Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
Ragnar Locker Group Warn Victims to Avoid Police Contact
The Ragnar Locker group are well known for their constant presence in the world of ransomware. One of their more interesting tactics is to warn victims against contacting law enforcement, claiming that they will leak data immediately. The group’s official announcement states “we will consider this as a hostile intent and we will initiate the publication of whole compromised Data immediately”. Avoiding the involvement of police or recovery agencies ensures that they can continue to freely commit cyber crimes without disruption; is calling the police worth the risk? Or should you just pay the ransom?
By GrahamCluley.com
McDonald’s Leak Passwords to Monopoly Winners
An issue in McDonald’s annual Monopoly VIP game has caused all customer usernames and passwords to be sent to its winners. This means that those who redeem their prizes via email will also receive a list of credentials from the Monopoly database. McDonald’s have stated that they “take data privacy very seriously” and assured everyone that their information has not been compromised.
By BleepingComputer.com
500,000 Fortinet VPN Account Passwords Leaked
A hacker has reportedly leaked the usernames and passwords of around 500,000 Fortinet VPN accounts, which were gathered from exploitable devices last year. This was made possible by a vulnerability that has since been patched, however it is believed that the majority of the credentials are legitimate. The actor responsible for this leak is simply known as ‘Orange’ and is an admin on the RAMP hacking forum, where the credentials were posted. Fortinet admins are advised to perform a forced reset of all passwords, as well as checking for signs of an intrusion. It also wouldn’t hurt to ensure you have installed all of the latest patches.
Here is a list of all victims of the Fortinet leak.
By BleepingComputer.com
Netgear Patch Authentication Bypass Flaw
Netgear, who are known for selling networking devices and equipment, were contacted recently regarding a newly discovered vulnerability affecting their switches. The vulnerabilities, which have been named Demon’s Cries, Draconian Fear and Seventh Inferno, reportedly allow an attacker to bypass authentication and change passwords for admin accounts. Demon’s Cries is the most severe of the three, with a CVSS rating of 9.8 out of 10. These flaws were addressed in Netgear’s latest patch; we advise applying this update as soon as possible.
A list of affected switch models can be found here.
By TheRecord.media
New Zero-Day Attack Uses Weaponised Office Documents
On Tuesday, Microsoft disclosed details of a zero-day vulnerability in Internet Explorer that allows an attacker to take over Windows systems. This attack targets Windows users and takes advantage of weaponised Office Documents, including Word, Excel and PowerPoint. The default configuration for Office is to open documents from the web in Protected View; if these settings have been changed you are likely at risk. A fix is expected to arrive in the next Microsoft Patch Tuesday.
By TheHackerNews.com
Zero-Day Authentication Bypass Found by Zoho
Zoho have released an emergency patch addressing a newly discovered zero-day vulnerability that could allow an attacker to bypass authentication and execute arbitrary code remotely. This flaw exists in the ManageEngine ADSelfService Plus and affects all version up to 6113; it was also confirmed that active exploits have been observed in the wild.
If you wish to learn more, you can find the official Zoho advisory here.
By SecurityWeek.com
And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #157 – 10th September 2021
Why not follow us on social media:
By
Joshua Hare
on
10/9/21
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
The well known Ragnarok ransomware has been active since 2019 and has been one of the biggest threats of the last couple of years, however they appear to have stopped all operations and retired. They have since released a universal decryption key that is available for anyone who may have fell victim to their past campaigns. Bleeping Computer were sceptical about this decryption key, but after investigating it, they were able to confirm it “will unscramble victim’s data”. The group left with little to no explanation, but we can be glad that one more threat group has stepped away from cybercrime.
By BitDefender.com
Reports have come in from the first and second quarters of 2021, showing a 288% increase in ransomware when compared to 2020. This shows that organisations of all sizes are more at risk than ever before, especially in the US where 49% of all ransomware victims were during Q2. Christo Butcher of the NCC Group stated that “no organisation in any sector is safe from ransomware today”, this is something that is ignored by many who believe they are too insignificant to be targeted; we advise all businesses to be prepared for the event of a cyber attack or data breach.
By InfoSecurity-Magazine.com
DeFi platform, Cream Finance, has become the latest victim of cybercrime, with the attackers stealing almost $29 million before being detected. The firm recently announced that they have “stopped the exploit by pausing supply and borrow on AMP” and confirmed that no other markets were affected. It appears the attack exploited a reentrancy bug, allowing the hackers to continuously “re-borrow assets during transfer”.
More details on this can be found here.
By ThreatPost.com
The TP-Link router, which is very popular product sold by Amazon, is currently being shipped with vulnerable firmware and is “plagued by security problems”. ‘Amazon’s Choice’ router currently averages 150 million sales per year and features outdated firmware and potentially even pre-installed backdoors. Owners of the TP-Link AC1200 Archer C50 (v6) router are encouraged to install the latest firmware updates as soon as possible, as their devices are likely at risk.
By CyberNews.com
A new vulnerability has been discovered in the Azure Cosmos DB and allows any Azure user to gain full administrative access in another customer’s instance. This flaw is especially dangerous since it does not require authorisation and does not yet have a fix. Remediation steps have been released which we advise everyone follows; these include replacing your Cosmos DB’s primary keys and reducing network exposure of your accounts by limiting access.
By Wiz.io
Back in August, two vulnerabilities were discovered in the Gutenberg Template Library & Redux Framework plugin. The Wordfence team found that these flaws allow the installation of arbitrary plugins by a user with low privileges and access sensitive configuration information without authentication; it appears that these issues are affecting more than 1 million WordPress sites worldwide. Patches are available for the affected plugin, which we advise all users to apply as soon as possible.
By Wordfence.com
A new high severity vulnerability in Microsoft Exchange Server was discovered recently, allowing attackers to bypass authentication and view employee emails. The flaw also allows the attacker to add forwarding rules to victim’s mailboxes, intercepting their incoming emails. This was patched by Microsoft pretty quickly and we advise applying the latest update to ensure you are protected.
By Portswigger.net
And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #156 – 3rd September 2021
Why not follow us on social media:
By
Joshua Hare
on
2/9/21
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
T-Mobile announced this week that they had suffered a data breach, exposing the personal details of more than 40 million current and former customers. The leaked data included social security numbers, dates of birth, driver’s licenses, and ID information; it was also confirmed that around 850,000 phone numbers and account PINs were exposed. As a precaution, T-Mobile are recommending that all customers change their account PINs online.
By KrebsOnSecurity.com
A recent survey from My1Login found that almost two thirds of their employees have been reusing passwords for both personal and work accounts, despite receiving security awareness training. Reports suggest that this issue is inflated specifically in the healthcare and education sectors, where password reuse rates were as high as 94 and 91%. We encourage all people to use unique passwords for their accounts and if you have difficulty remembering them, password managers such as LastPass or Dashlane are worth looking into.
By BitDefender.com
Last week, we spoke about the crypto-thief that stole $600m worth of cryptocurrency from Poly Network. Since then, the hacker has grown a conscience and come forward to start refunding the stolen currency out of the blue. Poly Network recognised this as “white hat behaviour” and has offered the individual $500k as a bug bounty. It appears though the hacker “won’t accept the bounty, and may instead send back the rest of the digital dosh”.
By TheRegister.com
A security researcher recently discovered a flaw affecting Valve, which would allow users to add unlimited funds to their Steam wallets. This bug was very easy to exploit, with users only having to change their account’s email address to work it. This was patched very quickly with the assistance of the researcher.
More details on this exploit can be found here.
By ThreatPost.com
A newly discovered botnet named HolesWarm appears to have been growing since June, targeting Windows and Linux servers. More than 20 known vulnerabilities are being exploited to infect the target machines and deploy cryptomining software. This has primarily been seen operating in China but reports from Tencent suggest that the botnet will soon “expand its reach, and target systems across the globe.”.
By TheRecord.media
A new critical vulnerability has been found in FortiWeb’s management interface, that may allow a remote authenticated attacker to execute arbitrary code. This command injection flaw was given a CVSS score of 8.7 and is reportedly related to CVE-2021-22123. A fix is expected to be released by the end of august; until then, you can find remediation techniques here.
By Rapid7.com
And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #155 – 20th August 2021
Why not follow us on social media:
By
Joshua Hare
on
19/8/21
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
The NCSC have announced their new plans to help in the fight against phishing and scams, by allowing people to report websites they believe to be fake or operated by cybercriminals. This feature enables the NCSC to investigate the potentially malicious sites and take them down accordingly. We strongly encourage everyone to use this new feature on the NCSC website, as it allows everyone to play their part in fighting back against the criminals.
If you think you have stumbled upon a malicious website, you can submit the link or URL for investigation here.
By NCSC.gov.uk
One of the largest cryptocurrency heists ever occurred recently, with $600M being stolen by criminals. This heist targeted Blockchain site Poly Network and was made possible by an undisclosed vulnerability. With decentralised finance attacks at an all time high, this theft has been labelled as a ‘major economic crime’ by law enforcement. Not much more is known at this point in time, but a warning was issued to the thieves via twitter to “establish communication and return the hacked assets”.
