Welcome to Ironshare’s Cyber Round-up, where we look back at the events of that last week and handpick some of the news, posts, views, and highlights from the world of Security.
A recent survey commissioned by RedSeal found that Business in the UK is generally feeling let down by the Government when it comes to Cyber Security.The research took place during November 2018 and sought the insight of over 500 UK IT professionals at Director Level and above. This research revealed some key concerns for UK businesses:
These numbers provide more evidence that UK business is not doing enough to protect themselves when it comes to Cyber and Information Security. We see a new headline in the news every week, highlighting another data breach or cyberattack that results in huge costs and implications for the companies involved.Business owners and senior managers, for organisations large or small, need to understand the importance of having a strong security strategy, that’s aligned and proportionate to their overall business objectives.The National Cyber Security Centre (NCSC), a division of the UK intelligence service GHCQ, was established by HMG in 2016 to provide such support for the public and private sector organisations, as well critical national infrastructure.Although the NCSC has made great steps forward with providing simple advice and guidance to help protect the UK from cyberattack, it is clear through this survey, and our engagement with Small to Medium businesses that more needs to be done, as the large majority still do not know about NCSC or what they offer.We believe that the NCSC are on the right track, but it seems they still have some way to go before they become a household name and truly have a positive impact in helping to secure the UK and its businesses.
Research carried out by the SANS ISC team has found a new Phishing attack in the wild that targets Microsoft Office 365 users, through fake Non-Delivery Report (NDR) emails.We have witnessed many phishing emails in the last year related to Office 365, but so far none that look this convincing, and none that have used this NDR method.Check out our short blog on this phishing threat, which includes what to do, what to look for and how to prevent this threat from compromising your Office 365 service.https://www.ironshare.co.uk/security-advisory/office-365-phishing-non-delivery-notifications/
Tuesday 11th December saw the release of Microsoft’s scheduled monthly security updates. Included in this month’s release were a total of 9 Critical and 29 Important security updates.The release covers updates in Windows, Office Products, Internet Explorer & Edge browsers, the .Net framework and the Chakra scripting engine.5 of the 9 Critical vulns, relate to memory corruption issues in the Chakra scripting engine, and how they are handled in the memory of the Edge browser. These can be exploited by tricking a user to visit a specially crafted web page and allows the attacker to launch remote code on the victim’s machine.A critical remote code execution vulnerability also exists in the Windows DNS Server component when it fails to handle DNS requests properly. By sending malicious requests, an attacker can exploit this vuln and run arbitrary code under the local system account on Windows servers (2012 and later) that are configured with the DNS server feature.Rounding out the critical updates are memory corruption vulns in the Internet Explorer and Edge browsers, and a remote code injection vuln in .Net framework, that can lead to an attacker hijacking an affected system.Staying up to date with security patches for your operating systems and software, is a critical part of delivering and maintaining a strong security posture, please ensure you test and update as quickly as possible to prevent exploitation and stay secure.The December Patch Tuesday release notes can be found here while the Security Guidance and CVEs can be found here.
Adobe have released a security bulletin for a number of critical and important vulnerabilities in Acrobat Reader that were discovered by research teams in Cisco Talos, Trend Micro and Palo Alto Networks.Adobe Acrobat Reader stands as the most popular PDF reader in use today and is an integrated part of common web browsers such as Google Chrome and Microsoft Edge.When exploited these vulnerabilities can allow an attacker to launch malicious code execution under the context of the logged in user.Security updates are available for the affected products in both Windows and MacOS. Updates should be performed automatically by the product in most situations, but please verify these have been completed, especially in enterprise environments where direct internet access is not permitted, and auto updates may not complete successfully.
Our final message for this week continues to spread the word of staying clear of scams and fake purchases while shopping online for those coveted Christmas gifts. With one in five people being scammed when buying Christmas presents online, we expect to see another increase this year, which could eclipse the £11million online fraud of Christmas 2017.Check out our previous round-up posts on the 23rd November and 30th November, where we discussed the pitfalls of Holiday Season scams and what to look out for.Please be aware of the heightened threat of fraudulent activities during the weeks before, and directly after Christmas, and follow the advice provided by Action Fraud and our previous posts above.Remember that if the deal looks too good to be true, its likely to be fake.If you have been a victim of fraud, it is important to ensure that you report it to Action Fraud either online or by calling 0300 123 2040. #fightfestivefraudAnd that’s it for this week, please don’t forget to tune in for our next instalment.
To keep up to date with our news and posts why not join our mailing list by using the link to subscribe: http://bit.ly/IronMailListYou can also follow us using the social media links provided.If your business needs to improve its security, kick-start your Cyber plans with our Free Cyber Assessment: http://bit.ly/IronFreeCyberReviewIronshare – Security SimplifiedEdition #21 – 14th December 2018
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
