emotet botnet appears to be active once again; all operations appeared to have resumed, including the dormant command and control site and spam campaigns. Despite the extended break, Talos have ensured that all coverage and protection remain active, and new indications of compromise have been pushed to supported Cisco Security products in response to the revival.
By TalosIntelligence.com
And that’s it for this week round-up, please don’t forget totune in for our next instalment.
Why not follow us on social media using the links providedon the right.
Edition #59 – 20th September 2019
By
Joshua Hare
on
19/9/19
Welcome to the Ironshare Cyber Round-up where we look back atthe events of that last week and cover some of the news, posts, views, and highlightsfrom the world of Security.
In this week’s round-up:
Aninvestigation known as Operation reWired has saw the arrests of 281 suspected criminalsin association with recent Business Email Compromise (BEC) scams. The criminalsare expected to have stolen almost $37 million during the recent scheme.Despite targeting US victims, the majority of arrests took place in Nigeria, aswell as a number of arrests in 9 other countries. The scams primarily targetingemployee email accounts in attempts to compromise them and their businessassociates. The intention of Operation reWired was to send a message tocybercriminals and let them know that they are actively working to prevent BECschemes. Despite the success of this operation, email scams are still a bigthreat, and we advise that everyone should take caution when opening emails.
By GrahamCluley.com
Microsoftare planning to roll out a new feature in October that is designed to enhancehow customers are notified of quarantined malware and phishing attempts. Thenew system allows admins to configure alerts for their users to notify them ofquarantine actions. These steps are being taken to help identify threats muchfaster. By sending notifications to the end-user, admins can easily confirm iflegitimate content is being blocked. As well as this, the update will alsointroduce a new feature called the email timeline, which allows an admin toeasily explore threats through triggered events in a user’s email. These changesare a step in the right direction and should massively improve phishing threathunting in Office365.
By BleepingComputer.com
Mozillahave announced their plans to introduce DNS-over-HTTPS for the Firefox browserstarting at the end of September. The protocol is designed to transferdomain-name queries over a secure HTTPS connection rather than an unprotectedDNS connection. This is intended to protect users and prevent third partiesfrom eavesdropping on and manipulating DNS data. DoH acts as an extra layer ofsecurity to protect users when accessing the internet. The rollout is said tostart late September but is expected to be a slow process and will not beavailable everywhere immediately.
By TheRegister.co.uk
Cybercriminalsare recently showing a lot of interest in macOS systems and attacks arebecoming more and more frequent. Malicious and potentially unwanted programsare becoming increasingly popular the last few years; in 2018 there was over 4million attacks of this nature. In 2019 there has been almost 6 millionphishing attacks targeting macOS users alone; the most common phishing pagesseen are those pretending to be banking services. During 2019, there has alsobeen a number of Adware threats present in various trojans and viruses. Moredetails on the threats present for macOS users are included in the original post.
By ThreatPost.com
A criticalvulnerability in the Exim mail server has been discovered that demandsattention. The flaw has been identified as a buffer overflow in the part of theTLS negotiation connected to Server Name Indication (SNI). Exim is by far themost popular open-source mail server on the internet, making the threat evenmore critical. The flaw was discovered in July 2019 and affects all versionsfrom 4.80 to 4.92.1. Exim admins are advised to update to 4.92.2 as soon aspossible to prevent being affected by this threat. Further details on the flaware included in the original post.
By NakedSecurity.com
In this month’s edition of patch Tuesday, Microsoft havereleased updates for 79 vulnerabilities of which 17 have been classified asCritical, and 2 are actively being exploited in the wild. These include remotedesktop, privilege escalation, remote code execution and denial of servicevulnerabilities. There is also a critical severity Adobe Flash Player flaw thatneeds to be updated as soon as possible. A list of all patches is included inthe original post. We recommend testing and deploying the latest patches assoon as you can.
By BleepingComputer.com
Two denial-of-service vulnerabilities have been discoveredin the NETGEAR N3000 line of wireless routers. The small and affordable devicestypically found in home and small office networks, can be exploited by sendingHTTP and SOAP requests to various functions of the router, causing it to crash.Cisco Talos is working closely with NETGEAR to resolve the issues and ensurethat updates are available to those using the affected products. Furtherdetails on the nature of these vulnerabilities are included in the originalpost.
By TalosIntelligence.com
And that’s it for this week round-up, please don’t forget totune in for our next instalment.
Why not follow us on social media using the links providedon the right.
Edition #58 – 13th September 2019
By
Joshua Hare
on
12/9/19
Welcome to the Ironshare Cyber Round-up where we look back atthe events of that last week and cover some of the news, posts, views, and highlightsfrom the world of Security.
In this week’s round-up:
A recentphishing study has emerged highlighting 43% of small to medium businesses inthe UK have been targets of phishing attacks. Attackers have been seen impersonatingstaff to trick users over the last year. What makes phishing so effective isthe difficulty that security experts have defending against them; all itrequires is a victim being fooled by an attacker’s disguised emails.Researchers have worryingly reported that 66% of these attacks were successfulin carrying out a breach of data. Make sure your users are given awarenesstraining, that helps them identify these threats and avoid opening emails,links or attachments unless you are certain they are safe.
By BetaNews.com
On August30, the Twitter CEO Jack Dorsey’s official account was hacked using theSMS-to-tweet feature; the technique allowed the hacker to post offensive tweetson his account. As a result, twitter has decided to disable the feature untilthe issue can be resolved. This technique has become increasingly popular overthe last two years, but an attack on the CEO has finally sparked a response intoresolving it.
By ZDNet.com
Twocritical vulnerabilities have emerged in the AK-EM 800 food-quality managementproduct that could allow an attacker to compromise the system. Securityresearchers announced that one of the flaws is a backdoor debug tool that wasmade to help the vendor’s support team; because of this it offers highprivileges which can be abused by an attacker. These issues have been patchedthis week and updates are included in the original post. We recommend updatingas soon as possible, if you can’t update immediately look to restricted accessto trusted users.
By ThreatPost.com
An ongoinghacking campaign has been affecting WordPress users since July and doesn’t seemto be slowing down. The campaign started out redirecting visitors to malicioussites but has since evolved into something much worse. Attackers appear to betaking advantage of compromised third-party plugins to gain access to theirvictim’s sites. This allows them to install backdoors and create administratoraccounts from within to exploit the site. A list of all compromised plugins isincluded in the original post; if you are using any of them, please take thetime to check for updates to mitigate the risk of an attack.
By Forbes.com
PopularWebcomic Platform, XKCD, has suffered a massive data breach, compromising theaccount details of 562,000 of its users. The breach included usernames, emailaddresses, IP addresses and hashed passwords. The leak was discovered by asecurity researcher and the forum has since been taken down until XKCD canensure it is secure. Users of the online forum are strongly recommended tochange the passwords of all accounts linked to their email address to mitigatethe risk of an attack
By TheHackerNews.com
A new remote authentication-bypass vulnerability has beenclassified as the highest possible severity and given a 10 out of 10 on the CVSSscale. The bug resides in the REST API interface of multiple Cisco routers, allof which are included in the original post. The vulnerability allows a remoteattacker to bypass authentication and take complete control of a target router.Fortunately, the REST API interface is not enabled by default, so only usersthat have manually enabled it are at risk. The bug was patched in the mostrecent Cisco software release which is included in the original post. Please besure to update as soon as possible.