By BBC.co.uk
USA Waste-Management Resources recently disclosed information on an incident regarding the data privacy of current and former employees. Suspicious network activity was flagged back in January and appears to have led a breach of personal information. After a thorough investigation by the firm, it was found that names, social security numbers, taxpayer ID, bank account details and more were accessed by an unauthorised individual. Waste Management Resources have posted a statement saying they are taking the incident very seriously and have included some steps that those impacted can take to protect their personal information.
More details can be found here if you wish to learn more.
By WM.com
Fortune 500 company, Accenture, has become the most recent victim of the LockBit ransomware gang. The attack occurred this week, with the criminals prepared to leak the stolen files, although Accenture claim they were able to “quickly contain” the incident; despite this, the stolen files were still uploaded to the LockBit gang’s site. The company confirmed that they were able to fully restore their systems and are back to being fully operational. It is still unknown how the criminals were able to gain access.
By TheRecord.media
A new ransomware detection feature will be arriving soon for Azure customers; this new feature will alert security teams when actions “potentially associated with ransomware activities” are observed. This includes action such as defense evasion and specific timeframe execution. This is another huge step in the right direction for Microsoft in terms of security, and it will be interesting to see what other features we might be getting in the future.
More details from Microsoft can be found here.
By ZDNet.com
Following REvil’s massive ransomware attack that targeted Kaseya VSA remote management, a universal decryption key was obtained for their affected customers. This key was recently leaked on hacking forums, allowing researchers to view it for the first time. It has since been confirmed that this decryptor is exclusive to victims of the Kaseya attack and will not work for others affected by an REvil attack. No one really understands why the decryptor was posted on a hacking forum, but it is believed that the poster was associated with the ransomware gang and wasn’t a victim themselves.
By BleepingComputer.com
A new vulnerability has been discovered in Arcadyan routers, that are used in many homes worldwide. This critical flaw allows a remote attacker to bypass authentication and is being actively used by a Mirai botnet to perform DDoS attacks. Abuse of this flaw has escalated dramatically just two days after public disclosure, which is why we highly recommend updating your router as soon as possible.
By TheHackerNews.com
Microsoft have released their monthly batch of security updates for august and it includes fixes for 44 vulnerabilities. This patch addresses seven critical flaws, including remote code execution vulnerabilities in Windows TCP/IP, Remote Desktop Client, and Windows Print Spooler; there are also 37 flaws considered important. This is only the second time this year that a Patch Tuesday has featured less than 50 vulnerabilities. As always, we recommend applying the latest updates as soon as possible to ensure you and your devices are protected.
By Tenable.com
And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #154 – 13th August 2021
Why not follow us on social media:
By
Joshua Hare
on
12/8/21
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
A recent cyberattack severely disrupted operations of the Iranian Train System, with their websites and railway system being heavily impacted. It is currently unknown which group was behind the attack, but it was confirmed that a newly discovered reusable wiper malware called Meteor was responsible. The principal threat researcher claims that they were “able to recover most of the attack components”, despite a lack of IoCs. The fingerprints found in the investigation did not link to any known threat actors. A new strain of wiper malware is not what any of us want to see.
By TheHackerNews.com
A decryptor for the increasingly notorious ransomware, Prometheus, has finally arrived. CyCraft Technology Corp have been putting in the work recently to understand the malware and have found a way to recover their customer’s encrypted files.
This article contains a guide on how to use the decryption tool, as well as more information on how it works. CyCraft’s GitHub, as well as a direct download, can be found here.
By Medium.com
A new phishing campaign has been seen circulating, that uses SharePoint File-share requests to lure their victims in. Typically, the victim will receive an email from what appears to be a colleague and will encourage them to click a fake SharePoint link that redirects to a phishing site. This is a widely used campaign in current times and is targeting many enterprise and business customers that use SharePoint.
Telltale signs for spotting this campaign can be found here, as well as some additional guidance.
By ThreatPost.com
The NSA and CISA have collaborated on a new 59-page report, which details the technical guidance for hardening Kubernetes clusters. Kubernetes was designed to allow administrators to deploy IT resources in an easy way, however, it has proven difficult for admins to execute this deployment in a secure way. This new hardening guide should help eliminate the confusion of configuring Kubernetes, allowing for increased security without compromising the easy deployment.
By TheRecord.media
The experts at Wiz recently published their research into a simple loophole in DNS, that allows anyone to intercept worldwide DNS traffic travelling through providers such as Amazon or Google. Presenting their findings at the Black Hat conference, they stated that there is “no way of knowing whether the loophole has already been exploited”, and that “Anyone could have collected data undetected for over a decade”. The research confirms that Amazon and Google have released fixes for this issue, but other DNS providers may still be at risk.
By Wiz.io
14 vulnerabilities were recently found in a common TCP/IP library used in Operation Technology devices; these OT devices are manufactured by more than 200 different vendors. This collection of 14 vulnerabilities is being referred to as INFRA:HALT and is said to be affecting more than 6,400 OT devices that are exposed online.
A list of all 14 flaws, as well as more details on the discovery, can be found here.
By TheRecord.media
Cisco have released updates for the vulnerabilities existing in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers. These flaws could allow an attacker to remotely execute arbitrary code and commands, and also cause denial of service. We advise updating your devices as soon as possible to ensure that you are protected.
By Tools.Cisco.com
And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #153 – 6th August 2021
Why not follow us on social media:
By
Joshua Hare
on
5/8/21
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
The UK police’s national fraud reporting service has been in use for many years, but recently thousands of victims have filed complaints about the system. These complaints, along with an investigation by The Times, has led to the reporting service being scrapped, with an “improved national fraud and cybercrime reporting system” said to be replacing it.
More details on the failure of the Action Fraud service can be found here.
By TheTimes.co.uk
Over the last few years, ransomware has grown into an “international crisis”, with large business, and even entire healthcare systems being crippled by attacks. One of the biggest problems surrounding ransomware is that the victims that pay ransoms are simply funding future attacks, while the threat actors suffer little consequence. Many security experts have criticised the payment of ransoms, with some even calling for it to be banned; it is unclear whether this is the right decision or not, although it would certainly limit funding to cybercriminals, it wont resolve the ransomware problem.
Tarah Wheeler and Ciaran Martin (the ex-head of the NCSC) discuss these point in the linked article.
By Brookings.edu
A new Android malware has been discovered that appears to abuse device accessibility services to steal user credentials. This basic credential stealing malware has since grown into an entire botnet known as UBEL, which appears to be the return of the SMS delivered malware, Oscorp. The goal of this malware is to install itself onto a device, disguise itself as a service, recruit the device into a botnet and use it to distribute malicious SMS messages.
More details on this can be found here.
By TheHackerNews.com
President Biden recently spoke out about the growing issue of severe cyberattacks, specifically those that cause “disruption to the real world”, suggesting that “if we end up in a war, a real shooting war with a major power, it’s going to be as a consequence of a cyber breach of great consequence”. Biden is also calling Russia and China the ‘USA’s Partners’, as he calls for them to work in partnership on tackling existing threats.
By BleepingComputer.com
Proof-of-Concept code was recently published for a Windows OS security flaw, labelled PetitPotam, that could allow a remote attacker to force authentication and takeover the target system. This is done by sending “SMB requests to a remote system’s MS-EFSRPC interface”, thus forcing the machine into the authentication procedure; the details shared in this procedure allow the attacker to gain remote access. It is believed that this flaw mostly affects supported versions of Windows Server; mitigation techniques can be found here.
By TheRecord.media
Biometric Authentication Vendor, IDEMIA, recently published fixes for a number of security flaws, one of which allowed remote attackers to hijack biometric devices and open doors. This vulnerability affects the VisionPass facial recognition device, and SIGMA fingerprint terminal, as well as the Morphowave and MorphoAccess fingerprint devices. Users of these authentication systems are advised to update their devices as soon as possible, to ensure they are protected against this major security flaw.
By TheRecord.media
Owners of iPhones, iPads and Apple Macs are being urged to update their devices as soon as possible, after the emergence of a zero-day vulnerability that is being actively exploited in the wild. This zero-day could allow an attacker to remotely execute arbitrary code with kernel privileges. With attackers already actively abusing this exploit, your Apple devices are at risk of an attack; we strongly recommend patching immediately.
By BitDefender.com
And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #152 – 30th July 2021
Why not follow us on social media:
By
Joshua Hare
on
29/7/21
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
A data leak containing more than 50,000 phone numbers was recently found, that revealed an “extensive misuse” of Israeli company NSO Group’s Pegasus spyware. The military grade spyware was being abused to survey journalists and lawyers all across the globe. Pegasus is now being investigated, and the Amnesty International Secretary-General has called it a “weapon of choice for repressive governments seeking to silence journalist”. This completely contradicts NSO’s statement that illegal use of the spyware is limited to rogue groups. The French President, Emmanuel Macron, was also identified as one of the targets of the Pegasus misuse.
