Welcome to the first 2020 edition of the Ironshare CyberRound-up where we look back at the events of that last week and cover some ofthe news, posts, views, and highlights from the world of Security.
In this week’s round-up:
A telemarketing company which was crippled by a ransomwareattack in the October of 2019, have had to close their doors and shut downindefinitely, sending home over 300 employees. These employees were notnotified until a few days before Christmas, leaving them jobless over theholidays. The company’s CEO spoke out about the incident and announced that theywere not aware of the attack and were caught off guard; despite efforts torecover their data, the company was unable to recover and lost hundreds ofthousands of dollars in the process. Many companies disregard the importance ofcybersecurity and are not aware of how badly these kinds of attacks can affect anorganisation; this is a prime example of how a cyber-attack can finish abusiness and why it is vitally important that all businesses prepare themselvesto ensure this doesn’t happen again.
By ZDNet.com
Foreign currency exchange service, Travelex, was forced totake its systems offline on New Year’s Eve following a compromise. According toTravelex, a software virus was discovered that had been affecting some of theirsystems. More than a week later, the service is still offline and other banks,such as Barclays, HSBC and First Direct, have reported that they are unable tooffer online currency services as a result of the Travelex incident. Although reportshave not confirmed it this appears to be yet another ransomware attack.
By GrahamCluley.com
On January 14, Microsoft will be discontinuing support forWindows 7, meaning they will no longer release updates or provide technicalassistance for it. This puts anyone using the operating system at risk fromvulnerabilities that will no longer be patched. We highly recommend upgradingto Windows 10 before Windows 7 support ends to ensure that you are protectedfrom the flaws of an outdated OS. More details can be found on the Microsoftsupport site.
By Microsoft.com
Predator the Thief, a well-known information stealer, hasrecently been updated to feature new capabilities; the update includes phishingdocuments that are harder for users to detect. The malware was first seen inJuly 2018, and is known to steal usernames, passwords, cryptocurrency wallets;it can also take control of a victim’s webcam to take photos. The regularupdates that the info stealer receives make it harder to track and monitor, andmore effective at detecting debuggers and sandboxes. This malware is difficultto deal with; we recommend patching your systems regularly and alerting staff tothe risks phishing attacks.
By ZDNet.com
Pulse Secure’s Zero Trust business VPN systems has been compromised and is being actively exploited to install REvil ransomware on the company networks. This was discovered by researcher Kevin Beaumont, who disclosed the critical vulnerabilities to Pulse Secure. Despite patches being released in April of 2019, firms were still not patching in August when 14,528 servers were found to still be running the vulnerable software. As a result of compromising vulnerable systems, attackers were able to install backdoors to gain access if patching occurred. Eight months on from the public being made aware of the serious weaknesses in the Pulse VPN system, 3,826 devices are still open to exploitation.
By NakedSecurity.Sophos.com
Cisco have released patches for three criticalvulnerabilities that exist in the Data Center Network Manager platform that isused to manage NX-OS, the operating system used by Cisco Nexus switches. Allthree are authentication bypass flaws that allow a remote attacker to executearbitrary code with administrative rights. Cisco confirmed that there are noworkarounds for these vulnerabilities but have released software updatesaddressing them.
By ThreatPost.com
The first Android Security Bulletin of 2020 addresses sevennew vulnerabilities affecting the Android operating system, one of which is acritical flaw impacting versions 8, 8.1 and 9 of the OS. The flaw allows aremote attacker to execute arbitrary code on the victim’s device; no furtherdetails have been disclosed, but researchers suspect that a malicious appinstalled on the device could potentially abuse the vulnerability. We recommendinstalling the January security updates as soon as possible.
By Forbes.com
And that’s it for this week’s round-up, we hope you all hada fantastic Christmas / Holiday season. Please don’t forget to tune in for newinstalments every week.
Happy New Year!
Why not follow us on social media using the links providedon the right.
Edition #73 – 10th January 2020
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