By ThreatPost.com
Microsoft has recently released more updates for criticalRemote Desktop Protocol security flaws, which were classified as ‘wormable’,meaning it can spread between systems without user interaction. Microsoftstrongly recommends that all organisations update their systems as soon aspossible and apply the necessary patches to mitigate the risk of an attack. Alist of all vulnerabilities is included in the original post. If you are a Ciscocustomer the post includes ways to defend against these threats using Firepowerservices.
By TalosIntelligence.com
And that’s it for this week round-up, please don’t forget totune in for our next instalment.
Why not follow us on social media using the links providedon the right.
Edition #57 – 6th September 2019
By
Joshua Hare
on
5/9/19
Welcome to the Ironshare Cyber Round-up where we look back atthe events of that last week and cover some of the news, posts, views, and highlightsfrom the world of Security.
In this week’s round-up:
Antivirusdeveloper, Avast, recently joined forces with French law enforcement to takedown Retadup’s command and control servers, which were found to be located inFrance. Avast malware analysts discovered a flaw in the server’s communicationprotocol that they used to take it over. The exploit allowed them to instructthe malware to delete itself from the victim’s computers; researchers revealedthat in doing so, 850,000 computers were disinfected. 85% of the infectedcomputers were located in Latin-America, 35% of which were in Peru. Avastdiscovered during this takeover that the malware had evolved into acryptomining scheme, but they are unsure exactly how much money the group made.
By ZDNet.com
A group ofhackers with ties to the Chinese government have been seen attempting to stealmedical research, specifically cancer research, from US institutions; US-basedcybersecurity firm, FireEye, has reported multiple attacks targetingcancer-related research. Chinese corporations are trying desperately to controlcosts in the healthcare industry, which is a good motive to target westernmedical research. Being the first to supply new drugs allows them to setstandards and control the market. Smaller companies, despite not being the bestin the industry, are perfect targets due to their reduced security. Thehealthcare industry holds the second-highest number of breaches in recent years,and is becoming increasingly popular for state-sponsored hackers competing inthe pharmaceutical market.
By TechNewsWorld.com
Magecart groups,who were behind the attacks on Ticketmaster and British Airways, have hitagain; this time they’re targeting eCommerce sites running outdated plugins.The hacker affiliation has taken advantage of 80 major eCommerce sites who wereall running a vulnerable version of the Magento plugin. The group uses avirtual credit-card skimmer that steals card information from within a webapplication; this information is typically sold on the black market. The namesof the companies affected by this attack have not been disclosed to the public,but the organisations have been informed so that they can update their sites.
By ThreatPost.com
A newphishing campaign has begun causing trouble and people are having difficultyspotting it. The idea of phishing is to look legitimate to the victim, which iswhat this new campaign excels at. Attackers are using Microsoft’s 365 loginpage with the target’s company branding included. As well using a seeminglybenign login page, the attackers are also hosting their phishing pages usingMicrosoft’s Azure cloud storage. Almost everything about these attacks seemperfectly normal, and they are reportedly still active. Always be careful whenopening emails unless you are certain they are safe.
By BleepingComputer.com
Imperva, apopular internet firewall services provider, have disclosed news of a databreach which is said to include the email addresses, scrambled passwords, APIkeys and SSL certificates of a large portion of its customers. Reports suggestthat the breach only affects those using the company’s cloud-based WebApplication Firewall, Incapsula. Using the exposed data, an attacker couldreportedly reduce the security of a sites traffic and essentially whitelistthemselves; this would give them the freedom to openly attack the websitewithout interruption. Imperva released a list of mitigation steps for Incapsulausers to protect them from the threat of the breach; these steps are includedin the original post.
By KrebsOnSecurity.com
Google have discovered a high severity vulnerability in theChrome browser that demands immediate attention. The flaw exists in Blink,Chrome’s open-source browser engine, and could allow a remote attacker toexecute arbitrary code on a target computer and potentially bypass themachine’s security restrictions. For the flaw to be exploited, a user mustvisit, or be redirected to, a crafted web page from which the attacker canremotely access the victim’s computer. This vulnerability affects version76.0.3809.132 and earlier. Users are advised to update to the latest version toprotect against this exploit.
By ThreatPost.com
Researchers have discovered an ongoing campaign that isactively exploiting a number of WordPress plugin vulnerabilities. Traffic tothe victim’s websites are being redirected to a variety of potentially harmfullocations with the help of these exploits. The flaws allow an unauthenticatedvisitor to send AJAX requests to modify the site’s settings; this is how theattacker redirects the traffic. WordPress announced that updates for allaffected plugins are now available and recommend applying these updates as soonas possible. A list of all affected plugins is included in the original post.
By ThreatPost.com
And that’s it for this week round-up, please don’t forget totune in for our next instalment.
Why not follow us on social media using the links providedon the right.
Edition #56 – 30th Aug 2019
By
Joshua Hare
on
29/8/19
Welcome to the Ironshare Cyber Round-up where we look back atthe events of that last week and cover some of the news, posts, views, and highlightsfrom the world of Security.
In this week’s round-up:
Every day, attackers attempt 300 million fraudulentsign-ins. This number is constantly increasing, meaning the need for cybersecurity is going up with it. Despite this, there is one simple action you cantake to drastically improve your account security and keep your informationsecure. We all know that no matter how much you try to enforce good password practice;people always use the simplest passwords. MFA is the solution to this. MultiFactor Authentication applies an added layer of security to your accounts andasks for a randomly generated code from an app on your smartphone; this meansthat even if your password is cracked, an attacker would also need your phoneto access the account. MFA is easier to use and implement than you think, soget securing your accounts today.
By Microsoft.com
On August 16, a coordinated ransomware attack was launched against 23 local government organisations in Texas. Officials have confirmed that no state networks were affected by the attack and they have not yet disclosed if the agencies have paid the ransom. The Texas Department of Information Resources revealed that the ransomware came from a single source and they are still investigating the origin of this attack. This is the biggest coordinated ransomware attack we have seen to date that targets multiple local governments; however, it is not the first. Ransomware has been particularly prominent this year, and this is just another example of the threat affecting all types of organisations. Check out our Blog covering the dangers of ransomware and how to recover.
By ArsTechnica.com
Earlier this year, Google released a new Chrome extensioncalled Password Checkup, which was designed to tell users if their credentialshad been leaked from website databases. Security researchers have analysed theresults of the extension and revealed that out of 21 million accounts, 1.5% oflogins were performed using compromised credentials. The researchers monitoredthese results for a 28-day period, during which over 300,000 users logged inusing leaked usernames and passwords; worryingly 26% of these users ignored thewarnings issued by the extension. It is believed that users are not actingbecause they either don’t believe the risk, don’t have control of their accountor because they are unsure how to reset their password. If you receive awarning regarding leaked credentials, we recommend resetting your password;never assume you’re accounts are safe.
By TheRegister.co.uk
Apple has accidentally reverted patches for a recentvulnerability. The latest version of iOS, 12.4, has reintroduced a flaw thatmakes jailbreaking up to date iPhones much easier. We have not seen a publicjailbreak scheme on iPhones for years, but this recent mistake from apple hascaught people’s attention. The dangerous part is that if a device is vulnerableto jailbreaking, it can be hacked just as easily. The jailbreak code has notbeen publicly released to avoid Apple patching it; reports have shown exploiteddevices selling for millions of dollars. Until this is patched again in thenext update, we recommend caution when downloading apps, as the likeliness ofthem being malicious is much higher than usual.
