Welcome to the Ironshare Cyber Round-up where we look back atthe events of that last week and cover some of the news, posts, views, and highlightsfrom the world of Security.
In this week’s round-up:
Amazon.com have revealed that over the last six months, theywere hit by an extensive fraud attack that allowed hackers to siphon funds fromcompromised merchant accounts. Phishing attacks were likely used to gain accessto account credentials, but its unsure how much was actually stolen byattackers.
By E Hacking News.
The WhatsApp messaging app has been hit by a flaw that allowsbad actors to install silent spyware to a victim’s smartphone, by simply makinga single phone call. Although the spyware was targeting a small percentage ofthe 1.5Billion users, all IOS, Android and Windows mobile device platformsappear to vulnerable. Get updating your WhatsApp now!
By Naked Security
The Huawei saga keeps rolling on, with a former MI6 chief urgingthe UK Government to reconsider their decision to use Huawei in the new 5Gmobile network. Although Huawei state they have never participated in Chinesestate espionage, the former MI6 leader states they are ‘unable to operate freeof the control of the Chinese Government’.
By The Guardian.
This months Microsoft Patch Tuesday has disclosed a criticalvulnerability in the Remote Desktop Services Feature that can be exploitedwithout the need for valid login details. Older operating systems such as Windows7, 2008 are vulnerable. Microsoft must be concerned about this threat as they evenprovided updates for the no longer supported Windows XP and 2003. Get patchingyour servers now and if you have internet accessible RDP servers, we suggestyou get these secured ASAP.
By Microsoft Technet.
A new Spectre-like set of side channel attacks have been identifiedin Intel CPUs, that has the potential to leak sensitive data. Four separate attackvectors (ZombieLoad, Fallout, RIDL and Store-to-Leak) are associated with thisthreat, with the possibility of leaking information such as user keys, diskencryption keys and passwords from CPU buffers. Intel is releasing CPU updates,in conjunction with vendors updates from Red Hat, Oracle and Microsoft, tomitigate the threat.
By Threat Post
Microsoft has released its regular monthly security updates,which includes a total of 79 vulnerabilities. 22 updates have been ratedCritical, 55 Important, 2 vulns have been publicly disclosed and 1 has beendetected as already being exploited in the wild. Includes a critical vuln inRemote Desktop Services that needs immediate attention.
By Ironshare.
Apple have released their latest set of product securityupdates. iOS and tvOS are updated to v12.3, macOS updates are available for Sierra,High Sierra and Mojave, while watchOS is updated to v5.2.1. iOS alone covers a totalof 42 vulnerabilities, half of these existing in WebKit which can lead to code execution.Check all your devices and get updating.
By Apple Support
And that’s it for this week round-up, please don’t forget totune in for our next instalment.
Why not follow us on social media using the links providedon the right.
Edition #41 – 17th May 2019
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