More details on this can be found here.
By TheHackerNews.com
Saudi Arabian Oil Giant, Saudi Aramco, were recently hit by a ransom / extortion attack, in which their data was leaked, and the culprits demanded $50 Million to have the data deleted. The data being held by the attackers (who are yet to be identified) were reportedly stolen from a third-party contractor that had access to a “limited amount of company data”. It was confirmed by Aramco that the breach did not affect their systems and had no impact on operations. They stated that "the company continues to maintain a robust cybersecurity posture”.
By APNews.com
Instagram are in the process of rolling out a brand new security feature, designed to help users secure their compromised accounts. Usually, if a hacker finds their way into your account, you may not know how to get rid of them; that’s where the Security Checkup tool comes in. Security Checkup will deliver a prompt to your device whenever a suspicious login attempt is detected; this then leads to a step-by-step guide on securing your account. This is a big step forward for the app, and we are excited to see what else Instagram have planned to further improve account security.
By TheRecord.media
On Friday, Microsoft received a court order, allowing them to seize control of 17 domains used in a West African Business Email Compromise (BEC) Campaign. This campaign was targeting Office 365 customers, which put them on Microsoft’s radar resulting in this successful takeover. This was Microsoft’s 24th legal action against cybercriminal activity, adding to their long list of contributions to the cybersecurity world.
By TheRecord.media
Northern rail’s self-service ticket machines have been out of service for a week now, following a crippling ransomware attack that forced systems to be taken offline. Security Experts have begun investigating this incident and have confirmed that no data had been compromised due to their “swift action”. Customers have been advised to purchase tickets via the website or app, while the company works to restore operations.
By BBC.co.uk
A newly discovered vulnerability in Windows 10, that appears to have existed for years, allows anyone to access and read the registry, including non-admins. This flaw could then lead to privilege escalation and unauthorised access to sensitive credentials. A security researcher has created an exploit in order to test this vulnerability; CERT have issued a notice on the exploit which can be found here, along with more information on the nature of this vulnerability.
By DoublePulsar.com
Unit 42 have found that malware can evade sandbox attention by abusing a specific single bit in the Intel CPU register. By setting this single bit, the Trap Flag, Malware is able to monitor the CPU’s response to determine whether it is on a physical or virtual machine. More details on this sandbox evasion, as well as other common techniques, can be found here.
By Unit42.PaloAltoNetworks.com
And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #151 – 23rd July 2021
Why not follow us on social media:
By
Joshua Hare
on
22/7/21
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
Last week we spoke about a supply chain attack on Kaseya VSA, which resulted in a widespread ransomware attack that affected many US companies. This week, Kaseya have released patches addressing the flaws that were exploited in the attacks. All users are advised to apply the latest patches as soon as possible; additional security recommendations have also been released, including “limiting access to the VSA Web GUI to local IP addresses by blocking port 443 inbound on your internet firewall.”
More details on these recommendations can be found here.
By TheHackerNews.com
Amazon are now offering end-to-end encryption for the video footage captured by Ring doorbells. This implementation has been tested in the US and was hugely successful; following this test, encryption is being rolled out worldwide. This is a huge step forward in the security of these devices, despite UK law enforcement suggesting it may present some issues. Amazon’s plan to make “neighbourhoods safer with the utmost privacy, security and user control” appears to be moving in the right direction, following their purchase of the US firm, Ring.
By BBC.com
Phishing simulation and training company, KnowBe4, recently released results of their latest study, showing that 1 in 3 untrained employees are likely to fall for phishing attacks. KnowBe4 suggest that security awareness training for your users is one of the most effective ways to protect your organisation. This was tested against 23,400 companies; those with no training were 16.4% likely to be affected by a phishing attack, while those with one year of continuous training were just 4.8% likely. We strongly advise all organisations to implement a formal plan to educate their users on the dangers of phishing and social engineering.
By TechRepublic.com
Microsoft recently warned SolarWinds of a newly discovered vulnerability affecting Serv-U Managed File Transfer and Serv-U Secure FTP. If this flaw is successfully exploited, the attacker would be able to execute arbitrary code with elevated privileges. Customers have been given time to apply the necessary updates before more details are published, to ensure the protection of their environments.
Further details on this vulnerability can be found here.
By SolarWinds.com
Microsoft users are being warned of a new malware-protection bypass affecting MS Word and Excel. Legacy versions of this software are being targeted, since evading security tools has proved to be fairly easy for attackers looking to deliver the Zloader trojan. Zloader is a banking trojan intended to steal credentials and sensitive information from financial institutions. As you might expect the malware exploits the use of macros in these Office products, so the best option to prevent this threat is to ensure that macros are not enabled.
Is it finally time for Microsoft to remove this macro functionality from Office?
More details on the nature of this attack can be found here.
By ThreatPost.com
Microsoft’s Patch Tuesday for July is here, and it addresses some key vulnerabilities, including nine zero-day flaws, 4 of which are being actively exploited. This alone makes it vital that users update their devices as soon as possible. The patch also features fixes for 13 critical flaws and 103 important flaws. Affected products include Windows, Bing, Dynamics, Exchange Server, Office, Scripting Engine, Windows DNS and Visual Studio Code.
By TheHackerNews.com
SonicWall released information yesterday morning on a critical vulnerability found in unpatched end-of-life SRA & SMA 8.X Remote Access Devices. Everyone still using legacy SRA appliances have been warned that “continued use may result in exploitation”, as SonicWall claims that ransomware campaign are known to be exploiting these flaws. They have also released separate recommendations for each appliance, which can be found here.
By TheRecord.media
And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #150 – 16th July 2021
Why not follow us on social media:
By
Joshua Hare
on
15/7/21
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
Kaseya Supply Chain Attack Impacts US Companies
Kaseya VSA was hit by a Supply Chain Attack on Friday 2nd, that was made possible by a zero-day flaw. After the initial attack, a fake auto update was pushed using the product, which delivered the REvil ransomware. Kaseya VSA is mostly used by managed service providers, with the firm reportedly having 40,000 customers. It is unclear how many of these customers have been infected by the ransomware, but the latest estimates put numbers around 1500. After discovering the attack, Kaseya advised their customers to “IMMEDIATELY shutdown your VSA server”. Attackers used the 4th July holiday weekend as a well timed attack to inflict maximum damage, knowing staff would likely be celebrating instead of working. Investigation into the situation is ongoing, but it may be some time before we fully understand the impact of this attack.
By DoublePulsar.com
Microsoft Fails to Fix PrintNightmare Vulnerability
Microsoft recently released an emergency patch addressing the PrintNightmare vulnerability; however, researchers were still able to perform local privilege escalation and remotely execute arbitrary code with the fix installed. Many different researchers were able to bypass the fix and it has been advised that users do not apply the patch at all; not only does it not fix the intended flaw, but it also stops other important patches from applying. Microsoft are currently investigating the failed patch and are taking the “appropriate action to protect their customers”.
Until the flaw has been addressed, you can use some of the mitigation techniques found here.
By BleepingComputer.com
Over the weekend, the Formula 1 official app was hacked, and its users were sent unusual messages suggesting they check their security. It was confirmed by an F1 spokesperson that the attack was “limited to the Push Notifications Service”; it is also believed that no customer data was accessed as a result of the incident. Many users are concerned about the security of the app after the hack and are calling for improved security measures.
By InfoSecurity-Magazine.com
Discord is a community chatting software widely used by gamers, streamers and content creators; however, its popularity has attracted the attention of cybercriminals seeking to exploit the platform’s users. Discord scams are becoming more and more frequent, with cryptocurrency, giveaway and support scams topping the list. Discord is reportedly looking into implementing new security measures to combat these threats, but until then there are a few things you can do: avoid contact with people you don’t know, do not click on any links sent by strangers, use multi-factor authentication and report any suspicious users.
By ScottAButler.medium.com
APT Malware Campaign Targeting MacOS
A group of cybercriminals known as WildPressure are branching out in their latest campaign, choosing to target macOS users in their attacks. A new macOS malware variant has been seen in use, and Kaspersky have released a report of their latest findings; it was found that they are using a variant of a trojan called Milum, which uses a PyInstaller that is compatible with macOS.
More details on WildPressure’s campaigns can be found here.
By ThreatPost.com
Sage X3 RCE Flaw Allows System Takeover
Four vulnerabilities have been found affecting the Sage X3 ERP platform, one of which was given a CVSS score of 10 out of 10. If used together, these flaws can allow an attacker to completely take over the target system and execute arbitrary code with elevated privileges. These vulnerabilities were addressed in the latest update for Sage; we recommend applying the fixes as soon as possible.
More details on the CVEs can be found here.
By ThreatPost.com
Microsoft Issues Warning for Critical PowerShell 7 Vulnerability
A critical remote code execution flaw has been discovered in PowerShell 7, affecting its .Net components in all Windows, Linux and macOS platforms. No mitigation techniques have been released, and all customers are urged to update to version 7.0.6 and 7.1.3 as soon as possible. Microsoft have also recognised that updating PowerShell is not as simple as it should be, and are looking into making the process easier. Until then, guidance on how to update PowerShell can be found in Microsoft’s initial advisory.