By Vice.com
Fortnite’s huge global player base makes it the perfecttarget for attackers. A recent ransomware campaign, known as Syrk, has beenaffecting users everywhere. This ransomware attack was built using toolsavailable on the internet and works by disguising itself as an aimbot cheat forthe game. Players who download the hack will have their files encrypted untilpayment is made. It was revealed that Syrk is the popular ransomwareHidden-Cry. Hidden-Cry is known for how quickly it deletes files afterencrypting them, and how simply they are deleted. Victims can possibly recovertheir deleted files by following the instructions in the original post. Werecommend avoiding all cheats available online, to minimise the risk of beingvictim to these attacks.
By Cyren.com
A backdoor was intentionally placed in Webmin, a Unix administration tool. The backdoor allowed anyone who knew about it to completely take over the target device and execute commands as root. The backdoored version of Webmin was available on the official site for over a year, before being publicly disclosed during the DEF CON 2019 security conference. Affected versions include version 1.890, 1.900 and 1.920. Although 1.890 was the primary version affected by this vulnerability, the other two were found with almost identical backdoor code. The vulnerabilities were addressed in Webmin v1.930 and Usermin v1.780. If you are using Webmin its time to review and update.
By ThreatPost.com
Bitdefender researchers have recently discovered aworm-cryptominer that uses a supply chain attack and is delivered via aPotentially Unwanted Application known as DriveTheLife. The attack works bymoving laterally and using a variety of unpatched vulnerabilities and advancedtools to compromise victims. The interesting thing about this cryptominer isthat it pauses itself if it detects a game running in order to avoid detection.Detailed analysis is included in the original post, including how the attackworks and a list of indicators of compromise.
By BitDefender.com
And that’s it for this week round-up, please don’t forget totune in for our next instalment.
Why not follow us on social media using the links providedon the right.
Edition #55 – 23rd Aug 2019
By
Joshua Hare
on
22/8/19
Welcome to the Ironshare Cyber Round-up where we look back atthe events of that last week and cover some of the news, posts, views, and highlightsfrom the world of Security.
In this week’s round-up:
An 18-year-oldstudent has discovered multiple vulnerabilities in the software used by 5,000schools. Two common pieces of software, Blackboard and Follett, contain seriousbugs that allowed the teenager to access over 5 million records, includingstudents and staff. The Blackboard breach alone compromised 24 categories ofdata, including phone numbers, bus routes, passwords, photos, student gradesand immunisation records. The teenage hacker stated that he managed toaccomplish this with very limited access, which supports his statementregarding the poor state of cybersecurity in education software. The teenpresented his findings at Defcon last week and proved that something needs tobe done about the lack of consideration for cybersecurity.
By TechCrunch.com
BlackBerryCylance’s AI-based antivirus has been easily bypassed by security researchers,who managed to trick it into thinking that the WannaCry ransomware is benign.The researchers have developed a “global bypass” for Cylance’s machine-learningalgorithm that can be used with almost any malware; the method involves takingstrings from a non-malicious file and simply adding them to the malicious one.In this case the researchers used an online gaming program. The idea of anAI-based antivirus is that once trained, it will not require constant updating,however after this discovery the company may have to completely retrain thesystem.
By Vice.com
Securityresearchers have discovered a serious data breach of the Suprema BioStar 2biometric security database, which contains the plain-text usernames andpasswords, fingerprints and facial recognition data of over 1 million users.The breach allowed attackers to take over user accounts and replace biometricdata with their own, which could potentially grant access to secure areas.BioStar is used by a over 5,700 major companies, including the UK MetropolitanPolice, this puts into perspective the severity of this breach. Suprema havenot yet commented on the breach but have confirmed they will take immediateaction to remediate the issue.
By BBC.co.uk
A 20-year-old bug has been discovered in the legacy windowsprotocol, Microsoft CTF. CTF is part of the Windows Text Services Framework andmanages keyboard layouts, input methods and other things such as textprocessing. The protocol also communicates with other Windows services freelywithout proper authentication; for this reason, the flaw has been rated‘important’. This vulnerability allows an attacker to escalate privileges tocompromise a machine, however it does require the attacker to have a local usersession. Despite this, the exploit cannot grant initial access to the machine.More details included in the original post.
By ThreatPost.com
Ransomware can affect any internet-connected device, notjust a computer, and this recent outbreak of attacks targeting Canon DSLRcameras is all the proof you need. Vulnerabilities in Canon’s Picture TransferProtocol can be exploited by USB or WiFi to seize control over a target camera.Security Researchers confirmed that the exploit allows an attacker to install amalicious firmware update onto the camera without any user interaction from thevictim. This firmware can be modified in some cases to encrypt the files on thedevice and request a ransom to recover them. There is currently only an updateavailable for the EOS 80D model, patches for other models will be availablesoon.
By TheHackerNews.com
Microsoft’s patch Tuesday for August hit this week and hasaddressed a total of 97 vulnerabilities, 31 of which were critical threats. Thesevulnerabilities include remote code execution flaws in Remote Desktop Protocoland Microsoft Outlook. Details on all the addressed vulnerabilities areincluded in the original post.
By Blog.TalosIntelligence.com
A zero-day vulnerability in the Windows version of the Steamclient has been published by a security researcher. The vulnerability has beenidentified as a privilege-escalation bug and gives an attacker the ability torun any desired program with the highest level of access. Researchersdiscovered that symbolic links can be used to force the computer into launchingany service or executable. In some circumstances the exploit can run WindowsInstaller, which can be used to deploy malicious code. This vulnerabilityaffects any Windows device that has the Steam client installed. Valve have nowreleased a patch for this flaw, and we advise updating as soon as possible.
By ThreatPost.com
And that’s it for this week round-up, please don’t forget totune in for our next instalment.
Why not follow us on social media using the links providedon the right.
Edition #54 – 16th Aug 2019
By
Joshua Hare
on
15/8/19
Welcome to the Ironshare Cyber Round-up where we look back atthe events of that last week and cover some of the news, posts, views, and highlightsfrom the world of Security.
In this week’s round-up:
The USgovernment has extradited a man following a criminal scheme targeting AT&T.Until September 2017, the attacker had been paying large sums of money toAT&T employees to unlock cellphones, remove them from the network andinstall malware onto the network. The staff were found and bribed using Facebookand telephone, one of which received $428,500 over a 5 year period to carry outthe criminal acts. It is believed that the company lost more than US $9.5million over the course of the malicious campaign. This is a strong reminder ofthe damage that can be caused by insider threats / rogue employees.
By HotForSecurity.BitDefender.com
A malicious WordPress plugin called WP Security has been recently been discovered; it has been spotted targeting blog posts and encrypting them, making the content unreadable. This is the first time a plugin has been seen targeting specific posts. Security researchers have said that encrypted blog posts can be recovered from a database backup. WordPress website owners are advised to update all plugins and reset their database passwords to mitigate the risk of these threats. In addition, ensure your WP site is secure and always do a thorough review of any plugin before installing.
By ThreatPost.com
A new ransomware threat has hit Android devices and couldbecome a serious problem. The ransomware spreads through malicious linksdropped in forum posts and SMS messages; once the device is affected, theattacker can then use the victim’s contact list to spread the malware further.Once the ransomware app has been downloaded from the link and the files areencrypted, deleting the app will result in your stolen files being encryptedindefinitely. Security researchers have said that the ransom for files haveonly been around $100-200, however if the attackers were to target biggergroups, the threat could become very serious. Android users are advised to downloadapplications exclusively from the Google Play store, and avoid random links inforums and SMS messages.
By Infosecurity-Magazine.com
A path-traversal vulnerability in Microsoft’s Remote DesktopProtocol has been discovered that that leaves Azure users vulnerable toattacks. The flaw has been marked as a medium-level vulnerability that impactsMicrosoft’s Hyper-V tool. The flaw was found in February and affects allversions of Windows from Windows 7 to 10. The exploit could potentially allowan attacker to install programs as well as change or delete data. A patch forthis vulnerability was released in Microsoft’s July Patch Tuesday update. Moredetails included in the original post.
