Welcome to the latest edition of the Ironshare CyberRound-up where we look back at the events of that last week and cover some ofthe news, posts, views, and highlights from the world of Security.
In this week’s round-up:
One of the world’s biggest botnets, known as Necurs, hasinfected more than nine million machines over its 8 years of malicious activity,until this week when it was taken down by the Microsoft team and its partners.They reported that this was achieved using the very domain generation algorithmthat the network used to communicate with the infected computers; they managedto crack the algorithm and predict their movements to block the infectionsahead of time. This brings to an end a mighty botnet that was used for numerouscybercrimes that included ransomware delivery, credential & identity theft,spam and online scams.
By BBC.co.uk
Over the last decade, security experts have preached the importanceof password rotation policies, but a recent change of mentality has some ofthose thinking it may not be the way to go. IT professionals will forever be indisagreement over the topic, but more and more people are starting to see the disruptioncaused by these rotation/expiration policies. Most users have too many accountsto remember unique passwords for, meaning regularly changing them will lead toreuse and will undoubtedly disrupt operations. Regularly expiring passwords,promotes reuse or common passwords, some of the main causes of account breaches,which is why it is vital that users always use unique passwords. We recommend toreduce or even remove the use of password rotation; instead encourage the useof unique hard to guess passwords combinedwith a password manager; this ensures that you will not forget your credentialsand even helps keep them unique by using a password generator.
By Sans.org
A malicious site has surfaced that appears to be a clone ofthe John Hopkins Coronavirus map; the copycat site contains malicious code buthas not yet been observed as part of any malicious campaign. The malware foundin the site is reportedly a backdoor trojan, capable of evading detection andinstalling onto a target machine. This is disguised as ‘Corona-Virus-Map.com’,a piece of software that is supposed to display a real time log of thepandemic’s spread; instead it spreads the AZORult malware. As always, take carewhen installing a program; ensure that it is safe and from a trusted sourcebefore you use it. As for the map, the legitimate site is included in thisarticle; please avoid other apps similar to this as they may be malicious.
By GrahamCluley.com
Palo Alto Networks Unit 42 Research Team have been activelywarning organisations of the risks of IoT devices, as recent studies haverevealed that 98% of their device traffic is unencrypted, which exposes sensitiveand private information. This combined with their reliance on outdatedprotocols leave IoT vulnerable to a large number of old attack techniques. Thisarticle includes the findings of a podcast recording that looks into theserisks and highlights the key vulnerabilities within IoT devices. Theinvestigations conducted by the Palo Alto research team is vital, and theydescribed the situation as a ‘ticking IoT time bomb’, which emphasises theimportance of securing all your IoT devices.
By ThreatPost.com
Microsoft recently announced the discovery of a new criticalvulnerability that exists in version 3.1.1 of their Server Message Block (SMBv3)protocol and allows the attacker to execute arbitrary code on the targetserver/client. This attack works by setting up a malicious SMB server and thentricking their victim to access it. It was confirmed that this flaw has notbeen actively exploited in the wild, and guidance has been released on how to disableSMBv3 Compression and reduce the risk of an attack. There is currently no patchavailability for this vulnerability. Please see the Microsoft security advisoryto learn more about this vulnerability and how you can protect against it.
By Microsoft.com
This edition of Microsoft’s Patch Tuesday features 25 criticalvulnerabilities, as well as 91 important and one moderate. Among this month’scritical flaws are a number of remote code execution and memory corruption vulnerabilitiesexisting in Windows, ChakraCore Scripting Engine, VBScript Engine and GDI+. Wehighly recommend updating as soon as possible to avoid the risk of an attack.Many hackers target vulnerabilities that have already been patched to catch outusers who have not yet updated; don’t let this be you.
By TalosIntelligence.com
And that’s it for this week’s round-up, please don’t forgetto tune in for new instalments every week.
Why not follow us on social media using the links providedon the right.
Edition #82 – 13th March 2020
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