By BleepingComputer.com
And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #149 – 9th July 2021
Why not follow us on social media:
By
Joshua Hare
on
8/7/21
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
An analyst for G Data recently discovered a malicious driver that had been signed by Microsoft. The driver, known as “Netfilter”, was signed due to a flaw in Microsoft’s code-signing process, and has been seen communicating with Command & Control IPs based in China. Microsoft are currently investigating the incident and have confirmed that the actors behind it are primarily targeting gaming environments; the account responsible has been suspended and is being checked for other malicious signings.
By BleepingComputer.com
The Ministry of Defence are currently investigating an incident in which classified documents were left at a bus stop in Kent. The documents contain information on UK military in Afghanistan and the HMS Defender’s passage through Ukraine; they were found by a member of the public who contacted the BBC when he realised that the documents contained more than 50 pages of classified information.
By BBC.co.uk
A recent report by the FBI found that the elderly are at a higher risk of falling for online fraud attempts. The report states that over-60s make up more than 28% of all successful fraudulent activity. The study also shows that not only were over 60s targeted the most, but their reported losses were also the greatest, with almost 1 billion USD being stolen in 2020. This could partially be due to many elderly people joining social media, in order to stay in contact with family during the pandemic; this kind of opportunity is something that attackers are always looking out for, especially since older people are generally more trusting and unaware of cybercrime.
By HotForSecurity.BitDefender.com
A Dutch cybersecurity firm known as Tesorion has recently announced that they are releasing a free application to help victims of the Lorenz ransomware recover their encrypted data. The decrypter was announced last week and has since been added to the nomoreransom website. This site contains decryption tools for a number of different ransomware variants.
The tool for the Lorenz ransomware can be found here.
By TheRecord.media
Many people have reportedly been receiving WhatsApp verification codes that they did not request, and it appears to be part of a recent wave of attempted account thefts. The attacker uses your phone number during the WhatsApp setup, which subsequently sends you a verification code. They are then messaging the owner of the phone number posing as customer support and requesting the victim to forward them the code. This allows them to completely take over your account and attach it to their own mobile device. If you receive a code that you did not request, ensure that you do not share it with anyone.
By HotForSecurity.BitDefender.com
Eight apps containing the Joker malware have been found targeting Android devices; however, unlike other malicious apps, these come directly from the Google Play Store. This shows that it is no longer safe to simply avoid third-party app stores, since the supposed ‘trusted’ app store is also plagued with malware. We strongly advise all Android users to take care when downloading applications, specifically those on the list show here.
By Forbes.com
A cross-site scripting flaw was recently discovered in Cisco Adaptive Security Appliance and researchers have now released a proof-of-concept exploit. This bug is now being actively exploited; despite being patched last October. We advise all organisations to apply the latest patches to their appliances as soon as possible to avoid the possibility of a successful attack.
By ThreatPost.com
And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #148 – 2nd July 2021
Why not follow us on social media:
By
Joshua Hare
on
1/7/21
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
Checkpoint’s latest blog highlights the increase in phishing campaigns that have been generated to target the Amazon Prime Day’s. Prime day’s promote big discounts and special deals on products. Checkpoints research was carried out in the weeks leading up to the promotion, and discovered over 2300 new Amazon related domains were registered with either malicious or suspicious behaviour. These types of domains are often used in email phishing campaigns to lure victims and steal credentials or finances. Even though Amazon Prime Day’s have now concluded, it is key to stay vigilant and look out for phishing emails.
By blog.checkpoint.com
Ransomware is constantly topping the news headlines of late, but another highly successful and lucrative method for cyber criminals is BEC or Business Email Compromise. BEC typically starts with an email and often impersonates a person of authority requesting the victim to perform some sort of financial transaction (invoice payment, money transfer, gift card purchases etc.). In their recent blog post, Talos Intelligence detail the BEC threat, along with some real world examples of both simple and advanced attacks. What this reinforces is that technology alone will not prevent these types of attacks, we need both strong technology and educated people to defeat the BEC threat.
By blog.talosintelligence.com
A fertility clinic in the US has disclosed that following a recent ransomware attack, sensitive patient information was stolen. RBA and its affiliate MyEggBank issued a notification stating, they were hit by a cyber attack that encrypted embryology data, but not before accessing the network and stealing patient information. The stolen data of approximately 38,000 patients included: names, addresses, social security numbers and lab information/results. This has become a common trait with ransomware gangs who want leverage over the victims, in an effort to force them into paying the ransom.
By BleepingComputer.com
Researchers at TrendMicro are warning of a new variant of ransomware called DarkRadiation that is targeting Linux and Docker instances. The variant is written in Bash script and uses the Telegram messaging service as means to perform command and control and report on infection status. Not only does this malware encrypt files on the target, but if root access is available, it also searches for users on the system and overwrites their existing passwords.
By thehackernews.com
Belgium’s third largest city, Liege, had its network and online services disrupted this week by yet another ransomware attack. The attack has impacted civil and population services with town halls, birth and burial services, and wedding events being cancelled. Based on the information disclosed, it appears this is the result of the RYUK ransomware gang. Cities, councils and governments have become common targets for the bad guys, mainly due to their lack of mature security practices.
By therecord.media
Two zero-day vulnerabilities in OpenDesktop’s Pling has surfaced, and if exploited could results in remote code execution and supply chain attacks. Pling, a content management app, allows component installation in Linux desktops such as Gnome and KDE. After no response from the developers security firm Positive Security have disclosed the flaws to the warn users and they are recommending to no longer use Pling or access any affected websites.
By portswigger.net
Atlassian have recently patched flaws in its Single Sign On capability that could have allowed bad actors to gain access to accounts in its cloud and on premise products. By tricking a user into clicking on a specially-crafted Atlassian link, the attacker can execute a malicious payload that steals the user's session, which can then be used to log in to the victim's account. From there they can obtain sensitive information and stage further attacks across Atlassian’s integrated products.
By Thehackernews.com
And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #147 – 25th June 2021
Why not follow us on social media:
By
Stuart Hare
on
24/6/21
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
Volkswagen America recently confirmed that a third-party vendor had suffered a data breach; this vendor was being used for marketing purposes and reportedly left their systems unsecured online. The personal data of more than 3.3 million customers was exposed, most of which are Audi drivers. The breach was discovered by the vendor back in March; however, their server was not secured until two months later. It appears that 97% of customers involved in the breach only had contact information exposed, whereas the remaining percentage may have included social security numbers, account or loan numbers, and tax identification numbers.
By TheRecord.media
During a summit meeting yesterday in Switzerland, Biden and Putin exchanged their views on the state of cyber-attacks. The US president is unhappy with the lack of action being taken against ransomware actors and calls on all countries to “take action against criminals who conduct ransomware activities on their territory”. It appears that Putin and Biden have agreed to “begin consultations on this”, with both sides suggesting the other is the aggressor.
By TheRegister.com
In a recent statement from the UK’s National Cyber Security Centre, the nation was warned that ransomware is now the single biggest threat to British people and businesses. The head of the NCSC demands that ransomware threats are taken seriously and warns of the risks of ignoring the problem. The recent attack on the fuel pipeline operator has turned some heads and brought some attention to the growing issue, but it is not enough; the issue is believed to be so serious that discussions should be held between world leaders at the G7 summit.
By Tripwire.com
Ikea France has been accused of hiring private detectives and law enforcement officers to collect the private data of their staff. This snooping included illegally accessing the criminal records of Ikea employees, as well as collecting other private data. The Ingka group, who owns most Ikea stores worldwide, has apologised for the actions of Ikea France, and the French court have issued them a fine of €1.2M.
By BBC.co.uk
The Wordfence Threat Intelligence Team recently found a high severity flaw in the WooCommerce Stock Manager Plugin, allowing a remote attacker to execute arbitrary code on the target system. This flaw does however require an administrator to click a malicious link, so as always, we advise all admins to look out for suspicious emails. This vulnerability was recently patched by the Wordfence team, and fixes are included in version 2.6.0 of the plugin. Updating as soon as possible is highly recommended.
On another note, we have witnessed a new malicious campaign that is targeting users of the Jetpack plugin, specifically those reusing passwords across multiple services. This attack can be avoided almost entirely by enabling two-factor authentication on your WordPress account. Doing so means that even if your password is compromised, the attacker will be unable to gain access without also compromising your mobile device.
By Wordfence.com
CISA have released a security advisory for a recently discovered vulnerability in the popular ThroughTek tool. This flaw allows attackers to access sensitive information, including audio and video feeds. As well as this, the attacker may be able to spoof the device and hijack its certificate. ThroughTek software is used frequently by security camera and smart device vendors, with their components being active in millions of devices.
The CISA advisory, including mitigation techniques and other recommendations, can be found here.