By ThreatPost.com
Cisco has released several updates for their 220 smallbusiness series switches after 3 critical vulnerabilities were found in the products.The first is CVE-2019-1912 allows authentication bypass, the second isCVE-2019-1913, allows remote code execution and the third is CVE-2019-1914, acommand injection flaw. The vulns exist in the web-based management interfaceof the 220 switch and can be used to completely take over a vulnerable device, whilealso replacing firmware or installing malware. If you are running Cisco 220 switches,please get updating, but if updating quickly is difficult, this can be easily workedaround by temporarily disabling the HTTP/S server.
By ZDNet.com
Millions of android devices have been exposed to hackingfollowing the discovery of a series of critical vulnerabilities. Thevulnerabilities are currently known as QualPwn and exist in the WLAN and modernfirmware of Qualcomm chipsets that are used in many android devices. Theseflaws are present in both smartphones and tablets and can be chained with therecently discovered Linux kernel driver flaw to completely take over the targetdevice. Google released patches for these vulnerabilities in the August editionof its Android Security Bulletin. It is highly recommended that Android users updatetheir devices, as soon as possible.
By TheHackerNews.com
And that’s it for this week round-up, please don’t forget to tune in for our next instalment.
If you have any recommendations for additional content, or things you would like to see covered then please let us know.
Why not follow us on social media using the links providedon the right.
Edition #53 – 9th Aug 2019
By
Joshua Hare
on
8/8/19
2017 was officially dubbed the cyber year of Ransomware, which all started with the WannaCry outbreak in May of that year. WannaCry was estimated to hit approximately 200,000 devices in 150 countries and had a major impact on the UK National Health Service (NHS).
WannaCry was the first Ransomware to include worm-based behaviour, spreading itself automatically and infecting other devices; thus making it a devastating piece of malware.
At this point, little did we know that an even moredevastating attack was just around the corner. Less than two months later inJuly 2017, the Nyetya ransomware emerged and made WannaCry look small fry.
Nyetya (aka NotPetya) took it to another level with itsdestructive nature. Not only could it manually move throughout the network likeWannaCry and encrypt files, but it also cleared event logs and deleted datafrom the infected device’s hard drive, making it unrecoverable. Nyetya became thefirst wiper ransomware seen in the wild.
One of the biggest victims of Nyetya was the shipping giantMaersk, who lost $300 million to the recovery of the ransomware attack. Theattack shut down Maersk operations for several weeks, closing over 70 portterminals around the world.
In 2018 we saw a downturn in the amount of ransomwareattacks in the wild, as we witnessed a significant rise in a new threat, the CryptoMining malware. This trend away from ransomware was short lived and it never wentaway completely.
At the halfway point in 2019, ransomware has put itself firmlyback on the map as one of the largest threats in cyber security today. With anapproximate 300% rise in ransomware attacks against business this year, itappears that it’s here to stay.
Ransomware is a type of malicious software (malware) that infects vulnerable machines, with a goal to encrypt a user’s files, making the data unusable and holding it to ransom.
A ransom note is copied to the machine and instructs thevictim how to contact the attackers and pay the ransom.
Attackers typically expect to be paid with a crypto currency,such as Bitcoin, in order to cover their tracks and by paying the ransom thevictim hopes to gain access to the decryption keys which will allow them torecover their files.
Unfortunately, this is not always the case, leaving victimswith a hole in their bank balance and complete loss of their data.
Although the ransom fee charged by the attacker for thedecryption keys can be large, it can pale into insignificance when compared tothe cost associated with recovery from a ransomware attack and the potential lossof business.
We mentioned above the huge cost to Maersk, but morerecently two US cities have become victims of attack. Here we saw two differentscenarios with different outcomes.
Riviera Beach City Council faced a $600,000 ransom demand, withthe City of Baltimore facing a demand of $76,000. Riviera decided to pay the ransomand use their cyber insurance to help, while Baltimore decided not to pay theransom. Baltimore have since confirmed that they expect this attack to costthem over $18 million in revenue loss and recovery efforts.
If you are not securing your business and you are not properlyprepared, the ability to recover quickly and effectively from a disaster orsecurity event will be both difficult and costly. Like the Baltimore attack, thecost could significantly outweigh the original ransom demand.
Preparation and prevention are the best defence against aransomware attack. Follow some fundamental principles to help protect yourorganisation.
So, you failed to prevent an infection, first of all, don’tpanic quite yet, you still have options.
Below are a few resources that can help to both identify thevariant of ransomware and search for available decryption tools that canprevent you from contacting the attackers and paying the ransom.
It’s worth mentioning at this point that not all ransomwarehas a free tool to decrypt your files.
No more ransom is an initiative driven by Europol’s EuropeanCyber Crime unit, the National High Tech Crime Unit of the Netherlands andMcAfee, to help victims of ransomware to recover their files without paying thecyber criminals.
No more ransom contains a raft of decryption tools forcertain versions of known ransomware variants.
https://id-ransomware.malwarehunterteam.com/
ID Ransomware is an online service provided by the MalwareHunterTeam and developed by Michael Gillespie (aka DemonSlay335). Like No more ransom, ID Ransomware can be used to identify which version of ransomware you have been infected with, through a sample or a copy of the ransom note.
The service can currently detect over 740 different variantsand has an option to notify you by email if more information or decryptorsbecome available.
In addition, the MalwareHunterTeam and Demonslay335 twitter feeds are great informational resources. They are also a good method to contact the guys directly if you need more info or you are struggling to identify your infection.
https://twitter.com/malwrhunterteam
https://twitter.com/demonslay335
Alternatively, security firm Kasperskyhas launched its own site that hosts several decryption tools for known versionsof ransomware. Although not as completeas the previous two resources it’s worth noting as it may provide info in thefuture not available elsewhere.
If all else fails and you have got this far with no progressits big decision time. You’re in last resort territory, and have a couple ofoptions remaining:
Some people will disagree with this option, but paying theransom is still valid, and maybe your only option if the data lost is criticalto the running of your business.
That said paying the ransom is never a recommended option and should only ever be used a last resort. By giving in and paying up, you are funding the attackers so they can continue their malicious activities, while also opening your business up to further attacks.
As soon as the attacker knows you’re willing to pay, youbecome an easy repeatable target and should expect future attacks. Withransomware attacks its likely the attacker had access to your network so couldhave left backdoors in place for access later.
We appreciate this may be the only option for some, butplease think long and hard before paying up.
Alternatively, if the data lost is not business critical to youand you can survive without it, you should consider taking the hit.
This may include accepting that the data is lost anddeleting the encrypted files, or better still rebuild your infected systems andrestart from scratch.
Again, this in most cases is a difficult last resort decision, but it should always be considered. If the data or system is not business critical, then don’t take the risk of contacting the attackers and paying the ransom unless absolutely necessary.
Ransomware attacks continue to rise, especially in the businessarena.
The key to dealing with a ransomware attacks is to prepareand protect your business, so you can avoid a successful attack in the firstplace. Act on enforcing the items mentioned above, to increase your overallsecurity and reduce the likelihood of malware infection.
If you do not have the right capabilities in house it isstrongly recommended that you engage a specialist security company to assist youwith investigating the root cause of the attack, as well as helping you to recover.
Understanding how the attack happened will allow you to close the holes that the attacker used to get in and identify if any backdoors have been left in place, allowing them to return and launch another attack.
