Welcome to the Ironshare Cyber Round-up where we look back atthe events of that last week and cover some of the news, posts, views, and highlightsfrom the world of Security.
In this week’s round-up:
An unpatched bug in the Google Chrome browser is beingexploited by cybercriminals targeting Apple iOS devices. The attack is being spreadvia a malvertising campaign, which is relying on iOS users to be more activewith browsing on their Apple devices, during the Easter period.
The exploit relies on hijacking browser sessions by redirecting the user to another site, pop-up or landing page. If the user clicks on one of these redirected sites, or pages a malicious payload is downloaded to the device and compromise can occur.
Sandboxing evasion techniques are also in use by the exploit, to ensure that these pop-ups are not blocked and it can bypass the security mechanisms that are in place to prevent redirections.
According to ThreatPost, although the campaign has only beenrunning for a few days, it is highly active in the US, with activity alsowitnessed across Europe, leading to a possible impact of half a billion user sessions.
Apparently, this threat is not just isolated to Google Chrome and may also be affecting the Safari browser, but information on this is limited.
Please stay vigilant this Easter Bank Holiday, as hackers take advantage of these extended holiday periods to go undetected.
Be careful what you click, especially when presented with pop-ups and redirects to other sites.
Researchers at Underdog Security have identified a securityflaw in Electronic Arts Origin gaming client that can allow the bad guys to launchmalicious code on the gamer’s computer.
The Origin client app is used to buy and download games fromElectronic Arts and is in use by millions of gamers worldwide.
The researchers discovered that the Origin app, running on Windows PCs, could be tricked into running any other app on the victim’s computer. They have provided proof of concept code and video footage, that shows the exploit launching the Windows Calculator app.
Their investigation shows that common attacks using PowerShellcan be used to compromise a target machine and could result in the download andinstallation of other malicious code, such as ransomware.
EA have issued a fix for this vulnerability and users areurged to update the client as soon as possible.
Earlier this week Microsoft confirmed they had discovered abreach on their web-based email platforms that has resulted in the compromiseof numerous customer email accounts.
Although the number of users impacted is said to be limited,the breach affected multiple services including MSN, Hotmail and Outlook.com,between 1st January 2019 and 28th March 2019.
Enterprise accounts using paid for services were apparently notimpacted by this breach.
The cause of this initial breach was down to one of Microsoft’ssupport agents having their credentials stolen, which allowed a remote attackerto gain access to customer email accounts.
Upon detection Microsoft has notified all users, disabledaccess to the compromised accounts and put controls in place to prevent the attacker’saccess.
These types of account compromise hacks are now all too common as more people and organisations move to web and cloud-based services. Never assume that just because you are moving to the cloud that these services are fully secure. Always review and understand the security that is in place so you can fill any gaps that exist.
Email Phishing attacks are the primary method for hackerstrying to steal user credentials (username and passwords). Always checks emailsthoroughly to ensure they are from a trusted source and never click on any misspeltor suspicious links. If in doubt with an email just delete it.
A new DNS Hijacking campaign has been discovered by the Talos research team which has been targeting national security, public and private organisations since early 2017.
The campaign, dubbed ‘Sea Turtle’ by Talos, has been primarily focused on countries in the Middle East and North Africa, and has so far impacted at least 40 organisations across 13 different countries. In addition, a secondary group of victims have also been targeted which includes Internet Service Providers and Domain registrars.
DNS hijacking is technique that allows an actor to controlan organisations domain name space, giving them the ability to redirect trafficto hacker-controlled servers.
Talos believe that this is the work of a state sponsored actor that is trying to achieve persistent access to its target network environments, with a goal of gaining access to sensitive information and intelligence. These are highly capable actors, who are responsible for the first confirmed case of a Domain name registry compromise.
Organisations typically forget about securing their externalservices such as DNS, but these can be an easy target if not included in your overallsecurity strategy. Where available it is recommended to implement Multi-Factor Authentication(aka Two Factor Authentication or Two Step-Verification) on your external DNS accounts.As per Talos recommendations you can also consider a registry lock service,that requires separate authentication / approval before any DNS changes can bemade.
Well it wouldn’t seem a normal week without mentioninganother Facebook privacy issue. This time the social media giant is being criticisedfor the harvesting of email contact information of 1.5 million new users.
We mentioned in a previous issue how Facebook were requesting access to users email accounts in order to verify their identity, well it seems from this latest issue that this was not the only reason they wanted access to the email accounts of new users.
As part of this verification process which appears to haverun for almost 3 years, Facebook used the email verification process to takecopies of the email accounts contact list without the explicit permission ofthe user.
Facebook have stated that they have now changed the way theyprocess new users and that email contacts are no longer being uploaded to itsplatform.
What is evident is that users are no longer going totolerate the poor privacy and data handling practices of Facebook, with approx.15 million users in the US alone closing their accounts in the last 2 years andlooking for alternative social media platforms.
And that’s it for this week round-up, we hope you have a happy Easter and enjoy the bank holiday weekend. Please don’t forget to tune in for our next instalment.
Why not follow us on social media using the links providedon the right.
Edition #37 – 19th April 2019
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