By ZDNet.com
The increasingly popular maker of exercise equipment, Peloton, has recently released information on a security vulnerability affecting the Peloton Bike + and Peloton Tread. This flaw requires an attacker to have physical access to the equipment, but once the tablet has been breached, they are able to perform a variety of cyberattacks remotely. This includes accessing personal information, installing malware, and even accessing the camera and microphone. Peloton addressed this serious vulnerability in their latest firmware update; we recommend that all users apply the latest fixes as soon as possible.
By ThreatPost.com
And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #146 – 18th June 2021
Why not follow us on social media:
By
Joshua Hare
on
17/6/21
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In related news, he is no longer in power, but we are still receiving pearls of wisdom from former President Donald Trump. In response to the recent increase in cyberattacks he recommends that in order to stop these attacks we should no longer use these new-fangled computer things and return to using pen and paper. What better way to prevent cyber-attacks than abandoning technology and returning to paper records!
Oh and apparently Bitcoin is a scam (he obviously missed jumping on that lucrative train in the early days).
In this week’s round-up:
Skinners’ Kent Academy and Skinners’ Kent Primary School have both confirmed their closure following an attack on their IT systems. The schools announced that they are unsure what information was accessed by the attackers, but parents have been urged to contact their banks, as personal data may have been compromised. The incident is currently being investigated by Action Fraud and the NCSC, and learning will continue remotely until the schools can reopen.
By BBC.co.uk
The UK’s biggest furniture retailer, Furniture Village, was recently hit by a cyber-attack that forced them to shut down their IT systems. 7 days on from the initial attack, their website is operational, however they are “still experiencing technical issues with internal systems”. It is currently unknown who is behind the attack, or the reason behind it; we can however confirm that Furniture Village are working hard to restore their systems to operation as soon as possible.
By TheRegister.com
The FBI and Australian Federal Police have launched an encrypted chat service called ANoM; this was designed to intercept criminal communications online. The operation has resulted in the arrests of more than 200 criminals and law enforcement were able to seize 55 stolen vehicles, eight tons of cocaine, 22 tons of cannabis and 250 firearms. This campaign has been active for around 3 years and has played a huge part in crime prevention for these federal organisations.
By TheHackerNews.com
Microsoft’s patch Tuesday for June has arrived, and it contains fixes for 50 vulnerabilities. Six of these security flaws are considered critical and are being actively exploited in the wild; this includes remote code execution in the Windows MSHTML Platform and denial of service flaws affecting Remote Desktop Services. We recommend that everyone applies the latest updates as soon as possible, to ensure that you are protected against the flaws addressed in this month’s batch of security fixes.
By TheRegister.com
Google’s latest batch of security updates includes a fix for critical flaw affecting Android devices. Successful exploitation of this flaw could allow a remote attacker to execute arbitrary code on the target device. It was confirmed that this vulnerability affects Google Pixel phones, as well as all third-party devices running the Android operating system. We recommend updating as soon as possible to ensure you do not become a victim of associated exploits.
By ThreatPost.com
Critical zero-day vulnerabilities have been discovered in the open-source school management system, Fedena, some of which could allow remote code execution. There are currently no patches for the system, but some mitigation recommendations have been released. One of these recommendations is “stopping the Fedena application server, altering the secret using a securely generated random string, and restarting the server.”.
Other techniques to protect your systems against these flaws can be found here.
By PortSwigger.net
And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #145 – 11th June 2021
Why not follow us on social media:
By
Joshua Hare
on
10/6/21
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
The Russian hackers responsible for the recent SolarWinds breach were found to be involved in a spear-phishing campaign, which the U.S Department of Justice have intervened with. The DoJ were able to take control of two of the command-and-control sites being used in the campaign, which has massively disrupted the group’s phishing operations.
More details on the seized domains can be found here.
By TheHackerNews.com
JBS, the world’s largest supplier of meat, was recently hit by a sophisticated ransomware attack that forced them to shut down operations. There are currently no details regarding the ransom request, and we do not know if JBS plan to pay the attackers; it was however confirmed that the FBI is investigating the attack, and the company is working hard to restore operations as soon as possible.
On another note, we recently received an update on the Colonial Pipeline cyber-attack, and it was confirmed that the $4.4M ransom was paid. More details on this can be found here.
By BBC.co.uk
A leaked British Army spreadsheet was found on WhatsApp, containing the personal data of Special Forces soldiers. The spreadsheet was available for download with no password and didn’t contain any government markings to indicate its confidentiality. Sources suggest that this information sharing on WhatsApp is normal, however it is usually password protected. This is a serious incident since the identities of the soldiers involved are supposed to be hidden from the public for the safety of them and their families.
By TheRegister.com
FujiFilm have suffered what they believe to be a ransomware attack and have shut down parts of their network to prevent the attack from spreading. The firm were hit by an attack on Tuesday and stated that they are “aware of the possibility of a ransomware attack.”; FujiFilm have since been working hard to determine the severity of the attack and have apologised for the affect it may have had on partners and customers.
By BleepingComputer.com
Security Researchers are becoming worried by the amount of ransomware victims that are relying on cyber-insurance providers to pay ransoms. In the first half of 2020, 41% of all insurance claims were linked to ransomware attacks; with this becoming an increasingly popular response to extortion attempts, more payments are being made to the attackers, which further funds continued attacks. Many security experts are warning companies against their reliance on cyber-insurance and are unhappy with how frequently ransoms are being paid.
By ThreatPost.com
The Wordfence Threat Intelligence team recently found a critical zero-day in the Fancy Product Designer plugin that could allow a remote attacker to execute arbitrary code. This plugin has been installed on more than 17,000 WordPress sites worldwide, and the flaw is already being actively exploited. The zero-day was patched in version of 4.6.9 of Fancy Product Designer, and we advise anyone using the plugin to update as soon as possible.
By WordFence.com
And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #144 – 4th June 2021
Why not follow us on social media:
By
Joshua Hare
on
3/6/21
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
The NCSC have created a collection of interactive, educational activities for children who are interested in cybersecurity. The resources are designed for children aged 7-11 years old and includes a game known as CyberSprinters, that teaches them about core aspects of security, such as password management, protecting devices and phishing. The NCSC aims to make cybersecurity education fun and engaging for primary school students; making them aware of the importance of cyber at such an early age gives them the opportunity to continue it as they get older. Education and awareness of threats is vital, which is why this release is so important.
By NCSC.gov.uk
Audio Equipment Manufacturer, Bose, recently suffered a ransomware attack that crippled their IT systems. We currently do not know who was behind the attack, and Bose have not confirmed if they plan to pay the ransom. What we do know is that they are working hard to restore their systems and bring them “back online in a safe manner”. They have spoke openly about the action they have taken to boost their security following the attack, which is a positive thing to point out. More info will undoubtedly follow.
By TheRecord.media
A UK couple, who’s names have not been disclosed, were recently confronted at their home by police officers who were investigating a serious case of child abuse. The police were investigating the couple for potentially posting images of child abuse on online forums last year; during the investigation, all of their devices were confiscated, and they were suspended from their jobs. Earlier this year, the couple’s devices were returned, and the police now believe that the crime was committed by an unauthorised user accessing their WiFi, which was possible due to them still using the default password on their router. This emphasises the importance of changing your passwords when getting a new device and is one of the reasons that the government plan to ban default passwords being set for new devices.
By BBC.co.uk
Air India have recently suffered a data breach, in which the personal information of 4.5 million passengers was exposed. The stolen data includes names, dates of birth, passport information and credit card data, from customers as early as August 2011. Anyone who has been a passenger of an Air India flight in the last ten years is potentially affected by this incident.
By TheHackerNews.com
13 vulnerabilities were found in the Nagios network monitoring software that could allow an attacker to take over the infrastructure without any user interaction. Among these vulnerabilities, there are multiple remote code execution flaws, as well as privilege escalation flaws. These exploits were discovered and remediated back in November, but more details were recently disclosed, including a summary of each CVE.
More details can be found here.
By TheHackerNews.com
We urgently advise all Apple Mac users to update their operating systems as soon as possible, due to a newly discovered zero-day flaw that could allow a remote attacker to gain permissions and take screenshots on your device. This can be done without user interaction or consent and could even allow the attacker to steal sensitive information, including passwords. All versions prior to 11.4 are affected by this flaw, making it vital that all users apply the latest patch immediately.
By HotForSecurity.BitDefender.com
VMware has announced the existence of a critical flaw that could allow a remote attacker to execute arbitrary code on the target system. VMware urges all users to patch their systems immediately to reduce the chances of an attack. It was confirmed that this flaw affects vCenter Server 6.5, 6.7, and 7.0, as well as Cloud Foundation version 3.x and 4.x.
More details on this vulnerability can be found here.