Don’t immediately assume that the attack was launched using email; although this is a very common method, companies that assume this quickly become victim of a follow-on attack, as they miss the real gap in their security.
And finally ensure that you are performing offline backups of your data so you can avoid your backup copies from being encrypted by the ransomware too.
By
Stuart Hare
on
4/8/19
[tm_pb_section admin_label="section" transparent_background="on" allow_player_pause="off" inner_shadow="off" parallax="off" parallax_method="off" custom_padding="|20px||20px" disabled="off" disabled_on="off|||" make_fullwidth="off" use_custom_width="off" width_unit="on" make_equal="off" use_custom_gutter="off"][tm_pb_row admin_label="Row"][tm_pb_column type="4_4"][tm_pb_text admin_label="Glossary Intro Text" text_orientation="left" use_border_color="off" border_color="#ffffff" border_style="solid"]
Cyber Security is a complex place to live in, it is an ever-evolving landscape of challenges, that changes on a daily basis, and is difficult for the seasoned professional to keep up with. Just keeping up with and understanding the acronyms and terms associated with Cyber can be daunting.With this in mind we have put together this Cyber Glossary that provides an A to Z list of the common terms you might come across in your security travels. Each term comes with a brief and simple explanation to help you with your understanding.Enjoy![/tm_pb_text][/tm_pb_column][/tm_pb_row][tm_pb_row admin_label="row" make_fullwidth="off" use_custom_width="off" use_grid_padding="on" width_unit="on" custom_padding="|||25px" padding_mobile="off" allow_player_pause="off" parallax="off" parallax_method="off" make_equal="off" parallax_1="off" parallax_method_1="off" vertical_alligment_1="start" responsive_laptop_1="inherit" responsive_tablet_1="inherit" responsive_phone_1="inherit" order_laptop_1="1" order_tablet_1="1" order_phone_1="1" column_padding_mobile="on"][tm_pb_column type="4_4"][tm_pb_toggle admin_label="A - Access Control -> Availability" title="A : Access Control to Availability" open="on" use_border_color="off" border_color="#ffffff" border_style="solid" title_font_size="28" title_text_color="#093485"]
Controls which users are granted access to certain resources, and prevents access to users who are not entitled to them
A set of step-by-step instructions to be followed, usually by a computer, in order to solve problems and perform calculations.
Software that detects potentially malicious activity and helps stop and remove it, typically based on signature files.
Short for Application, software available on a smartphone and tablet.
Actor who controls malicious software to intentionally exploit computer systems, typically to steal or destroy information.
The process of gathering and analysing assets to ensure they follow policies and aren’t vulnerable to security breaches.
The process of confirming your identity to determine who you are and whether you are allowed to access the requested resources.
After authentication, this is the process of approving or giving permission to, someone or something that has requested access to a resource.
The need to ensure that resources are available to those who need them, and that the requirements for the business purpose can be met.[/tm_pb_toggle][tm_pb_toggle admin_label="B : Backdoor to Byte" title="B : Backdoor to Byte" open="off" use_border_color="off" border_color="#ffffff" border_style="solid" title_font_size="28" title_text_color="#093485"]
A tool installed onto a computer by an attacker that gives them easy access to the system after being compromised. Bypasses any interaction with security precautions on the system.
Used as a measurement of data passing through a communication channel in a certain amount of time.
Short for Binary Digit. The smallest unit of data for information storage.
A list of applications, that users are not allowed to run in an organisation. Typically includes software on a computer that prevents users from installing any of the blacklisted applications.
A network of computers connected to the internet that are infected with malicious software. Used to coordinate cyber-attacks without consent from the owner.
The act of data and resources being affected or accessed by someone without authorisation.
A software application that provides services and information from the web/ internet server.
An automatic process that tries to discover passwords and access data through trial and error, entering a huge number of combinations one by one.
A policy employed by an organisation that allows employees to use personal devices for work purposes.
An exploit which involves an attacker spoofing a corporate email account and pretending to be that employee or executive. Often used in financial fraud, they use the employee’s position to attempt to trick users into opening malicious attachments, or to obtain money from employees, customers or partners of the company.
Short for Binary term. Important unit of computer storage, typically equivalent to 8 bits.[/tm_pb_toggle][tm_pb_toggle admin_label="C : Certificate to Cyber Security" title="C : Certificate to Cyber Security" open="off" use_border_color="off" border_color="#ffffff" border_style="solid" title_font_size="28" title_text_color="#093485"]
Digital identification for a computer or user that confirms they are who they say they are. Also allows for the secure exchanging of information.
Also known as the CIA triad. The cornerstone of Information Security that includes Confidentiality, Integrity &Availability.
An algorithm used for encrypting and decrypting files.
A service that allows for shared storage and resources, typically hosted on the internet rather than locally.
A group of computers that are connected together, and are capable of sharing and exchanging data.
The need to ensure that private information is only available to those who have authorisation to access it.
A small file shared between a website and the browser on the user’s computer. Stores information regarding the user’s activity on the website, allowing the website to remember user preferences when in use.
A threat that changes the system without the owner’s consent/knowledge and alters its data.
A reactive security measure that prevents and blocks intruders from accessing a computer system.
A type of cyber attack that involves using large volumes of stolen or leaked login credentials (usernames and passwords) to perform large scale automated login attempts against online systems or services.
Information that verifies a users identity. This can be a username, password, token or certificate.
A digital currency used to securely make payment transactions, without the use of central banking systems. Strong encryption techniques are used to transfer funds and ensure the units of currency are generated correctly.
The solving of mathematical problems in order to decrypt the transaction data from a block of cryptocurrency. Whoever solves the problem first is able to authorise the transaction and receives a certain amount of cryptocurrency themselves.
An attempt to gain unauthorised access to a computer system or network to damage, steal or change information or data.
The protection of computer systems, networks and information from theft or damage.[/tm_pb_toggle][tm_pb_toggle admin_label="D : Data at Rest to Dropper" title="D : Data at Rest to Dropper" open="off" use_border_color="off" border_color="#ffffff" border_style="solid" title_font_size="28" title_text_color="#093485"]
Data that is stored in external storage, such as hard disks and other removable devices.
One of the three states of digital data. Is either information that travels over a public network, or data that travels securely through a private network.
A technique used to analyse existing data and information in order to produce new information that appeals more to an audience.
The process of converting encrypted data into its original, readable form.
When a user is prevented from accessing a service that they are authorised to use; typically done by overloading that service with a large amount of requests.
A brute force attack in which the attacker uses common words and phrases to guess passwords. Usually known dictionary words.
Any trace of digital information that is left behind by a user’s online activity.
A digital code that is present on electronic documents, to verify the senders identity.
The act of preventing use of a computer system by flooding it with data from a collection of individual computers, all at the same time. Similar to DoS, however it is coordinated by multiple computers, rather than one.
Also known as a Drive-by download. When a virus or malicious software is unintentionally installed onto a device without the user’s knowledge.
A type of malware designed to harm a target system by carrying and installing another malicious program onto it.[/tm_pb_toggle][tm_pb_toggle admin_label="E : Email Account Compromise to Exploit" title="E : Email Account Compromise to Exploit" open="off" use_border_color="off" border_color="#ffffff" border_style="solid" title_font_size="28" title_text_color="#093485"]
An exploit in which an attacker gains access to a user’s email account, using it to monitor or intercept communications or send email as the victim. This is often used in financial fraud scams.
The process of making a message unusable and unreadable by any unauthorised users using a mathematical function.
An abbreviation used to describe any portable device that is connected to an organisation’s network. Typically, smartphones, tablets, laptops and desktops.
