Welcome to the Ironshare Cyber Round-up where we look back atthe events of that last week and cover some of the news, posts, views, and highlightsfrom the world of Security.
In this week’s round-up:
Aninvestigation known as Operation reWired has saw the arrests of 281 suspected criminalsin association with recent Business Email Compromise (BEC) scams. The criminalsare expected to have stolen almost $37 million during the recent scheme.Despite targeting US victims, the majority of arrests took place in Nigeria, aswell as a number of arrests in 9 other countries. The scams primarily targetingemployee email accounts in attempts to compromise them and their businessassociates. The intention of Operation reWired was to send a message tocybercriminals and let them know that they are actively working to prevent BECschemes. Despite the success of this operation, email scams are still a bigthreat, and we advise that everyone should take caution when opening emails.
By GrahamCluley.com
Microsoftare planning to roll out a new feature in October that is designed to enhancehow customers are notified of quarantined malware and phishing attempts. Thenew system allows admins to configure alerts for their users to notify them ofquarantine actions. These steps are being taken to help identify threats muchfaster. By sending notifications to the end-user, admins can easily confirm iflegitimate content is being blocked. As well as this, the update will alsointroduce a new feature called the email timeline, which allows an admin toeasily explore threats through triggered events in a user’s email. These changesare a step in the right direction and should massively improve phishing threathunting in Office365.
By BleepingComputer.com
Mozillahave announced their plans to introduce DNS-over-HTTPS for the Firefox browserstarting at the end of September. The protocol is designed to transferdomain-name queries over a secure HTTPS connection rather than an unprotectedDNS connection. This is intended to protect users and prevent third partiesfrom eavesdropping on and manipulating DNS data. DoH acts as an extra layer ofsecurity to protect users when accessing the internet. The rollout is said tostart late September but is expected to be a slow process and will not beavailable everywhere immediately.
By TheRegister.co.uk
Cybercriminalsare recently showing a lot of interest in macOS systems and attacks arebecoming more and more frequent. Malicious and potentially unwanted programsare becoming increasingly popular the last few years; in 2018 there was over 4million attacks of this nature. In 2019 there has been almost 6 millionphishing attacks targeting macOS users alone; the most common phishing pagesseen are those pretending to be banking services. During 2019, there has alsobeen a number of Adware threats present in various trojans and viruses. Moredetails on the threats present for macOS users are included in the original post.
By ThreatPost.com
A criticalvulnerability in the Exim mail server has been discovered that demandsattention. The flaw has been identified as a buffer overflow in the part of theTLS negotiation connected to Server Name Indication (SNI). Exim is by far themost popular open-source mail server on the internet, making the threat evenmore critical. The flaw was discovered in July 2019 and affects all versionsfrom 4.80 to 4.92.1. Exim admins are advised to update to 4.92.2 as soon aspossible to prevent being affected by this threat. Further details on the flaware included in the original post.
By NakedSecurity.com
In this month’s edition of patch Tuesday, Microsoft havereleased updates for 79 vulnerabilities of which 17 have been classified asCritical, and 2 are actively being exploited in the wild. These include remotedesktop, privilege escalation, remote code execution and denial of servicevulnerabilities. There is also a critical severity Adobe Flash Player flaw thatneeds to be updated as soon as possible. A list of all patches is included inthe original post. We recommend testing and deploying the latest patches assoon as you can.
By BleepingComputer.com
Two denial-of-service vulnerabilities have been discoveredin the NETGEAR N3000 line of wireless routers. The small and affordable devicestypically found in home and small office networks, can be exploited by sendingHTTP and SOAP requests to various functions of the router, causing it to crash.Cisco Talos is working closely with NETGEAR to resolve the issues and ensurethat updates are available to those using the affected products. Furtherdetails on the nature of these vulnerabilities are included in the originalpost.
By TalosIntelligence.com
And that’s it for this week round-up, please don’t forget totune in for our next instalment.
Why not follow us on social media using the links providedon the right.
Edition #58 – 13th September 2019
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