By TheRegister.com
And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #143 – 28th May 2021
Why not follow us on social media:
By
Joshua Hare
on
27/5/21
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
Most companies that suffer a ransomware attack prefer to stay quiet about the incident and avoid publishing any details; however, green energy tech provider, Volue, have been entirely transparent about being a victim of ransomware. The firm set up a website with details of the attack, including indicators of compromise, as well as their recovery road map and the CEO’s phone number. Volue were hit by the Ryuk ransomware gang, who have been responsible for many attacks recently, and their transparency not only helps future victims, but also “inspire confidence in the company”. Many cyber security professionals have praised their approach to the incident and encourage others to follow in their footsteps.
By BleepingComputer.com
The National Cyber Security Centre (NCSC) and Health Service Executive (HSE) have briefed the Irish government on their recent investigations into the attacks on Ireland’s healthcare system. The Irish health system was targeted multiple times by hackers and the ‘Wizard Spider’ group is believed to be responsible. Two recent attacks were brought to the attention of the NCSC, one targeting the Department of Health, and the other targeting the HSE; the latter was reported as the “most significant in the state’s history”. A recent statement from the Irish government confirms that their main goal is to restore the operations of all medical services as soon as possible.
By BBC.co.uk
Cyber insurance firm, AXA, recently stated that they would no longer cover ransom payments for their customers; shortly after the announcement, they were hit by a ransomware attack themselves. The group responsible for the attack was the Avaddon gang, who claim to have stolen 3 terabytes worth of company data from AXA. The stolen data reportedly includes scans of customer ID documents and medical and hospital records. There is currently no information on the ransom demands and it is unclear whether AXA plan to pay the attackers.
By GrahamCluley.com
70 different banks across Europe and South America have been affected by the Bizarro banking malware, which distribute MSI packages through spam emails. The malware is hosted on compromised WordPress, Amazon, and Azure servers, and once installed remains idle; this allows it to evade detection until it detects a connection to an online banking system. Bizarro is more advanced than your typical banking malware since it terminates existing browser sessions upon installation. This allows it to steal credentials when the victim is forced to log back into their online banking site. As always, we advise everyone to be cautious when receiving emails and avoid clicking any links unless you are certain they are benign.
By TheHackerNews.com
Cyber security professionals have dedicated a lot of time into finding out what exploits hackers are interested in. This investigation was designed to help companies prioritise their patching process so that they can address those in high demand first. During this study, it was found that Microsoft products make up 47% of all requests on hacker forums and markets, with Adobe in second place with 21%. It is also worth noting that 22% of exploit requests were for vulnerabilities more than 3 years old; updating as frequently as possible is vital, especially considering the demand of these old exploits.
By Threatpost.com
A SQL Injection vulnerability was recently discovered for the WP Statistics plugin, that is installed on more than 600,000 WordPress sites. Fortunately, all sites running Wordfence (both the premium and free version) are protected. If you are not running Wordfence on your site, we recommend applying the latest patch as soon as possible to ensure that you are protected against this flaw.
By Wordfence.com
And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #142 – 21st May 2021
Why not follow us on social media:
By
Joshua Hare
on
20/5/21
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
The operator of America’s largest gasoline pipeline, Colonial Pipeline, was forced to halt operations after they were hit by a ransomware attack last week. Their systems were taken offline proactively, and they are working hard to get back to normal as soon as possible. We do not yet know who was behind the attack and it is unclear when Colonial will be able to return to operation; it is vital that systems are restored as soon as possible, since they are the main source of gasoline in the Eastern half of the US.
By Bloomberg.com
West Midlands Railway have been criticised for their controversial cyber-security tests targeting their staff. The company’s staff were all sent fake emails containing a link; the email promised them a bonus for their hard work during the pandemic, but was followed up by a notification confirming that no payments would be made. Though it is good that the railway company are carrying out these simulations, many have criticised their methods, and demand that the workers receive the bonus they were falsely promised.
By BBC.co.uk
A new financial startup known as Fintech has been seen offering users up to $500 dollars for the username and password to the payroll account provided by their employers. The startup claims to support people who work multiple jobs to help “improve their credit and employment options”. Many security researchers are concerned with the level of access that the company has and has warned users of the risks of their data harvesting; the startup has also been investigated for relations to a phishing scam. We advise all users to be cautious of sharing credentials with others and avoid giving away access to financial systems such as your payroll.
By KrebsOnSecurity.com
The UK foreign secretary has issued a warning to Russia regarding their involvement in protecting ransomware actors. The secretary has stated that even if attacks are not linked to the state, they are responsible for prosecuting the criminals. Ransomware attacks have been constant this year, and it seems the actors behind them have gone mostly unpunished. The warnings sent to Russia demand that they take responsibility for those acting out of the country, as their operations have been constantly disrupting educational institutions in the UK.
By BBC.co.uk
Car Dealership Service Provider, DriveSure, have been hit by a data breach in which multiple databases were posted on the dark web. The exposed databases include dealership and inventory information, revenue data and client data. Researchers examined the data and found that names, addresses, phone numbers, email addresses and IP addresses were leaked, as well as 93,063 bcrypt hashed passwords. Although Bcrypt is considered a strong encryption method, it can still be brute forced; because of this, we advise all DriveSure customers to change their passwords as soon as possible.
By RiskBasedSecurity.com
Security Researchers have found multiple vulnerabilities affecting the WiFi standard, including some flaws dating back to 1997. Some of these isssues are design flaws within the standard, meaning they affect the majority of devices. Unlike most vulnerabilities, these come from “widespread programming mistakes”, meaning they will be much more difficult to patch. WiFi Alliance have been working hard to resolve the issues and while some patches are already available, there are much more to come.
By TheRecord.Media
Microsoft have released their monthly batch of security updates for May, and it addresses 55 vulnerabilities, four of which were classified as critical. Among the four criticals, there are three zero-days, including a privilege escalation flaw in .NET and Visual Studio, a Security Feature Bypass flaw in MS Exchange Server and a Remote Code Execution flaw in Common Utilities. As always, we advise applying the latest patch as soon as possible to ensure you are protected against attacks.
By BleepingComputer.com
And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #141 – 14th May 2021
Why not follow us on social media:
By
Joshua Hare
on
13/5/21
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
One of the world’s biggest child abuse image websites was recently shut down by the police. The site had more than 400,000 members and has featured images of abuse since June 2019. Some of the site’s active members were found with more than 3,500 uploaded images and have since been investigated and arrested; this investigation reportedly led to the discovery of the site owners. Fortunately, the website is no longer active, but further investigation is still ongoing to catch more members and abusers.
By GrahamCluley.com
Switzerland-based web hosting provider, Swiss Cloud, have been hit by ransomware this week, which has rippled their IT systems. Swiss Cloud is one of the largest hosting providers in Switzerland, and they have announced that they are working hard to restore their systems from backups rather than paying the ransom. Microsoft and HPE have also come forward to help the company, while the group behind the attack is still unknown. We will provide updates on the situation when we learn more.
By TheRecord.media
A hacker group, that is being tracked as UNC2447, have been actively exploiting a new zero-day flaw in SonicWall VPN appliances to help in their ransomware attacks. The group are using the flaw to execute code remotely and deploy the ransomware; fortunately, there is a patch available for this zero-day that we recommend applying immediately.
More details including affected versions can be found here.
By TheHackerNews.com
Peloton are well known for making exercise bikes and offer a service in which customers can attend live classes from home using their exercise bike or treadmill. A recently discovered flaw in Peloton’s API could allow an unauthenticated user to view private user information. The exposed information includes User IDs, Instructor IDs, Group Memberships, Location, Workout Stats, Gender, and Age. Unfortunately, this issue has not yet been resolved, and pen testers are still trying to get an update on the situation. We will provide updates on this once we learn more.
By PenTestPartners.com
A new information stealer was discovered last month known as Panda Stealer, that is utilising spam emails to lure its victims into opening malicious Excel files. Panda Stealer is different to other information stealers, as it uses a fileless method to distribute the malware, which allows it to evade detection.
More details on this can be found here, including indicators of compromise,
By TrendMicro.com
Apple have released a new batch of security updates for iOS, macOS and watchOS, including patches for three newly discovered zero-day vulnerabilities. These flaws all exist in Safari’s browser engine, WebKit, and allow an attacker to execute arbitrary code on the victim’s device. These zero-days are potentially being exploited in the wild already, making it essential that all Apple users update their devices as soon as possible.
By TheHackerNews.com
Security researchers have found 21 vulnerabilities affecting the Exim mail server, including flaws that allow an attacker to gain root privileges and execute code remotely. Of the 21 flaws that were found, 10 can be exploited remotely, making them a big risk; especially considering that 60% of internet servers run on Exim. There are currently no available patches for these flaws, we will provide updates when they are made available.
By SCMagazine.com
And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #140 – 7th May 2021
Why not follow us on social media:
By
Joshua Hare
on
6/5/21
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
A Coca Cola engineer has been accused of insider theft after allegedly stealing trade secrets worth $119 million dollars. The thief reportedly planned to use the stolen secrets to set up their own company in China but was found in possession of an external hard drive containing the sensitive data a year after leaving the company. A great read on insider threats that is largely ignored by most. It is important that only a limited number of employees have access to sensitive files, and those with access should be closely monitored to ensure the safety of the data and limit the risk of insider theft.