To use resources or data for purposes other than its intended use, or to take advantage of something that is vulnerable.[/tm_pb_toggle][tm_pb_toggle admin_label="F : Fingerprint to Firewall" title="F : Fingerprint to Firewall" open="off" use_border_color="off" border_color="#ffffff" border_style="solid" title_font_size="28" title_text_color="#093485"]
A small string of data that corresponds to a larger computer file, and can be used to identify it, much like a human fingerprint.
A security measure on a computer that controls what is and isn’t allowed access to a network. Can be hardware or software.[/tm_pb_toggle][tm_pb_toggle admin_label="G : Gateway" title="G : Gateway" open="off" use_border_color="off" border_color="#ffffff" border_style="solid" title_font_size="28" title_text_color="#093485"]
A network device that is responsible for acting as an entry or exit point between different networks.[/tm_pb_toggle][tm_pb_toggle admin_label="H : Hacker to Hyperlink" title="H : Hacker to Hyperlink" open="off" use_border_color="off" border_color="#ffffff" border_style="solid" title_font_size="28" title_text_color="#093485"]
Someone who uses computer skills to gain unauthorised access to a computer system or network.
A fake computer system or network that is designed to attract attackers. The system uses this attack to learn from it and defend against it in the future.
A computer that has full access to the other computers in the same network, and can give information or resources to them. The host of a network is a network node that is also assigned a network address. Any device that has a connection to a network is a host.
Hypertext Transfer Protocol; is the primary protocol used in the world wide web that tells the web server how to respond to the users request.
Hypertext Transfer Protocol Secure. Appears in the first part of a URL, HTTPS is a more secure variant of HTTP.
An object on a document, usually a word, phrase or image, that can be clicked on to direct the user to either another document, or a specific location in a document.[/tm_pb_toggle][tm_pb_toggle admin_label="I : Identity Theft to IP Address" title="I : Incident to IP Address" open="off" use_border_color="off" border_color="#ffffff" border_style="solid" title_font_size="28" title_text_color="#093485"]
A type of online fraud in which an attacker uses malware or social engineering techniques to steal someone’s personal information with the intent of impersonating them.
A breach of a systems security rules, which can include malicious activity, making changes to the system without the owner’s consent, or gaining unauthorised access to the system.
The risk of legitimate users participating in malicious activity that damages a system they have been given access to.
The potential for everyday and household objects to connect to the internet; typically, televisions, fridges, cameras etc.
A unique form of identification that allows networks / the internet to identify computer systems. The traditional format of an IP Address is IPv4, which is a 32 bit address, and appears in a sequence similar to the following: 172.16.254.1. Each number represents an 8 bit binary value.[/tm_pb_toggle][tm_pb_toggle admin_label="M : Macro to Mitigation" title="M : Macro to Mitigation" open="off" use_border_color="off" border_color="#ffffff" border_style="solid" title_font_size="28" title_text_color="#093485"]
A piece of software that can perform tasks without user control in certain applications. This can be abused by an attacker to access an unauthorised system.
A malware attack that is disguised and delivered by an advertisement.
Short for malicious software. Any kind of software that negatively changes or damages a computer system. This includes viruses, trojans, worms, ransomware etc.
Security Measures put in place by a user to minimise the risk of an attack.[/tm_pb_toggle][tm_pb_toggle admin_label="N : Network to NIDS / NIPS" title="N : Network to NIDS / NIPS" open="off" use_border_color="off" border_color="#ffffff" border_style="solid" title_font_size="28" title_text_color="#093485"]
A collection of more than one computers that are connected and share resources.
A security measure in a network that detects and examines traffic flow within the network, to detect and prevent vulnerabilities from being exploited. Typically works as a secondary layer of security behind a systems firewall.[/tm_pb_toggle][tm_pb_toggle admin_label="O : Online Fraud" title="O : Online Fraud" open="off" use_border_color="off" border_color="#ffffff" border_style="solid" title_font_size="28" title_text_color="#093485"]
Also known as internet fraud. Refers to any kind of fraudulent activity that is committed online. The most common types of online fraud are Phishing and Spoofing; other scams include identity theft and credit card fraud.[/tm_pb_toggle][tm_pb_toggle admin_label="P : Patching to Platform" title="P : Patching to Platform" open="off" use_border_color="off" border_color="#ffffff" border_style="solid" title_font_size="28" title_text_color="#093485"]
The process of updating software to fix issues and vulnerabilities and improve its functionality.
A cyber-attack that involves firing commonly used passwords at an online system or service to try access a large number of accounts.
Short for penetration test. A test designed for a computer system or network that searches for any vulnerabilities, so they can be fixed or improved.
An incident where a user enters a web address, but is instead directed to a different, unauthorised website.
An email sent to a massive amount of users, rather than a specific target, that tricks a user in an attempt to discover personal, important or confidential information.
The software and hardware that an application is running on.[/tm_pb_toggle][tm_pb_toggle admin_label="R : Ransomware to Router" title="R : Ransomware to Router" open="off" use_border_color="off" border_color="#ffffff" border_style="solid" title_font_size="28" title_text_color="#093485"]
Malware that prevents the target from accessing or using their computer system until they pay the attacker. Typically includes the malicious encryption of a compromised users files.
The act of addressing an issue or vulnerability and repairing or changing it.
A reaction in regard to an incident or security event.
A potential exposure to danger or vulnerabilities present within a system.
A process that discovers potential risks and decides how serious they are.
Also known as a gateway. A network device that sends data packets to other computer networks.[/tm_pb_toggle][tm_pb_toggle admin_label="S : Security Policy to Switch" title="S : Security Policy to Switch" open="off" use_border_color="off" border_color="#ffffff" border_style="solid" title_font_size="28" title_text_color="#093485"]
A set of rules specific to an organisation that states how they provide security for their client’s and employee’s sensitive information.
The part of a computer system that responds to user requests and provides a service in return.
A mechanism that allows a user to connect to services such as files and printers on other systems across a network.
A system used by businesses that allows users to access applications that are hosted by the business over the internet. This is a cloud-based system.
The process of securely removing and erasing data from a systems memory, through either electronic methods or physical destruction.
A method used in which internet traffic is redirected to a chosen destination. This is used by law enforcement to take down a highly malicious service, or by security professionals to capture and analyse malicious traffic.
Similar to the Sinkhole above but used for malicious intent. An exploit in which a sinkhole is used to launch an attack, that denies access to a service. Also known as blackhole attack.
Similar to phishing, however the attacker uses text messages rather than email.
The act of manipulating a user to perform certain actions that benefit the attacker.
Also known as Unsolicited Bulk Email (UBE), Spam is the sending of a large amount of unwanted emails, or junk mail, to a user/users; typically including advertisements and commercial content.
A form of phishing that targets a specific person by pretending to be someone the user knows.
The act of gaining unauthorised access to a computer system, by sending messages to that computer, that appear to be coming from a trusted host.
A smart network device for creating local networks, that tracks a host’s MAC address, mapping it to the attached port and ensures that data is only forwarded to the specific destination host.[/tm_pb_toggle][tm_pb_toggle admin_label="T : Threat to Two-Factor Authentication (2FA)" title="T : Threat to Two-Factor Authentication (2FA)" open="off" use_border_color="off" border_color="#ffffff" border_style="solid" title_font_size="28" title_text_color="#093485"]
Anything that has the potential to breach a computer system or security policy, usually to cause harm.
A form of malware that disguises itself as legitimate software in order to harm the user’s computer system.
