Welcome to the latest edition of the Ironshare CyberRound-up where we look back at the events of that last week and cover some ofthe news, posts, views, and highlights from the world of Security.
In this week’s round-up:
Cybercriminals have taken advantage of the recentcoronavirus outbreak and have begun deceiving victims disguised as the Centerfor Disease Control (CDC). The phishing attempt includes a link that redirectsto a fake outlook page where your details can be stolen. The email is intendedto scare a user into giving up details by issuing a warning of an outbreak inyour city; at first glance this can look real but there are many obviousgiveaways if you know what you’re looking for. The link appears to go to theCDC website, but instead redirects to an outlook phishing page. We stronglyrecommend avoiding clicking email links if not from a trusted source and alwaysproceed with caution when opening attachments.
By GrahamCluley.com
Google have recently announced their plans to force Nestcustomers to use two-factor authentication; there is a lot of concern regardingthe security of smart home products like the nest, but this is definitely astep in the right direction from Google. If you are unsure what two-factorauthentication is, it requires a user to use a secondary method ofauthenticating when logging in; for example, after entering your username andpassword you may be asked for a random generated code from your smartphone.This increases account security massively; if you are interested in settingthis up, visit the Nest website to learn how to enable it.
By TheVerge.com
The records of 440 million Estée Lauder customers have beenexposed online due to a non-password protected cloud database. The leakedinformation includes plaintext email addresses and content management systemlogs. It was confirmed that no sensitive employee records or payment informationwere leaked which was fortunate. The database was exposed as a result ofmisconfiguration, however the company resolved the issue very quickly as soonas they were aware of it; this is respectable, as many organisations lack theurgency needed in these situations.
By ThreatPost.com
IBM Security’s recent threat intelligence report includeddetails of old Microsoft vulnerabilities that still seem to be actively causingtrouble. Upon investigating global spam activity, IBM X-Force discovered thattwo previously patched vulnerabilities were accountable for almost 90% of thoseexploited by threat actors in these campaigns. One of these flaws’ dates backto 2016, even though a patch was released in April 2017; the other is a memorycorruption flaw that reportedly surfaced almost 20 years ago. With oldvulnerabilities like this still active, attackers have no reason to develop newattack methods; many high-profile systems such as hospitals still run olderWindows versions that can be exploited easily, which makes the patchingsituation much more complex.
By Forbes.com
A vulnerability has been discovered that exists in the WebUIof the Vigor 2960 / 3900 DrayTek routers; this was discovered on Jan 30thand was dealt with quickly. A patch was released on Feb 6thaddressing the flaw, which we recommend applying as soon as possible. Thisissue only affects the Vigor 3900 / 2960 / 300B; if you use any of these, youshould update as soon as possible to 1.5.1 firmware or later. DrayTek also hasa number of other recommendations such as disabling remote access to mitigatethe risk of an attack; these can be found on the security advisory, as well as theassociated firmware downloads.
By DrayTek.co.uk
A total of 98 vulnerabilities have been addressed in thismonth’s bumper edition of Microsoft Patch Tuesday, 12 of which are critical.The critical flaws include 8 memory corruption vulnerabilities affecting theMicrosoft scripting engine and Windows Media Foundation, as well as 4 remotecode execution flaws which exist in Windows 10, RDP, and some versions ofWindows server. The patch also addresses 84 important vulnerabilities, forwhich details can be found online; we recommend applying these updates as soonas possible.
By TalosIntelligence.com
And that’s it for this week’s round-up, please don’t forgetto tune in for new instalments every week.
Why not follow us on social media using the links providedon the right.
Edition #78 –14th February 2020
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
