Welcome to the Ironshare Cyber Round-up where we look back atthe events of that last week and cover some of the news, posts, views, and highlightsfrom the world of Security.
In this week’s round-up:
The second Tuesday of the month is here which means its timefor more monthly security updates from Microsoft. A total of 64 vulnerabilitieshave been addressed this month, which include 17 updates rated Critical, 45Important, with 1 Medium and 1 rated Low.
These updates cover releases for Windows Operating Systems, Edgeand Internet Explorer Browsers, Office, SharePoint, DHCP, Team Foundationserver, Skype for Business and of course the ChakraCore scripting engine.
Microsoft’s Edge browser has updates that resolve 7 CriticalCVE’s that are related to memory corruption vulns in the scripting engine,these have a regular appearance in patch Tuesday, and are caused by the wayobjects are handled in memory.
I was pleased to see Rockstar Games actively trying to getits users to adopt two factor authentication on their accounts this week.
In the ‘Flight Week in GTA Online’ announcement which wasposted to their website, Rockstar have generously offered a nice in-game bonusto any users that enable 2-step verification.
2-step verification is another name for 2FA and basicallymeans you will need a code in addition to your username and password in orderto access your account, providing an additional layer of security that protectsaccounts from unauthorised access.
Rockstar have stated that any user that adds 2FA to theirsocial club account will be rewarded with:
To enable 2-Step Verification on your Social Club account, go to the following link: https://socialclub.rockstargames.com/settings/mfa
This is a great step by Rockstar Games to incentivise itsusers to increase their account security. Let’s hope that other companies followin their footsteps.
Action Fraud UK have reported that fraudsters are notletting up and they are still seeing a huge number of TV licensing phishingscams that we first witnessed in September 2018.
The phishing campaign is continuing to target the generalpublic, sending fake TV licensing emails that are convincing victims to partwith their personal and financial information.
Action Fraud have received over 900 fraud cases, totalling morethan £830,000 in financial losses for the victims, since April 2018.
To protect yourself against these types of phishing attacks:
If you have been a victim of fraud then you can report your case using the Action Fraud UK website.
A new post from the Cisco Talos team this week, hasidentified and detailed a new Point of Sale malware called GlitchPoS, thatinfects sales websites and electronic retail sales machines (tills) with thegoal of capturing credit card information.
Attackers can use this malware to increase their finances, andfund further criminal activities.
This new PoS malware has been found available for purchase oncrimeware forums and Talos believe that this is not the first malware that hasbeen developed by this actor.
GlitchPoS is controlled by its own C2 infrastructure thatincludes a GUI based Dashboard control panel. The dashboard reports the numberof Bots available and online, as well as the amount of infected PoS devices.
Captured card data from the infected machines is sent to theC2 servers and is displayed in the dashboard console so they can be easilyaccessed by the attackers.
Although it is unclear at this stage how many purchases ofGlitchPoS have been made, it is clear that Point of Sale malware remains alucrative option for cyber criminals, and development of this type of malwarecontinues.
Cisco AMP and Umbrella can be used as effective controls thatprevent this threat.
Cisco AMP for Endpoints can be used to detect and block thistype of malware from executing on your devices.
While Cisco Umbrella can be used to prevent infected devicesfrom communicating with the Command & Control (C2) servers.
It is also strongly advised that Point of Sales terminals areupdated along with other IT infrastructure and should be placed in their ownnetwork segment to ensure that they are isolated from your critical systems.
Nineteen vulnerabilities have been patched by Intel for its Windows 10 graphics drivers, that including two flaws rated with a high severity.
These two vulnerabilities are covered by CVE-2018-12214 andCVE-2018-12216.
The first is a memory corruption issue that exists in the kernelmode driver and allows an attacker with local access privileges to execute codeon the target system.
The second has a CVSS rating of 8.2, also existing in theKernel mode driver, but this time it’s due to a lack of input validation thatcan allow an attacker to execute code with local privileges.
The remaining updates have a mix of of low & medium severities,and may result in Information Disclosure, Denial of Service or Privilege Escalation.
Intel recommends that users of Intel Graphics Driver forWindows update to versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064)and 24.20.100.6373 or later.
Updates can be found available in the Intel download center: https://downloadcenter.intel.com/product/80939/Graphics-Drivers
And that’s it for this week, please don’t forget to tune in forour next instalment.
Why not follow us on social media using the links provided on the right.
Edition #33 – 15th March 2019
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
