Welcome to the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security. Following the theme of cyber awareness month, we have included a post on cybersecurity education!
In this week’s round-up:
The firsthalf of 2019 has been difficult for local councils across the UK as theysuffered an average of 800 cyber attacks an hour. This information was takenfrom research into just 201 of the 405 local councils that were contacted. Thenumber of attacks is rapidly increasing, and lack of security is still anissue. Just 13% of councils have a cyber insurance policy in place, meaning themajority of them have no effective recovery process in the event of asuccessful attack. As well as this, of the 114 councils that suffered breachesbetween 2013 and 2018, 56% did not report them out of embarrassment; this callsfor an increase in education for cyber awareness, to both improve security andresponse time if or when a breach does occur.
By Teiss.co.uk
CyberAwareness Month is here, and Cisco want to make the most of it by educating asmany people as they can. One way they are doing this is through free onlinecourses which would be beneficial to those interested in cyber security. Thesecourses can benefit anyone who is unsure of the threat they face online, aswell as those interested in exploring the path in cyber. We recommend takingadvantage of this offer and looking at these as an introduction tocybersecurity; you can never be too safe.
By Cisco.com
EA Sportswere forced to shut down the FIFA 20 Global Series competition registrationprocess after suffering a data leak, which included the personal information ofthose who registered for the event. When a player tried to register, they wereinstead presented with the personal information of those who had alreadyregistered. This incident included the compromise of usernames, emailaddresses, country of residence and date of birth. This occurred on October 3rd;the site has since been closed and the issue has been resolved. EAannounced that the leak affected around 1,600 players, and they are taking thenecessary steps to ensure this doesn’t happen again; despite this, FIFA 20players are demanding compensation on social media.
By Forbes.com
The hackergroup known as Magecart has launched an attack on e-commerce and shopping cartservice provider Volusion; once compromised, the service was used to deliver acredit card-skimming code. Security researchers initially discovered the scamthrough the webstore for the Sesame Street Live! touring show, which runs onthe Volusion e-commerce platform. The site has been taken down until the issueis resolved. Researchers have said that this attack is likely affecting manyother websites using the same platform and advises users to consult the list ofpotentially affected sites included in the original post.
By SCMagazine.com
Microsoft’sOctober 2019 Patch Tuesday has addressed nine critical vulnerabilitiesincluding a remote code execution bug in the Windows Remote Desktop Client.Another four critical memory corruption flaws were also patched in the ChakraScripting Engine, as well as two critical VBScript RCE flaws in the InternetExplorer browser. The final two vulnerabilities addressed in this patch are RCEbugs for the Azure App Service and MSXML parser of XML Score Services. Furtherdetails on these flaws are included in the original post; We suggest updatingas soon as you get the chance.
By Computing.co.uk
A7-year-old critical vulnerability has been found in the macOS terminal emulatorapp, iTerm2. This flaw exists in the tmux integration of iTerm2 and allows anattacker to execute arbitrary code on the user’s Mac computer. Thevulnerability affects all versions of iTerm2 up to 3.3.5 and was recentlypatched in 3.3.6. We recommend updating as soon as possible due to the criticalnature of this vulnerability; you can either check for updates in theapplication or download it manually.
By TheHackerNews.com
And that’s it for this week round-up, please don’t forget totune in for our next instalment.
Why not follow us on social media using the links providedon the right.
Edition #62 – 11th October 2019
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