A security measure that means the user must use two separate forms of identification to access data. This is usually their standard password as well as a second randomly generated token password. Also known as multi-factor authentication (MFA). Single factor relates to 'something you know' while two factor relates to 'something you know & something you have'.[/tm_pb_toggle][tm_pb_toggle admin_label="U : Unprotected Share to User" title="U : Unprotected Share to User" open="off" use_border_color="off" border_color="#ffffff" border_style="solid" title_font_size="28" title_text_color="#093485"]
A type of share that allows any user to connect to the devices and systems, without any need for consent. Also referred to as Anonymous Access Share.
Any person or organisation that accesses or utilises a computer system or network.[/tm_pb_toggle][tm_pb_toggle admin_label="V : Variant to Vulnerability" title="V : Variant to Vulnerability" open="off" use_border_color="off" border_color="#ffffff" border_style="solid" title_font_size="28" title_text_color="#093485"]
A new type of malware that is a modified version of existing malware. Often confused with Zero-day malware.
A type of malware that replicates and multiplies itself in order to overwhelm the security measures.
An encrypted connection to private network that is connected over a public network (such as the internet). Can be used to safely share private and sensitive data with other users without being monitored by unauthorised users.
A weakness in a computer system that an attacker can exploit to gain unauthorised access and cause harm.[/tm_pb_toggle][tm_pb_toggle admin_label="W : Water-Holing to Whitelisting" title="W : Water-Holing to Whitelisting" open="off" use_border_color="off" border_color="#ffffff" border_style="solid" title_font_size="28" title_text_color="#093485"]
Setting up an illegitimate website to exploit any visiting users.
A process that responds to HTTP requests made by users and directs them to the corresponding website.
A form of targeted phishing that is directed at senior executives, typically disguised as a legitimate email. Similar to spear-phishing.
The authorisation of applications that can be used by an organisation to protect their systems from other harmful applications.[/tm_pb_toggle][tm_pb_toggle admin_label="Z : Zero-day to Zombie" title="Z : Zero-day to Zombie" open="off" use_border_color="off" border_color="#ffffff" border_style="solid" title_font_size="28" title_text_color="#093485"]
The term used to describe the day a new threat or vulnerability is discovered, before it is known to antivirus & security companies, meaning there may not yet be any solution to protect against it.
A computer connected to the internet that has been compromised by an attacker, which can be used to perform malicious tasks. Also refers to each individual device of a botnet. The owner of a zombie is usually unaware that the device has been compromised.[/tm_pb_toggle][/tm_pb_column][/tm_pb_row][tm_pb_row admin_label="Row"][tm_pb_column type="4_4"][tm_pb_text admin_label="Last update" text_orientation="center" use_border_color="off" border_color="#ffffff" border_style="solid"]Last updated: 1st August 2019[/tm_pb_text][/tm_pb_column][/tm_pb_row][/tm_pb_section]
By
Joshua Hare
on
1/8/19
Welcome to the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
While publishing this weeks edition we realised that amazingly, it has been a year since we first released the Cyber Round-up. Its format has evolved since the early editions, and hopefully like us you feel that it continues to improve.
Happy reading!
In this week’s round-up:
Major credit card issuer, Capital One, has suffered amassive data breach compromising the personal data of about 106 million US and Canadianusers; the company revealed that the stolen data included names, addresses andphone numbers of its customers. It was reported that the breach was possiblebecause of a configuration vulnerability in the company’s infrastructure, whichwas discovered on 19th July. Following the hack, the attacker wasfound boasting about the breach on social media and has since been arrested;this is believed to be one of the biggest data breaches in banking history.
By BBC.co.uk
North Carolina county was recently hit by a business emailcompromise scam, which resulted in the theft of $1.7 million. The emailappeared to be from Virginia-based Branch and Associates; it claimed to havechanged their bank details and requested that payments be sent to the newaccount instead. The scam resulted in a total of $2,504,601 on 21 December2018. The Bank of America was able to recover some of the stolen funds, but$1.7 million remains missing. The money stolen was supposed to be used to builda new high school in the county, but this project has since been halted.
By HotForSecurity.BitDefender.com
Credential stuffing is becoming a bigger threat every dayand maybe even more popular than phishing attempts. Credential stuffinginvolves using stolen or leaked usernames and passwords from previous breachesto brute-force a user’s account. In the last 18 months, content deliverynetwork Akamai Technologies has detected around 3.5 billion credential stuffingattempts, half of which targeted financial services. Despite the recentincrease in security, financial institutions can’t detect every attack thrownat them; since they are such a big target for criminals, detecting attacks iscrucial.
By TheRegister.co.uk
A wealth of information has been disclosed by a publicly accessibledatabase belonging to the automotive powerhouse Honda. Their recent delight ofFormula 1 wins and podium finishes will have been dashed, by the news that 134million documents containing 40GB’s of data had been left exposed to theinternet. The data contained details of their IT assets as well as employee information.Unfortunately, the bad news didn’t stop there, and alongside the assets, was in-depthinformation on the company’s security software and patching levels, which is atreasure trove to attackers. Honda worked immediately to secure their systemsand thanked the researcher for their efforts and reporting the vulnerability.
By BleepingComputer.com
The viral photo-morphing app, FaceApp, has been collectinguser’s Facebook friend list data, despite having no need for it. Researchershave spent a lot of time trying to discover why the app would need this kind ofdata but were unsuccessful. When asked, the FaceApp developers responded sayingthe data was collected for a social media voting feature that was discontinued,however this does not explain why the data is still being collected. Since theapp is unnecessarily asking for permissions, we advise avoiding downloading it.
By TheHackerNews.com
A new zero-day flaw in the total donations plugin has leftWordPress sites vulnerable to hackers; who could potentially steal data, andeven hijack the website. This vulnerability has been actively exploited, and itwas confirmed that all versions of this plugin are affected by the flaw.Researchers received no reply when they contacted the plugin’s developers, andit has not been updated since 2016; this could mean that total donations hasbeen abandoned, and there may not be an official patch. To protect against thisexploit, we recommend you remove the plugin from your website and find asupported replacement. Details on the nature of the exploit are included in theoriginal post.
By TrendMicro.com
Google Project Zero’s white hat hackers have recentlydisclosed details for 4 major iOS security vulnerabilities, which wereaddressed in iOS 12.4 update. The flaws include a memory corruption issue, aSiri exploit, and two iMessage exploits. A fifth flaw was also discovered buthas not yet been shared because the patch did not fully address it. Details onall the disclosed vulnerabilities can be found in the original post.
By SecurityAffairs.co
And that’s it for this week round-up, please don’t forget totune in for our next instalment.
If you have any recommendations for additional content, or things you would like to see covered then please let us know.
Why not follow us on social media using the links provided on the right.
Edition #52 – 2nd Aug 2019
By
Joshua Hare
on
1/8/19
Welcome to the Ironshare Cyber Round-up where we look back atthe events of that last week and cover some of the news, posts, views, and highlightsfrom the world of Security.
In this week’s round-up:
Deliveroo users have recently had their accounts hacked andsold by dark web dealers for prices as small as £5. Hackers are using logindetails from previous mega-hacks and various phishing techniques to obtain auser’s credentials to sell online. Victims have been reporting unusual amountsof food being ordered from their accounts, with one order coming to £450. Asignificant number of account thefts have been reported recently, mostly inLondon. Many users have complained about the slow response from Deliveroo andare unhappy that they are simply deleting the compromised accounts. Theydisclosed that they were working hard to address the issue, using fraudprevention software, but no solution has been presented yet.
