Welcome to the Ironshare Cyber Round-up where we look back atthe events of that last week and cover some of the news, posts, views, and highlightsfrom the world of Security.
In this week’s round-up:
MI5 have been holding on to people’s personal data illegallyfor many years and have been keeping it a secret. Under the InvestigatoryPowers Act, MI5 can apply for a warrant to obtain people’s personal data, forimportant investigations such as counter-terrorism. The act also states that datashould only be kept for as long as it is relevant to an investigation; despitethis, MI5 have reportedly held onto this information unlawfully for much longerthan required. The Investigatory Powers Commissioner also announced that theretained information had not been stored safely either. It was revealed thatsenior members of MI5 have been aware of the security issues since 2016, andhave kept it secret from the public, the home office and the prime minister.
By BBC.co.uk.
Spammers have found a way to beat the Gmail spam filters bytaking advantage of the ‘preferential treatment’ it offers its ownapplications. Messages shared by other Google apps, such as Google Calendar andPhotos, get a free pass through the Gmail filters; this means that any spamincorporated into one of these messages will also be allowed past. For example,a scammer can send a malicious link to a user via the description of a GoogleCalendar invite. Similar bypass methods have been observed in Google Forms,Drive, Photos, and even Google Analytics. A spokesperson for Google announcedthat they are constantly trying to combat spam, and while they are makingprogress, not all spam will be blocked.
By TheRegister.co.uk.
A high severity vulnerability has been discovered in popular command-line text editing applications, Vim and Neovim. The vulnerability allows an attacker to execute commands and gain remote control of your Linux system without you knowing and can be exploited as soon as you open a file on either of the applications. The text editors include a feature that lets you use a set of custom preferences, known as ‘modelines’. Sandbox Protection is enabled in case the modeline contains an unsafe expression, however this can be bypassed by using the “:source!” command. Updates were released by Vim and Neovim to address the flaw, and it is recommended that you install these patches as soon as possible. Additional recommendations are listed in the original post.
By TheHackerNews.com.
Email is the primary form of communication among businesses,which is why it is still the preferred delivery method for most attackers. In2018, many of the top critical threats used email to execute attacks. Forexample, Emotet delivered malware by attaching malicious docs to emailsdisguised as invoices or payment-related spam. Despite transforming into a muchmore advanced platform, Emotet still uses email as its preferred method oflaunching attacks. Other critical threats such as cryptomining also use emailto deliver malicious payloads. A newly emerging threat, Unauthorised MDM(Mobile Device Management) Profiles, also uses email to trick the user intoinstalling a malicious profile onto their device. Be aware that the popularityof email attacks means that they won’t be going anywhere, so stay vigilant.
By SecurityWeek.com.
The months are rolling round fast meaning its update timeagain. The June Patch Tuesday security updates include a total of 88 vulnerabilities.17 updates have been rated Critical, 65 Important, 4 vulns have been publiclydisclosed but none have been detected as already exploited in the wild.
By Ironshare.
Microsoft released an update in the April 2019 edition of Patch Tuesday, for an Important Win 10 privilege escalation bug (CVE-2019-0841), however this week, a second bypass for this patch has been published on GitHub by SandboxEscaper. This vulnerability allows a low-privileged attacker to gain access to files which they wouldn’t usually have control over. Microsoft did not have enough time to fix this before the June Patch Tuesday, so there is currently no available patch to resolve this flaw.
By ZDNet.com.
A new vulnerability has been discovered in IOS XE, the Linuxversion of Cisco’s Internetworking Operating System. The flaw allows a remoteattacker to take full control of routers or switches due to a vulnerability in theweb-based UI. Since the web UI does not have CSRF (Cross-Site Request Forgery)Protection, an attacker can send a malicious link to a user that executes anunwanted action on the web app they currently have open. The vulnerability wasgiven a CVSS Score of 8.8 out of 10. There are currently no workarounds for theflaw, however a software patch has been released by Cisco.
By threatpost.com.
And that’s it for this week round-up, please don’t forget totune in for our next instalment.
Why not follow us on social media using the links providedon the right.
Edition #45 – 14th June 2019
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
