Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
Indian Stock Traders, Upstox, have suffered a serious data breach in which cybercriminals were able to access millions of customer’s personal information. The compromised database included customer names, contact information, bank account information, as well as millions of KYC (Know Your Customer) details. KYC data includes scans of ID cards, photo ID and passports, making it a serious breach. The database was accessed by the ShinyHunters gang, who reportedly acquired the company’s Amazon AWS key. As a result of this incident, the Indian firm have reset all customer passwords and released a statement confirming that all funds are still safe and protected.
By GrahamCluley.com
The Justice Department has announced this week that their operation to remove malicious web shells from vulnerable Exchange Servers was authorised by the court. This comes as part of their response plan for the zero-day vulnerabilities that were discovered earlier this year; many systems are still affected, and the FBI have begun their work to expel the hackers from the victim’s networks.
By Justice.gov
Microsoft have discovered a new cybercrime campaign that is using contact forms on benign websites to distribute malware. The group submits a contact form threatening legal action; for example, the actor poses as a photographer claiming their copyrighted photos are being used by the company. This form then includes a link to a fake copyright evidence document which contains malicious code and redirects to a third-party login page. Microsoft warn all system administrators to be aware of this threat and avoid clicking suspicious links such as these.
By TheRecord.media
A newly discovered WhatsApp bug could allow an attacker to lock you out of your account using just your phone number. This is possible because of the setup process in which you are asked for your phone number and currently, there is no way to prevent a random user from using your phone number in their setup. This would send messages to your phone containing a verification code; if the attacker does this multiple times you can be locked out of your account for 12 hours. This can lead to your account being suspended if the attacker chooses to contact WhatsApp support.
By WeLiveSecurity.com
This edition of Microsoft’s Patch Tuesday contains fixes for 108 vulnerabilities. This includes 20 critical flaws, four of which are remote code execution vulnerabilities in Microsoft Exchange Server; these were given a CVSS severity score of 9.8 out of 10. Twelve of the remaining critical flaws exist in the remote procedure call runtime and require no user interaction. There are also fixes for Microsoft Office, the Windows Kernel and Visual Studio. As always, we advise applying the latest patches as soon as possible.
By Blog.TalosIntelligence.com
The Wordfence Threat Intelligence team have been working hard to disclose a number of vulnerabilities present in over 15 popular Elementor plugins. The plugins are used on more than 3.5 million sites, with 100 endpoints confirmed to be vulnerable. Similar to the vulnerability that was found in the main Elementor plugin, these cross-site scripting flaws add JavaScript to posts and execute it when the post is either viewed or edited. If the viewer happens to be an administrator, then the whole site can be taken over.
A list of affected plugins and versions can be found here.
We recommend applying the latest updates as soon as possible.
By WordFence.com
Google have released an update for the Chrome Browser, addressing two zero-day vulnerabilities that were being actively exploited in the wild. Exploits for these flaws were posted online, and it was confirmed that both can lead to remote code execution. We advise updating your browser to the latest version as soon as possible to ensure you are not at risk of exploitation.
By TheHackerNews.com
And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #137 – 16th April 2021
Why not follow us on social media:
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
