Welcome to the Ironshare Cyber Round-up where we look back atthe events of that last week and cover some of the news, posts, views, and highlightsfrom the world of Security.
In this week’s round-up:
Google have recently introduced a new Chrome feature whichnotifies a user when their account details have been compromised in a databreach. Upon entering their credentials, the user will receive a notificationsuggesting that they change their passwords. As well as this, Google areforever expanding their list of unsafe sites that are blocked by Safe Browsingwhich is designed to make the web a more secure place for its users. They havealso dedicated time to improving their predictive phishing protection. Thisfeature, that was introduced in 2017, warns you if you input your login detailson a suspected phishing site. Google have been working hard recently on improvingaccount security and password protection, and so far, they are making goodprogress.
By Blog.Google.com
1&1 Telecom GmbH have been hit with one of the biggestfines seen under the European GDPR legislation. This fine came because of theinsufficient security measures in place in their call centre which allowedunauthorised parties to access their company data. This was in breach ofarticle 32 of the GDPR legislation and resulted in a €9.5 million fine. Theincident only affected a small number of customers, however the German dataprotection agency said that their entire customer base was at risk, so the finewas necessary.
By HotForSecurity.BitDefender.com
Children’s smart toys have become an easy target for manycriminals, and recent research suggests a large number of toys are affected bysecurity flaws. Across seven separate smart toys that were tested, more than 20concerns were raised regarding security issues; one of the most alarming flawswas the lack of secure authentication for Bluetooth connectivity, allowing anattacker to stream audio from the device. If you’re buying your children smarttoys for Christmas, we advise doing some research before hand to ensure thatthey are safe.
By Forbes.com
Password Reuse is a major problem in the world of security,and a recent survey revealed that 49% of users reuse the same password in theirworkplace, and often would only make a minor change, such as adding a capitalletter. As well as reusing passwords, the majority of users relied on humanmemory for storing their passwords, rather than using a password safe. The lackof a password safe encourages reusing passwords because it can be difficultremembering a lot of complex passwords; this was confirmed by recent researchin which 78% of users admitted to forgetting a password and resetting it. Weencourage good password practice and highly recommend the use of a password manager,to not only help you remember passwords, but also generate them and store themsecurely.
By GrahamCluley.com
Microsoft’s Patch Tuesday for December has arrived and features several updates covering 25 vulnerabilities, including 7 which are considered critical. Two critical vulnerabilities addressed in this patch are remote code executions; the first exists in the Windows font library and occurs as a result of the library improperly handling some embedded fonts. This means that an attacker could convince a user to visit a web page which features the malicious embedded font. The other flaw is in the Hyper-V hypervisor, which can occasionally fail to validate input on a guest operating system, even from an authenticated user. This can be exploited by an attacker using a specially crafted application to execute code on a host OS remotely. There are 23 other vulnerabilities addressed in this edition of patch Tuesday which we highly recommend looking into.
By Blog.TalosIntelligence.com
Microsoft have plans to roll out a new phishing protectionfeature in response to recent incidents involving MS Forms. This enhancementaims to restrict repeat offenders who are attempting to phish. Although phishingprotection was introduced in July 2019, these updates that are scheduled aredesigned to massively improve its effectiveness. The new automated review willblock users who have two or more confirmed phishing forms from distributingforms and collecting responses. Global and security admins will be sent dailynotifications regarding potential phishing attempts. There is no preparationthat needs to be done for these new features, however updating training anddocumentation is recommended.
By Microsoft.com
And that’s it for this week round-up, please don’t forget totune in for our next instalment.
Why not follow us on social media using the links providedon the right.
Edition #71 – 13th December 2019
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