By Red-Goat.com
The DC Police Department confirmed earlier this week that attackers had gained unauthorised access to their servers and the FBI had been called to investigate. We now know that the Babuk ransomware gang has claimed responsibility for the attack and posted screenshots on their website as proof. They revealed that 250 GB of data was stolen from the department, including information about police informants. Although nothing has been confirmed, there is a good chance that the DCPD paid the ransom, as their data has since been removed from the Babuk website.
By Blog.MalwareBytes.com
Kaspersky have announced the discovery of a “collection of malware samples” that was found by their security analysts. These samples contain techniques and patterns that have been used in CIA hacking operations known as Lamberts. It appears that the malware acts as a backdoor trojan that can be used on an infected to host to listen to network traffic, however Kaspersky believe that these samples have not been exploited in the wild.
More details on this discovery can be found in Kaspersky’s APT report.
By TheRecord.media
A new flaw has been discovered in Apple AirDrop, that could expose your contact information to nearby users. The bug exists in how Apple hashes contact identifiers and can be exploited by anyone in proximity of the target device to steal information such as email addresses and phone numbers. This flaw is currently unpatched, and the only way to protect against it is to disable AirDrop on your device.
By TheHackerNews.com
Popular file-sharing service, FileZen, is currently affected by two vulnerabilities, both of which could allow an attacker to execute arbitrary OS commands. Although these flaws were addressed in Soliton’s most recent firmware update, it was confirmed that attacks begun before the fixes were released, meaning many organisations may already be compromised. We recommend that all users install the latest updates, change their system administrator account, and reset all access to ensure you are protected.
By SecurityAffairs.co
A SharePoint vulnerability that was found and patched back in 2019 is still being actively exploited and used by the Hello ransomware group. Despite being patched almost two years ago, many businesses have still not applied the fix and are vulnerable to attack. Those still vulnerable are likely missing other key updates from the last two years, so this is not the only threat they are facing unnecessarily. We advise all SharePoint users to update their systems as soon as they can to reduce the possibility of an attack.
By SCMagazine.com
Apples latest update for macOS Big Sur addresses a zero-day vulnerability that allows an attacker to craft malicious payloads that evade the operating system’s security checks. Gatekeeper is supposed to block untrusted software from executing, but this flaw bypasses this feature. This update also provides patches for a number of other vulnerabilities; we advise updating as soon as possible.
By GrahamCluley.com
And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #139 – 30th April 2021
Why not follow us on social media:
By
Joshua Hare
on
29/4/21
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
The UK government has announced the introduction of new cyber security laws, designed to protect smart devices from online threats. In the future, most smart devices will ban the use of easy to guess passwords, forcing users to have some form of complexity. In addition to this, Apple, Google and Samsung have revealed that they plan to alert users when their devices are reaching end-of-life; this gives everyone plenty of time to upgrade to a device that will receive regular security updates. These changes will be accompanied by new features that make it easier for users to report software flaws that may be being exploited.
More details on these changes can be found here.
By Gov.uk
UK drinks distributor, Matthew Clark Bibendum (MCB), were recently affected by a serious security incident, which forced them to shut down their IT systems. MCB’s recent statement revealed that they are “in the process of informing its customers and suppliers of the incident”. It was confirmed that parent company, C&C Group, were unaffected and continue to operate, while MCB continue to respond to the situation and carry out the steps of their incident response plan. The reports suggest ransomware but this is yet to be confirmed.
By PortSwigger.net
The Notorious FIN7 cybercrime gang are known for posing as sysadmins of a fake security company, in order to scam their victims. They have been seen operating in over 40 countries, with more than 20 million customer card records stolen. One of their key members was recently arrested and is now serving a 10-year jail sentence; during their time with the group, they reportedly caused more than one billion dollars’ worth of damage.
By HotForSecurity.BitDefender.com
The MI5’s Security Chief, Ken McCallum, has warned LinkedIn users to be aware of fake “malicious profiles” that are seeking connections in order to steal information. The hackers controlling the fake profiles have been seen manipulating individuals in key industries, as well as multiple government departments, which is why the MI5 have responded so quickly. Their new campaign revolves around “the four Rs”: recognise the profiles, realise the threat, report suspicious activity, and remove the profiles. We advise all LinkedIn users to avoid disclosing information to suspicious users, as the likelihood of an attack has dramatically increased since the start of the pandemic.
By BBC.co.uk
Last week, we spoke about the vulnerabilities affecting Elementor plugins, which are installed on more than 30,000 WordPress sites worldwide. Although 60% of these sites are now running a patched version of the plugins, there are still many attacks being carried out that are targeting these vulnerabilities. We advise all site admins who have not yet applied the latest patches to update as soon as possible, as these sever flaws are still being actively exploited.
A list of indicators of compromise for these exploits can be found here.
By Wordfence.com
A new zero-day vulnerability has been discovered in the Pulse Secure VPN, and it is being actively exploited by Chinese hackers. In their latest attack, the hacker group used the zero-day to breach an unnamed US defence contractor. These exploits reportedly started back in August 2020, and have since been addressed by Ivanti, the company responsible for Pulse Secure VPN. A security advisory has been released for the discovered vulnerabilities, which includes mitigation techniques to protect users until the final patch in May.
Ivanti’s security advisory can be found here.
By TheRecord.media
SonicWall have announced that their email security product is currently affected by three zero-day exploits. The first of these exploits allows an attacker to create an admin account by sending a crafted HTTP request to the remote host. The second allows the attacker to upload arbitrary files to the host once they are authenticated, and the third is a directory traversal flaw. These flaws were addressed in the latest patch; we advise all SonicWall customers to apply the latest updates as soon as possible.
By TheHackerNews.com
And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #138 – 23rd April 2021
Why not follow us on social media:
By
Joshua Hare
on
22/4/21
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
Indian Stock Traders, Upstox, have suffered a serious data breach in which cybercriminals were able to access millions of customer’s personal information. The compromised database included customer names, contact information, bank account information, as well as millions of KYC (Know Your Customer) details. KYC data includes scans of ID cards, photo ID and passports, making it a serious breach. The database was accessed by the ShinyHunters gang, who reportedly acquired the company’s Amazon AWS key. As a result of this incident, the Indian firm have reset all customer passwords and released a statement confirming that all funds are still safe and protected.
By GrahamCluley.com
The Justice Department has announced this week that their operation to remove malicious web shells from vulnerable Exchange Servers was authorised by the court. This comes as part of their response plan for the zero-day vulnerabilities that were discovered earlier this year; many systems are still affected, and the FBI have begun their work to expel the hackers from the victim’s networks.
By Justice.gov
Microsoft have discovered a new cybercrime campaign that is using contact forms on benign websites to distribute malware. The group submits a contact form threatening legal action; for example, the actor poses as a photographer claiming their copyrighted photos are being used by the company. This form then includes a link to a fake copyright evidence document which contains malicious code and redirects to a third-party login page. Microsoft warn all system administrators to be aware of this threat and avoid clicking suspicious links such as these.
By TheRecord.media
A newly discovered WhatsApp bug could allow an attacker to lock you out of your account using just your phone number. This is possible because of the setup process in which you are asked for your phone number and currently, there is no way to prevent a random user from using your phone number in their setup. This would send messages to your phone containing a verification code; if the attacker does this multiple times you can be locked out of your account for 12 hours. This can lead to your account being suspended if the attacker chooses to contact WhatsApp support.
By WeLiveSecurity.com
This edition of Microsoft’s Patch Tuesday contains fixes for 108 vulnerabilities. This includes 20 critical flaws, four of which are remote code execution vulnerabilities in Microsoft Exchange Server; these were given a CVSS severity score of 9.8 out of 10. Twelve of the remaining critical flaws exist in the remote procedure call runtime and require no user interaction. There are also fixes for Microsoft Office, the Windows Kernel and Visual Studio. As always, we advise applying the latest patches as soon as possible.
By Blog.TalosIntelligence.com
The Wordfence Threat Intelligence team have been working hard to disclose a number of vulnerabilities present in over 15 popular Elementor plugins. The plugins are used on more than 3.5 million sites, with 100 endpoints confirmed to be vulnerable. Similar to the vulnerability that was found in the main Elementor plugin, these cross-site scripting flaws add JavaScript to posts and execute it when the post is either viewed or edited. If the viewer happens to be an administrator, then the whole site can be taken over.
A list of affected plugins and versions can be found here.
We recommend applying the latest updates as soon as possible.
By WordFence.com
Google have released an update for the Chrome Browser, addressing two zero-day vulnerabilities that were being actively exploited in the wild. Exploits for these flaws were posted online, and it was confirmed that both can lead to remote code execution. We advise updating your browser to the latest version as soon as possible to ensure you are not at risk of exploitation.
