Welcome to the Ironshare Cyber Round-up where we look back atthe events of that last week and cover some of the news, posts, views, and highlightsfrom the world of Security.
In this week’s round-up:
After the recent surge of phishing attempts using MS Forms,Microsoft is introducing a new automatic phishing detection feature aimed atsuppressing the growing issue. The feature which is expected to be releasedthis month, works by detecting any dodgy redirections to landing pages,password boxes and more. This allows Microsoft to detect a phishing attempt,regardless of how convincing the content seems. In the unlikely event that aphishing attempt is not detected, users can now manually report a form orsurvey that they believe to be malicious. The introduction of these securitymeasures is Microsoft’s first step towards making all of Office 365 much safer.
By TechNadu.com.
A recent cyber-attack on the Bulgarian tax agency hascompromised the personal data of nearly all adults in the country. Followingthe breach, one of the hackers sent an email to the media containing an offerof access to the stolen data; the email also mocked the Bulgarian government’scyber-security standards. Authorities have arrested a 20-year-old man forsuspected involvement but are still investigating the possibility of othersbeing involved. The government has warned that anyone attempting to exploit thestolen data “would fall under the impact of Bulgarian law”.
By BBC.co.uk.
A security researcher has discovered a severe vulnerabilitythat could allow your Instagram account to be taken over by an attacker. Theresearcher discovered that Instagram requests a six-digit code when you getlocked out of your account, which can be sent to either your phone number oryour email. If a hacker could somehow gain access to a user’s email address,they would be able to recover the code. However, a much more effective methodwas discovered that could allow an attacker to gain access without emailaccess. Instagram’s rate limiting mechanism can be bypassed by sending requestsfrom different IP addresses. This would allow an attacker to brute forcesomeone’s account. The researcher chose to disclose information of this flaw toInstagram privately, to avoid people publicly exploiting it.
By HotForSecurity.com.
A recent bug has been reported that could allow someone toeavesdrop on you using the Apple Watch’s Walkie-Talkie app. Apple has notprovided details on how the bug works and have disabled the application until afix is available. The bug was reported to Apple through the ‘report avulnerability’ portal. Apple has apologised for any inconvenience, since thisis the second snooping bug Apple has suffered this year, the last one being inFaceTime. There is currently no fix for this vulnerability, and no timeline hasbeen released as to when it will be patched.
By NakedSecurity.com.
A new attack has been discovered that allows a bad actor tocapture loudspeaker data by taking advantage of the Android Accelerometer. Theaccelerometer is a hardware-based motion sensor in most Android devices, thatcan be accessed from any application with no permissions. Since the loudspeakeris on the same surface as the motion sensors, an attacker can intercept itsdata whenever the victim starts a phone or video call using speaker mode,allowing them to eavesdrop on their calls. This exploit has been namedSpearphone by researchers. The original post includes full details on theattack, and also details some mitigation techniques, however no official patchhas been released yet.
By TheHackerNews.com.
A remote attacker could potentially bypass authentication ofan affected system by exploiting a new vulnerability that exists in the RESTAPI interface of Cisco Vision Dynamic Signage Director. By sending a speciallycrafted HTTP request to an affected system, the attacker can execute actionswith administrative privileges through the REST API. This is due toinsufficient validation of HTTP requests. Unfortunately, the REST API isenabled by default and cannot be disabled, however Cisco have released a freepatch for the vulnerable software that can be found in the original post. It isalso important to note that this vulnerability only affects Cisco VisionDynamic Signage Director.
By Cisco.com.
A critical vulnerability has been disclosed in the popular CMS, Drupal v8.7.4 which allows an access bypass condition to be created when the experimental workspaces module is enabled. Disabling the Workspaces module prevents this flaw from being exploited, however Drupal advise updating to 8.7.5 if you are using the vulnerable version of this product. Please note that 8.7.4 is the only version affected by this vulnerability, and older versions are still safe. Further details on updating this product are included in the original post.
By Drupal.org.
And that’s it for this week round-up, please don’t forget totune in for our next instalment.
Why not follow us on social media using the links providedon the right.
Edition #50 – 19th July 2019
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
