Welcome to the Ironshare Cyber Round-up where we look back atthe events of that last week and cover some of the news, posts, views, and highlightsfrom the world of Security.
In this week’s round-up:
The UK’s Labourparty recently went public about a denial-of-service attack that took theirwebsite offline, however it appears that they also had an unintentional dataleak. According to The Times newspaper, the names of some donors were madeaccessible to the public, as well as the size and time of their donations. Thisinformation could apparently be accessed without security checks on any webbrowser. The DDoS and data breach appear to be coincidental and were notrelated, however the unfortunate timing has made them a target for the media.
By GrahamCluley.com
Apple hasremoved an application from the App Store that allowed users to track otherpeople’s Instagram activity. The app, called Like Patrol, was found to be inviolation of Apple’s data collection policies and immediately removed it fromthe store without question. Like Patrol was charging its’ users $80 per year touse the application; this has the app’s developers unhappy since it isn’tclassified as stalkerware and doesn’t provide any more data than the Instagramservice. This app does not appear to be on any other app store, such as GooglePlay store, meaning it can no longer be downloaded from anywhere legitimate.
By NakedSecurity.com
As Windows7 and Windows Server 2008 approach end of life, users have been worried aboutthe discontinuation of security updates for the operating systems. In responseto this, Microsoft has given users the option to pay for continued securityupdates after support for the operating systems stops. Users have also beengiven the choice to sign up for an extended security update test to ensure theirsystems are ready, before the program goes live on January 14, 2020.
By BleepingComputer.com
TheBlueKeep vulnerability exploit, which is available in a module for theMetasploit penetration testing framework, has reportedly been crashing thesystems it is being used on. Most of the time it works as expected, however itcan occasionally present the user with a blue screen of death error, ratherthan the expected remote shell; this week a fix will be released for the bug,making the attack more reliable. This will likely pave the way for increaseduse against vulnerable systems. If you are yet to patch your systems to protectagainst BlueKeep, we suggest you get this done quickly.
By ZDNet.com
Microsoft’sPatch Tuesday for November has arrived and addresses 75 vulnerabilities, including13 that are considered critical. Among these flaws are remote code executionvulnerabilities in Microsoft Excel and Media Foundation; these are some of themost important flaws patched in this edition. Details on everything addressedin this patch Tuesday are included in the original Talos post. We recommendupdating your systems with these latest patches as soon as possible.
By Blog.TalosIntelligence.com
Adobe’smonthly patch for November addresses three critical vulnerabilities, as well aseight important ones. The critical flaws include two remote code executions forAdobe Illustrator that affect Windows v23.1 and earlier. The other criticalvulnerability was present in the Media Encoder application and only affectsversion 13.1. Details on the rest of the vulnerabilities in this patch areincluded in the original post.
By ThreatPost.com
And that’s it for this week round-up, please don’t forget totune in for our next instalment.
Why not follow us on social media using the links providedon the right.
Edition #67 – 15th November 2019
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