By TheHackerNews.com
And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #137 – 16th April 2021
Why not follow us on social media:
By
Joshua Hare
on
15/4/21
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
The Scottish Environment Protection Agency was hit by a cyber attack on Christmas Eve, in which the attackers stole around 4,000 digital files. SEPA refused to pay the ransom to retrieve their data, and so the files were released on the internet. Despite not paying the ransom, SEPA have since spent £790,000 to help recover from the attack. £458,000 of this sum was spent on “stabilising the watchdog’s business IT platform”. Despite the amount they have spent, the firm have warned that they may not be fully operational until next year.
By BBC.co.uk
Hackers have been seen targeting SAP installations that have not been patched in almost a year. Old vulnerabilities are still being actively exploited due to poor account management, and Homeland Security have issued a warning about it. SAP is one of the most popular software providers, making them a big target for attackers; another example where keeping systems up to date is vital.
By SCMagazine.com
A database of more than 500 million LinkedIn user records has been found for sale online. The stolen records contain email addresses, phone numbers, professional details and links to other social media profiles. The database was listed for sale on a popular hacker forum with a “four-digit $$$$ minimum price”. All LinkedIn users are advised to secure their accounts using MFA, as well as changing any passwords that are used for multiple accounts.
By TechRepublic.com
Security researchers have discovered a banking trojan that appears to target corporate users, specifically in Brazil. Reports suggest that this trojan has been active since 2019, and has been seen affecting the engineering, healthcare, retail, manufacturing, finance, transportation, and government sectors. The scam features a pop-up window that resembles some of the biggest banks in Brazil, including Santander, Banco do Brasil and Banco Bradesco; the user is then directed to a fake form where their banking credentials are requested. We advise everyone to be cautious of these scams and avoid giving out details.
More details on the malware can be found here.
By TheHackerNews.com
Google has recently removed a fake Netflix app called FlixOnline from the Play Store. This app has been deploying wormable malware onto devices using WhatsApp. The malware allows the attacker to hijack WhatsApp, read messages and reply to them. This was most commonly used to steal credentials. This app was on the app store for around two months and had more than 500 downloads before being removed. It is unusual for an app of this nature to bypass the play store’s authentication system, and users who had installed it may want to change their passwords if shared via WhatsApp.
By HackRead.com
Critical vulnerabilities have been found in Fortinet FortiOS that allows an attacker to access network resources by logging into the VPN. APT actors have been seen taking advantage of these flaws to gain access to government, commercial and technology services; this initial access also allows them to carry out future attacks on the target system. The FBI and CISA have collaborated to create a joint security advisory for the recent Fortinet FortiOS vulnerabilities that are being actively exploited.
More details on the Joint Cybersecurity Advisory can be found here.
By US-Cert.CISA.gov
Cisco’s latest batch of security updates includes a fix for a critical remote code execution flaw that was affecting SD-WAN vManage Software. Multiple other vulnerabilities were also addressed in this patch, including two high-severity privilege escalation flaws that allow an attacker to gain root privileges on the operating system. Cisco customers are advised to update their systems as soon as possible to ensure they are protected.
By BleepingComputer.com
And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #13 – 9th April 2021
Why not follow us on social media:
By
Joshua Hare
on
8/4/21
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
The Department for Digital, Culture, Media & Sport (DCMS) have released their annual Cyber Security Breaches Survey for 2021. This sixth survey in the annual series continues to show that cyber security breaches are a serious threat to all types of businesses and charities. Among those identifying breaches or attacks, their frequency is undiminished, and phishing remains the most common threat vector. The survey included around 1,419 UK businesses, 487 UK registered charities and 378 education institutions between October 2020 and January 2021.
By Gov.uk
Cyber insurance company, CNA Hardy, has announced that they have suffered a “sophisticated cybersecurity attack” that has had a big impact on their operations. The data of more than 15,000 company devices was encrypted by the ransomware, which was identified as Phoenix CryptoLocker. The firm has keeping info fairly close to their chest and have not released any further details yet.
By GrahamCluley.com
The biggest multi-academy school trust in London, the Harris Federation, has been hit by a ransomware attack and the incident has been recorded as “the largest ransomware attack against a UK educational organisation known to date”. This trust runs 48 schools, providing education for more than 36,000 children a year. It is currently not known how badly the attack impacted the Harris Federation, but the NCA and NCSC are currently investigating the breach.
By TheRecord.media
Fashion retailer, FatFace, suffered a ransomware attack in January that cripple their systems. The Conti gang were behind the attack, and initially demanded a ransom of $8M; however, after negotiations they were successfully talked down to $2M, which FatFace decided to pay. Following these negotiations, Conti advised FatFace to begin phishing education for their employees, as well as implementing email filtering and regular penetration testing, to ensure that they do not suffer another attack. The incident has since been resolved and all systems are now operational.
By ComputerWeekly.com
Malware is usually spread on Android devices through fake copycat apps; however, this new campaign sees a powerful spyware disguise itself as a System Update application. Once installed, the spyware connects the device to a Firebase command-and-control server to steal data such as call logs, SMS messages, GPS/network locations and photos. The sophisticated malware is also capable of recording microphone audio and taking a picture using the camera. Please note that this System Update application is not available through the official Google Play Store; to ensure your device is not compromised, avoid installing apps from third-party app stores.
By TheHackerNews.com
Cyber-security companies have seen a recent rise in extortionware, a new trend in which an attacker embarrasses their victim into paying a ransom. This first came into light when an IT Director’s secret porn collection was discovered, and hackers named him in a public blog post exposing his computer’s file library. The blog was taken down shortly after being published, which suggests that the director has paid the ransom. The company has so far ignored all contact attempts.
By BBC.co.uk
A new flaw that exists in WebKit allows an attacker to craft malicious web content which can lead to universal cross site scripting. Apple believes that this flaw is already being exploited in the wild and have patched it in their latest updates. We recommend updating as soon possible.
This patch is available for: iPhone 6s and later, all iPad Pro models, iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and the 7th generation of iPod touch.
By Support.Apple.com
And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #135 – 2nd April 2021
Why not follow us on social media:
By
Joshua Hare
on
1/4/21
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
Taiwanese computer company, Acer, were recently hit by a ransomware attack that has affected their back-office network. REvil, the group behind the attack, has demanded a ransom of $50 million in exchange for a decryption key and it is currently unclear whether or not the firm plan to pay the price. Acer have confirmed that the incident has not affected their production systems and are continuing operations without too much disruption. As it stands, none of the encrypted data has been leaked, but it is likely to happen if Acer decide against paying the ransom.
By TheRecord.media
UK students have been warned to stay away from Russia-based science website claiming to “remove all barriers” to science. The pirate site allows users to access over 85 million scientific research papers and suggest that it should all be publicly accessible knowledge. UK police have stated that a large portion of the material was obtained via malicious methods; they have also issued a warning to all students that accessing this site is illegal and may result in credentials being stolen to gain access to more scientific research.
By BBC.co.uk
The NCSC’s Cyber Aware campaign included a new survey that asked the UK public how safe they feel online, and some of the results were quite interesting. It was found that 58% are worried about money being stolen online, 53% worry about sharing personal details and 48% are concerned about malware infections. The survey also revealed that 86% of 25 to 34 year olds expressed concerns about the safety of their personal information; this age bracket made up the majority of the responses.
In response to this, the NCSC has put together the Consumer Cyber Action Plan, with free tailored advice on how to reduce the chances of an online attack.
By NCSC.gov.uk
Purple Fox was a well-known malware that utilised exploit kits and phishing to infect machines, but it has since evolved and gained new techniques that give it worm-like properties. These properties allow Purple Fox to spread between Windows devices; this has caused infection rates to rise by 600% since May 2020. Despite this evolution, the malware still partially relies on phishing, so be cautious when receiving suspicious emails.
More details can be found here.
By TheHackerNews.com
A fake version of the popular app, Clubhouse, has emerged and many users have installed it. The malicious app, once installed, begins spreading the BlackRock malware; this was designed to steal credentials from more than 450 services, including Twitter, Facebook, WhatsApp, and Amazon. This fake application can only be downloaded from a bogus website impersonating Clubhouse. Infection can be avoided entirely by only downloading apps from your official app store.
By ThreatPost.com
A ransomware group known as Black Kingdom has been seen taking advantage of unpatched Microsoft Exchange Servers, after the recent ProxyLogon vulnerabilities were discovered. The group is exploiting the flaws to execute a PowerShell that spreads the ransomware to all computers on the network. The malware has been showing inconsistent behaviour, with many claiming their data was encrypted, where as others were just presented with the ransom note. We advise everyone to update their Exchange servers as soon as possible to ensure you do not become a victim of this attack.
By BleepingComputer.com
The Wordfence team has recently patched two vulnerabilities that exist in the Thrive Themes plugin. Patches have been released; however unpatched sites are still being actively exploited. We advise all users of the plugin to update to the latest version as soon as possible; here is a list of all affected versions. Wordfence users have received updates to protect them against these threats.
By Wordfence.com
And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #134 – 26th March 2021
Why not follow us on social media:
By
Joshua Hare
on
25/3/21
No results found.
