Welcome to the Ironshare Cyber Round-up where we look back atthe events of that last week and cover some of the news, posts, views, and highlightsfrom the world of Security.
In this week’s round-up:
In John Opdenakker’s CyberSecurity Month series of blogs, he talks about the threat of Tech Support Scamsand what you can do to avoid and protect yourself against them.
A tech support scam is a fraudulent operation in which thecriminals try to convince people that they have serious problems on theircomputer that put them at risk. The scams can be initiated either by thecriminals calling people out of the blue or when people call the numbers thatare shown on this kind of pop-ups in the browser…. Use the link above to headover to his blog and continue reading.
By John Opdenakker.
The UKgovernment announced their plan to implement an age verification system intoporn-hosting websites that would block users if they were deemed under the ageof 18. The idea was first promoted in 2015 and was said to launch in April2018; however, they encountered an overwhelming amount of delays along the way.As a result, the government has decided that the system would not work and havedecided to drop it. Some of the issues encountered were the use of VPNs, socialmedia platforms that allow pornographic content and various providers refusingto allow the verification system. Because of this, the block will not becommencing and an alternate approach is being taken.
By BBC.co.uk
Chinesetelecoms manufacturer, Huawei Technologies, have began meeting with EU members toappeal for a 5G network security partnership, despite concerns raised by theUS. The United States added Huawei to their trade blacklist back in May due toconcerns of their devices being used for spying; following these concerns, theUS advised other allies to do the same. The Chinese manufacturer has announcedits plans to work with European partners and denies the claims made againstthem. German partners finalized their build-out 5G mobile network plans andhave not excluded Huawei from bidding for those networks. Does this mean thatother European countries are going to follow suit, time will tell.
By UK.Reuters.com
The SilentLibrarian threat group that operates out of Iran has launched a new phishingcampaign targeting university students. The scheme involves highly targeted,socially engineered emails that redirect the victim to a landing page whichthen requests their credentials. These attacks have proven very successful;researchers discovered that in September, 20 new phishing domains weretargeting more than 60 universities all over the world. The targeted attackswere especially successful, including topics such as university services andloan claims. Details on how the attacks are carried out are included in theoriginal post.
By ThreatPost.com
Researchersat Morphisec have discovered a new vulnerability in iCloud for Windows andiTunes for Windows that allows an attacker to bypass endpoint protection andactive antivirus software. The flaw was discovered in the update deliverymechanism included in iTunes for Windows, known as Bonjour. Researchers foundthis flaw being exploited as part of a BitPaymer ransomware campaign that hasbeen targeting US public and private companies for six months. Apple have nowreleased a patch for this vulnerability; we recommend updating your devices assoon as possible.
By NationalCyberSecurity.com
The latestWordPress update has addressed six vulnerabilities, including cross-sitescripting, cache poisoning, unauthorized access and server-side request forgery.These flaws affect versions 5.2.3 and earlier; which have all been addressed in5.2.4. Those who have not yet upgraded to the 5.2 branch can also find updatesavailable for WordPress 5.1.
By SecurityWeek.com
Today,Adobe released a pre-announced out-of-band security update that addresses 82vulnerabilities. Products affected by these flaws include Adobe Acrobat andReader, Experience Manager, Experience Manager Forms and Download Manager. 45of the 82 flaws were rated critical, all of which were present in Adobe Acrobatand Reader and allowed remote code execution. We recommend applying the mostrecent Adobe updates as soon as possible to mitigate the risk of an attack.
By TheHackerNews.com
And that’s it for this week round-up, please don’t forget totune in for our next instalment.
Why not follow us on social media using the links providedon the right.
Edition #63 – 18th October 2019
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
