Welcome to Ironshare’s Cyber Round-up, where we look back at the events of that last week and year to cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
Earlier this month, Twilio discovered that an unknown attacker had gained access to customer account information. The unauthorised individual managed to gain access after stealing employee credentials in a “sophisticated social engineering attack” that fooled multiple Twilio employees. Twilio’s initial statement says they believe in transparency and communication, which has been shown through their efforts to keep customers in the loop.
Twilio have followed through on their plan to provide customers with an overview of the incident, as well as regular updates for any changes. The most recent update states that 125 Twilio customers were affected by the attack, all of which have been notified. It was also confirmed that no passwords, authentication tokens, or API keys were accessed by the threat actors.
By Twilio.com
Chris Krebs, the former CISA director, has voiced his opinions on the state of cyber security in the US, and is calling for the government to create “a new agency focused solely on digital risk management services”. Krebs believes that there is a severe lack of focus on security, privacy, and trust in the US, and is striving to make a difference where others are failing. This is not the first time Krebs has called for the US government to make a change; for the last couple of years, he has been crying out for them to notice the rapidly growing threat of ransomware.
Krebs believe the US is “not where we need to be.” and stated that “Americans are suffering as a result”. It is great to see these high prevalence issues being brought into the spotlight and we hope changes are made soon to help combat the rise of cybercrime and maintain the trust and privacy of people everywhere.
By TheRegister.com
Talos intelligence has released detailed insights into how the cyber-attack that occurred on the 24th of May 2022 happened. It was discovered that a Cisco employee’s credentials were compromised after an attacker accessed a personal Google account where the credentials were being synchronized from their browser. The attacker continued with multiple phishing attacks impersonating various trusted organizations to convince the victim to accept a multi-factor authentication push notification generated from the attacker trying to log in to its VPN service. The attacker ultimately succeeded in achieving an MFA push accept, granting them access to the VPN. The attacker was removed from Cisco’s systems and repeated attempts to regain access were unsuccessful.
A Q&A can be found here: https://tools.cisco.com/security/center/resources/corp_network_security_incident
By Blog.TalosIntelligence.com
Advanced, a company providing services to the NHS, spotted a cyber-attack against services on the 4th of August. The attack was reported to have affected the system used to refer patients for care, including ambulances being dispatched, out-of-hours appointment bookings and emergency prescriptions. The NCA has said they are aware of the attack on Advanced and working with them to identify the attackers.
"A security issue was identified yesterday, which resulted in loss of service," said Advanced boss Simon Short. "We can confirm that the incident is related to a cyber-attack and as a precaution, we immediately isolated all our health and care environments." Advanced has stated it could take over a week to get the systems fully operational again.
By BBC.co.uk
7-Eleven stores located in Denmark were shut down on Monday due to a cyberattack. This disrupted the payment and checkout systems across the country. On the morning of 8th august 7-Eleven posted on their Facebook that they have been “exposed to a hacker attack”. An employee has said on a reddit post “working at 7-Eleven at Strøget and our checkout system does not work, all the country’s 7-Eleven run with the same system, so all 7-Eleven in demark are closed right now”. At the moment there are no further details on the cyberattack, but we understand ransomware was involved in the attack.
By BleepingComputer.com
Twitter patches a serious zero-day exploit that has been actively exploited in the wild. The zero-day allowed an attacker to exploit a vulnerability related to logging in to an account. The vulnerability allowed anyone to submit emails and phone numbers into the log-in form and retrieve their associated ID, this could then be linked to their Twitter page and their public information scraped. This vulnerability was used by an attacker to collect information on 5.4 million separate user accounts. A sample of these accounts has previously been verified by Bleeping Computer, Twitter has started to alert its users whose information has been scraped during the data breach. It is important to note the zero-day only scraped phone numbers, emails and associated IDs; No passwords were leaked during the data breach.
By BleepingComputer.com
Slack, an office-based messaging platform, has reported that a vulnerability to do with its service had exposed salted hashed passwords. The vulnerability occurred during creating or revoking shared invitation links for workspaces. "When a user performed either of these actions, Slack transmitted a hashed version of their password to other workspace members" reported Slack. 0.5% of users have been forced to reset their passwords and Slack has advised all users to activate two-factor authentication to protect against account takeover.
By TheHackerNews.com
Microsoft’s Patch Tuesday for August has arrived and includes fixes for 121 total vulnerabilities. 17 of these are critical, with one actively exploited flaw being patched as well. We recommend looking into our round-up of this month’s batch of Microsoft updates for any flaws affecting systems you may use. As always, we recommend applying the latest updates as soon as they are made available to ensure you are protected against known threats and vulnerabilities.
And that’s it for this week’s round-up, please do check in next week for our new batch of security news and posts.
Stay Safe, Secure and Healthy!
Edition #201 – 12th August 2022
Why not follow us on social media:
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
