Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
An electronic document-signing service called Docsketch recently announced they had suffered a security breach in which a three-week old copy of their database was accessed. This breach occurred back in August, and the company has since revealed that the stolen information included names, signatures, personal data and, in some cases, payment card and login details. They also confirmed that some passwords were included; even though they were clear that the password strings were salted and hashed, the complexity of the hashing was not stated. Docsketch have begun sending alerts to customers they believe were affected; however, we recommend all users of this service update their passwords as soon as possible.
By ZDNet.com
Carnival Corporation, the world’s largest cruise line operator, recently confirmed that they had suffered a ransomware attack. The attack occurred back in August 2020, and reportedly included “unauthorised access to personal data of guests and employees”. The security team is currently investigating the attack and has so far found no indication that the stolen data has been misused. It is not currently known if the ransom has been paid, as investigation is still ongoing; details on the attack and initial compromise can be found here.
By BleepingComputer.com
Microsoft’s cyber security researchers have discovered a new type of ransomware designed to infect Android devices. This new malware uses entirely new techniques and capabilities, including open-source machine learning and the ability to evade detection from security solutions. This variant also uses social engineering and disguises itself as popular applications, however it does not encrypt data or lock users out of their device. Instead, it displays a ransom note message over every window that the user tries to open; the note threatens the user and urges them to pay a ransom. To ensure that you do not become a victim of this attack, we advise that you only download applications from trusted app stores and avoid third party stores which are notorious for distributing malicious apps.
By HackRead.com
With ransomware attacks being so present lately, everything else has really been pushed out of the spotlight. However, Cisco Talos recently discovered a new campaign that uses a multi-modular botnet in combination with a cryptocurrency mining payload. The threat has been named ‘Lemon Duck’, and it has seen an increase in activity over the last few months, despite previously being inactive since December 2018. Talos advises that everyone “monitors the behaviour of systems within their network to spot new resource-stealing threats such as cryptominers”, and with Lemon Duck’s increasing presence, we strongly recommend you follow this advice.
By Blog.TalosIntelligence.com
Microsoft’s October Patch Tuesday is finally here, and it addresses 87 total vulnerabilities. These include 21 RCE flaws, the most dangerous of which is a remote code execution that exists in the Windows TCP/IP stack; it allows a remote attacker to take over the target system by sending malicious ICMPv6 Router Advertisement packets. If you want to see a list of all the addressed vulnerabilities, it can be found here; and please remember to apply the latest patches as soon as possible.
By ZDNet.com
A team of security researchers has discovered 55 new vulnerabilities affecting Apple software and services, 11 of which are considered critical. The group disclosed their findings to Apple, who began patching immediately; as part of Apple’s bug bounty program, the team of researchers have been awarded a $288,500 payout. 28 of the 55 were patched within 1-2 days, and the rest are currently in progress. The critical flaws included remote code execution, authentication bypass, command injection and memory leak vulnerabilities. We recommend updating your apple devices regularly, or preferably, set your devices to update automatically as soon as future patches become available.
By TheHackerNews.com
And that’s it for this week’s round-up, please don’t forget to tune in for new instalments every week.
We hope this makes for light reading during these times of uncertainty.
Stay Safe, Secure and Healthy!
Edition #113 – 16th October 2020
Why not follow us on social media:
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
