Welcome to the Ironshare Cyber Round-up where we look back atthe events of that last week and cover some of the news, posts, views, and highlightsfrom the world of Security.
In this week’s round-up:
An 18-year-oldstudent has discovered multiple vulnerabilities in the software used by 5,000schools. Two common pieces of software, Blackboard and Follett, contain seriousbugs that allowed the teenager to access over 5 million records, includingstudents and staff. The Blackboard breach alone compromised 24 categories ofdata, including phone numbers, bus routes, passwords, photos, student gradesand immunisation records. The teenage hacker stated that he managed toaccomplish this with very limited access, which supports his statementregarding the poor state of cybersecurity in education software. The teenpresented his findings at Defcon last week and proved that something needs tobe done about the lack of consideration for cybersecurity.
By TechCrunch.com
BlackBerryCylance’s AI-based antivirus has been easily bypassed by security researchers,who managed to trick it into thinking that the WannaCry ransomware is benign.The researchers have developed a “global bypass” for Cylance’s machine-learningalgorithm that can be used with almost any malware; the method involves takingstrings from a non-malicious file and simply adding them to the malicious one.In this case the researchers used an online gaming program. The idea of anAI-based antivirus is that once trained, it will not require constant updating,however after this discovery the company may have to completely retrain thesystem.
By Vice.com
Securityresearchers have discovered a serious data breach of the Suprema BioStar 2biometric security database, which contains the plain-text usernames andpasswords, fingerprints and facial recognition data of over 1 million users.The breach allowed attackers to take over user accounts and replace biometricdata with their own, which could potentially grant access to secure areas.BioStar is used by a over 5,700 major companies, including the UK MetropolitanPolice, this puts into perspective the severity of this breach. Suprema havenot yet commented on the breach but have confirmed they will take immediateaction to remediate the issue.
By BBC.co.uk
A 20-year-old bug has been discovered in the legacy windowsprotocol, Microsoft CTF. CTF is part of the Windows Text Services Framework andmanages keyboard layouts, input methods and other things such as textprocessing. The protocol also communicates with other Windows services freelywithout proper authentication; for this reason, the flaw has been rated‘important’. This vulnerability allows an attacker to escalate privileges tocompromise a machine, however it does require the attacker to have a local usersession. Despite this, the exploit cannot grant initial access to the machine.More details included in the original post.
By ThreatPost.com
Ransomware can affect any internet-connected device, notjust a computer, and this recent outbreak of attacks targeting Canon DSLRcameras is all the proof you need. Vulnerabilities in Canon’s Picture TransferProtocol can be exploited by USB or WiFi to seize control over a target camera.Security Researchers confirmed that the exploit allows an attacker to install amalicious firmware update onto the camera without any user interaction from thevictim. This firmware can be modified in some cases to encrypt the files on thedevice and request a ransom to recover them. There is currently only an updateavailable for the EOS 80D model, patches for other models will be availablesoon.
By TheHackerNews.com
Microsoft’s patch Tuesday for August hit this week and hasaddressed a total of 97 vulnerabilities, 31 of which were critical threats. Thesevulnerabilities include remote code execution flaws in Remote Desktop Protocoland Microsoft Outlook. Details on all the addressed vulnerabilities areincluded in the original post.
By Blog.TalosIntelligence.com
A zero-day vulnerability in the Windows version of the Steamclient has been published by a security researcher. The vulnerability has beenidentified as a privilege-escalation bug and gives an attacker the ability torun any desired program with the highest level of access. Researchersdiscovered that symbolic links can be used to force the computer into launchingany service or executable. In some circumstances the exploit can run WindowsInstaller, which can be used to deploy malicious code. This vulnerabilityaffects any Windows device that has the Steam client installed. Valve have nowreleased a patch for this flaw, and we advise updating as soon as possible.
By ThreatPost.com
And that’s it for this week round-up, please don’t forget totune in for our next instalment.
Why not follow us on social media using the links providedon the right.
Edition #54 – 16th Aug 2019
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