By Forbes.com
TV giant Sky has sent a notification to its customerswarning them that their passwords had been reset following an incident thathappened last week. After customers reacted with confusion to the email, Skyresponded saying that they occasionally reset passwords to keep accounts safe.The incident they referred to appears to be a potential breach of Sky email accounts,which indicated that unauthorised access had been identified. However,information regarding the nature of the incident has not yet been fully disclosed.This has not affected all of Sky’s customers, but a researcher has confirmedthat the customers contacted did not have their accounts breached. Sky respondedwith what they were they consider best practice account management and resetthose accounts they believed were affected.
By Forbes.com
Lancaster University is working to secure its systemsfollowing a recent data breach. Stolen data included phone numbers, IDdocuments and records of a small number of students. The data stolen wasreportedly linked to those who applied in 2019 and 2020. Officials announcedthat the stolen data was being used to send fake invoices to victims anddescribed the attack as sophisticated and malicious. The university announcedthat those who were affected will be contacted with advice.
By BBC.co.uk
Phishers have a new method of infiltrating people’s Office365 accounts, and it all starts with a fake email that appears to be fromMicrosoft. The email contains a link to a fake Office login site, where thevictim can enter their credentials; if login credentials are entered correctly,they are captured by the attacker before redirecting the victim to the officialOffice 365 dashboard, to avoid any suspicion regarding the breach. However, ifcredentials are entered incorrectly, a seemingly real error page is shownasking to login again. This method is unlike anything previously seen, as itfocuses on masking the truth from the victim, even after compromising theiraccount. Microsoft recommends enabling Multi Factor Authentication to mitigatethis threat.
By HelpNetSecurity.com
American Express card holders are being targeted by a newphishing campaign, in which attackers send a fake email to a victim, posing asan account update. The hyperlink then redirects to a malicious site. What makesthis method seem legitimate is its use of an embedded “base href” URL; thisalso hides its intent from security tools and anti-virus. The attack does notjust target consumers however, actual credit cards, membership reward accounts,merchant accounts and American Express @Work accounts are all at risk. Theattackers behind this campaign are taking many precautions to disguise themalicious site, these methods are discussed in more detail in the originalpost.
By Sesin.at
A recent malicious advertising campaign has been activelyexploiting WordPress plugin vulnerabilities to launch attacks. The most recenttarget was the ‘Coming Soon Page and Maintenance Mode’ plugin, which is presenton over 7,000 sites. The flaw allows an attacker to inject code into the targetwebsite, giving them the ability to display popup ads and even redirectvisitors to malicious sites disguised as tech support. The biggest flawtargeted by this campaign is the Yellow Pencil Visual CSS Style Editor plugin,which has over 30,000 installs. These vulnerabilities were recently disclosedby WordPress and, although patches have been released, those using versionsolder than 1.7.8 are still at risk.
By ThreatPost.com
Apple’s latest patch addresses recent vulnerabilities iniOS, MacOS, Safari, watchOS and tvOS. The update includes a total of 37 fixes,including patching for a few high severity vulnerabilities. One major flawallowed an attacker to authorise purchases without unlocking the phone usingthe wallet app. The patch also resolved a bug that allowed a Walkie-Talkieconnection to be active during a call without the user’s knowledge. More detailson this patch are included in the original post. If your devices are not set toautomatically update then we encourage you to update the latest patches as soonas you can.
By TheRegister.co.uk
And that’s it for this week round-up, please don’t forget totune in for our next instalment.
Why not follow us on social media using the links providedon the right.
Edition #51 – 26th July 2019
By
Joshua Hare
on
25/7/19
Welcome to the Ironshare Cyber Round-up where we look back atthe events of that last week and cover some of the news, posts, views, and highlightsfrom the world of Security.
In this week’s round-up:
After the recent surge of phishing attempts using MS Forms,Microsoft is introducing a new automatic phishing detection feature aimed atsuppressing the growing issue. The feature which is expected to be releasedthis month, works by detecting any dodgy redirections to landing pages,password boxes and more. This allows Microsoft to detect a phishing attempt,regardless of how convincing the content seems. In the unlikely event that aphishing attempt is not detected, users can now manually report a form orsurvey that they believe to be malicious. The introduction of these securitymeasures is Microsoft’s first step towards making all of Office 365 much safer.
By TechNadu.com.
A recent cyber-attack on the Bulgarian tax agency hascompromised the personal data of nearly all adults in the country. Followingthe breach, one of the hackers sent an email to the media containing an offerof access to the stolen data; the email also mocked the Bulgarian government’scyber-security standards. Authorities have arrested a 20-year-old man forsuspected involvement but are still investigating the possibility of othersbeing involved. The government has warned that anyone attempting to exploit thestolen data “would fall under the impact of Bulgarian law”.
By BBC.co.uk.
A security researcher has discovered a severe vulnerabilitythat could allow your Instagram account to be taken over by an attacker. Theresearcher discovered that Instagram requests a six-digit code when you getlocked out of your account, which can be sent to either your phone number oryour email. If a hacker could somehow gain access to a user’s email address,they would be able to recover the code. However, a much more effective methodwas discovered that could allow an attacker to gain access without emailaccess. Instagram’s rate limiting mechanism can be bypassed by sending requestsfrom different IP addresses. This would allow an attacker to brute forcesomeone’s account. The researcher chose to disclose information of this flaw toInstagram privately, to avoid people publicly exploiting it.
By HotForSecurity.com.
A recent bug has been reported that could allow someone toeavesdrop on you using the Apple Watch’s Walkie-Talkie app. Apple has notprovided details on how the bug works and have disabled the application until afix is available. The bug was reported to Apple through the ‘report avulnerability’ portal. Apple has apologised for any inconvenience, since thisis the second snooping bug Apple has suffered this year, the last one being inFaceTime. There is currently no fix for this vulnerability, and no timeline hasbeen released as to when it will be patched.
By NakedSecurity.com.
A new attack has been discovered that allows a bad actor tocapture loudspeaker data by taking advantage of the Android Accelerometer. Theaccelerometer is a hardware-based motion sensor in most Android devices, thatcan be accessed from any application with no permissions. Since the loudspeakeris on the same surface as the motion sensors, an attacker can intercept itsdata whenever the victim starts a phone or video call using speaker mode,allowing them to eavesdrop on their calls. This exploit has been namedSpearphone by researchers. The original post includes full details on theattack, and also details some mitigation techniques, however no official patchhas been released yet.
By TheHackerNews.com.
A remote attacker could potentially bypass authentication ofan affected system by exploiting a new vulnerability that exists in the RESTAPI interface of Cisco Vision Dynamic Signage Director. By sending a speciallycrafted HTTP request to an affected system, the attacker can execute actionswith administrative privileges through the REST API. This is due toinsufficient validation of HTTP requests. Unfortunately, the REST API isenabled by default and cannot be disabled, however Cisco have released a freepatch for the vulnerable software that can be found in the original post. It isalso important to note that this vulnerability only affects Cisco VisionDynamic Signage Director.
By Cisco.com.
A critical vulnerability has been disclosed in the popular CMS, Drupal v8.7.4 which allows an access bypass condition to be created when the experimental workspaces module is enabled. Disabling the Workspaces module prevents this flaw from being exploited, however Drupal advise updating to 8.7.5 if you are using the vulnerable version of this product. Please note that 8.7.4 is the only version affected by this vulnerability, and older versions are still safe. Further details on updating this product are included in the original post.
By Drupal.org.
And that’s it for this week round-up, please don’t forget totune in for our next instalment.
Why not follow us on social media using the links providedon the right.
Edition #50 – 19th July 2019
By
Joshua Hare
on
18/7/19
No results found.
