Welcome to the Christmas 2019 edition of the Ironshare CyberRound-up where we look back at the events of that last week and cover some ofthe news, posts, views, and highlights from the world of Security.
In this week’s round-up:
Many small to medium businesses do not understand theimportance of security and believe they are not at risk when it comes to cyber-attacks.Some of the main reasons they believe this is that they think they have nothingworth stealing and are too small to be of interest to attackers. At Ironshare wewant to do our part to reduce the number of cyber-attacks on small to medium businesseswhich starts with our Cyber Assessments; our post here highlights some of thekey findings, during the assessments we carried out throughout 2019.
By Ironshare.co.uk
The UK’s Ministry of Defence have recently announced thecreation of a new strategic service called the Defence Digital Service (DDS). TheDDS has been created to rapid delivery of Defence based user-centred productsand services. The DDS aim to bring tactical and strategic advantage byresponding rapidly to user needs, both in the office and in the battlespace. Thisis a small team with big goals, so will be good to watch their progress, inthis critical area.
By UK Ministry of Defence - defencedigital.blog.gov.uk
This time of the year is a treat for cyber criminals, asshoppers are rushing to bag last minute bargains, and employees are alreadymentally clocking out for the holidays. Check out the SW RCCU’s cyber briefingfor great advice on staying safe online during the holidays.
By South West Regional Cyber Crime Unit
The City of New Orleans has suffered a cybersecurity attackserious enough for Mayor LaToya Cantrell to declare a state of emergency. Duringa press conference, Mayor Cantrell confirmed that this was a ransomware attack.Unfortunately, this is just another ransomware based cyber attack that isplaguing the US government in the last months. Last month we saw Louisiana targetedand back in August we saw 23 Texas based agencies taken down due to the samethreat.
By Forbes – Davey Winder
This year saw a number of big-name malware families comeonto the scene, including Sea Turtle, one of the most high-profile DNShijacking attempts in recent memory. BlueKeep also stirred up controversy whenthe RDP vulnerability was first discovered, but researchers are still holdingtheir breath, waiting for the first major exploits to happen. This latest blogfrom Talos gives a month by month view on the major malware and news that cameout of Talos in 2019.
By Cisco Talos - talosintelligence.com
Approximately 38,000 German students have had to queue inperson to regain access to their accounts after the Justus Liebig Universitywas hit by a cyber-attack. The attack that occurred on the 8th Decembertook the University offline and for legal reasons each student then had tocollect their account password personally. Details of the attack are limited atthis time, but staff are being given USB sticks to scan devices for virusinfections.
By BBC.co.uk
Google is changing the way that it grants third-party appsaccess to G Suite accounts as it tries to improve security. It is weeding outwhat it calls ‘less secure apps’ (LSAs) by denying them access to its services.In summary Google want to move people away from using simple username andpasswords for allowing apps access to G Suite, to using OAuth. This will allowmore granular access to be defined for the requesting application, making itmore secure and more convenient for the users.
By Naked Security
A firmware vulnerability in TP-Link Archer C5 v4 routers whichare used in enterprise and home networks, have been found to allow unauthorizedremote access to the device with administrative privileges. If using one ofthese vulnerable devices, it can become an entry point for an attacker to gainaccess to the network, before moving laterally to compromise other devices. Firmwareupdates have been made available by TP-Link, so we recommend getting thesedevices patched ASAP.
By Threatpost.com
And that’s it for this week’s round-up, we hope you all havea fantastic Christmas / Holiday season and get all the family downtime youdeserve. Please don’t forget to tune in for our next instalment coming your wayin the New Year.
Merry Christmas and a Happy New Year!
Why not follow us on social media using the links providedon the right.
Edition #72 – 20th December 2019
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
