Welcome to Ironshare’s Cyber Round-up, where we look back at the events of that last week and year to cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
The UK and US have began retaliating against the Russian cyber criminals responsible for ransomware attacks across the UK. This comes following a recent investigation from the National Crime Agency, which exposed the actors behind the Trickbot, Conti and RYUK ransomware strains. It is evident that the UK and US are no longer willing to act in a defensive manner and want to actively hunt and shut down these international cybercriminal operations; the sanctioning of these Russian crime groups is hopefully only the beginning.
By nationalcrimeagency.gov.uk
A wealth and finance planning firm known as Succession Wealth, are suffering from a recent cyber attack that has affected their operations. Succession are a major firm, with 18,000 clients across the UK and a workforce of around 600; their latest statement on the incident indicates that they are “working to assess and resolve the situation.”. Despite issuing a statement, Succession refused to share more details at this stage, so it is unclear whether user data has been compromised. We expect further updates soon once their investigation has advanced, but for now there is not much more to discuss. We advise that all Succession Wealth customers keep up to date with advisories and statements from the firm, until the situation regarding compromised data has been made clear.
By financialplanningtoday.co.uk
An unidentified threat actor has launched a new campaign in an attempt to steal cryptocurrency from victims. Talos Intelligence has been observing the threat actor and has identified that the campaign is indiscriminate in its attack for financial gain. The attack is known to originate from a phishing email containing a malicious attachment, this email impersonates “CoinPayments”, a legitimate cryptocurrency company. The malicious zipped attachment is masked as a transaction receipt. On downloading the attachment connects to a malicious server to download MortalKombat ransomware and Laplas Clipper malware to the victim's machine. Avoid downloading any attachments from suspicious email addresses to help keep safe. Read more about the campaign here.
By blog.talosintelligence.com
A former Diplomat has claimed to have hacked SNP MP’s email. Craig Murray secured Stewart McDonald’s emails after making a number of inquires but had no involvement in the initial hack. Mr Murray has now vowed to publish material which he deems to be non-personal. Mr Murray also claimed the cache included emails between Mr McDonald and Scotland’s First Minister.
By bbc.co.uk
A new zero-day vulnerability has been present in Apple operating systems and the Safari browser, the vulnerability is to do with the WebKit browser engine that has been reported to be exploited in the wild. The vulnerability is caused by JsonWebToken code accepting asymmetric keys not associated with the specific algorithm which allowed insecure key types for signature verification. "[Apple] is aware of a report that this issue may have been actively exploited” an Apple advisory said. Users are advised to update their devices and safari browser to patch the vulnerability and stay secure.
By theregister.com
Hyundai and KIA are having to rollout an emergency software update on several car models. This easy hack was allowing people to steal the cars. A Hyundai announcement reads "In response to increasing thefts targeting its vehicles without push-button ignitions and immobilizing anti-theft devices in the United States, Hyundai is introducing a free anti-theft software upgrade to prevent the vehicles from starting during a method of theft popularized on TikTok and other social media channels," The hack has been shown on social media such as TikTok as a challenge since July 2022. The videos have shown people how to remove the steering column cover to reveal a USB-A slot that can be used to hotwire the car.
By bleepingcomputer.com
Welcome to our round-up of the Microsoft Patch Tuesday for February 2023!
This release is slightly smaller than what we saw in January, with a total of 78 vulnerabilities, 9 critical, 0 publicly disclosed and 3 exploited in the wild. This month’s vulnerability classification spread appears to be heavily focused on remote code execution, while the number of elevation of privilege flaws are unusually low, especially compared to last month. Despite these differences, there are still a number of dangerous flaws that have been addressed by Microsoft in this batch of updates.
And that’s it for this week’s round-up, please do check in next week for our new batch of security news and posts.
Stay Safe, Secure and Healthy!
Edition #223 – 17th February 2023
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
