Welcome to the latest edition of the Ironshare CyberRound-up where we look back at the events of that last week and cover some ofthe news, posts, views, and highlights from the world of Security.
In this week’s round-up:
Cyber experts have discovered a number of attack campaignsexploiting the public’s concerns around COVID-19. Most of the general publicare largely focused on the spreading virus at the moment, meaning if they wereto receive an email addressing the issue, they would open it withouthesitation. Despite these urges, experts are strongly advising people to followonline safety advice; the harm that phishing attacks can cause is amplifiedduring this time as many people are unable to work. The loss of money orsensitive account credentials would only make things worse, so we stronglyrecommend visiting the NCSC website and reading their guidance on mitigatingthe risk of online attacks, during these unprecedented times.
By NCSC.gov.uk
A team of security researchers recently bought a Germanmilitary laptop which was found for sale on eBay for €90. The laptop containeda number of classified documents, including details of the LeFlaSys Ozelot airdefence system, which instructs how to destroy the mobile missile system. Thefiles were given the lowest level of classification and the device did notrequire a password to login; the files however were protected by what was anextremely easy to guess password. A recycling firm from Bingen were responsiblefor listing the device for sale, and in a recent report from the DefenseMinistry, they were also instructed to delete the data. Destroying all databefore selling IT devices is a legal requirement that the military did notcomply with; this is not the first time something like this has happened. Lastyear, military laptops were sold by federal authorities at an auction; uponbuying four of these laptops, a forest ranger found instructions for the Marsmobile rocket artillery. This is a perfect example of why all users & organisationsshould remove data from their devices before disposing of them; if militarydata can be stolen, so can yours.
By DW.com
MageCarts long list of victims continues to grow, andNutriBullet has become its most recent victim. Following the recent removal ofthe card skimming malware from NutriBullet’s online store, another skimmer wasinstalled just 5 days later. This has been a back and forth battle betweensecurity experts and malicious actors, in which the malware is constantlyremoved and reinstalled; this has been the case for almost a month now, andunless the underlying vulnerabilities within the NutriBullet site are patched,it will continue to happen. As always, we advise proceeding with caution whenordering products online and avoiding any affected sites temporarily while theorganisation address the incident.
By ZDNet.com
A malicious Android app has recently surfaced that claims totrack local victims of the Coronavirus. Instead the app demands a ransom of$100 in Bitcoin and locks the user out of their device. The user then has 48 hoursto pay the attacker or the contents of their device is destroyed. This schemewas discovered by security researchers at DomainTools, who have named theransomware CovidLock. The app is publicly available from a third-party website andis not on the Google Play store; this limits its capabilities when it comes toinfecting Android devices due to users having to visit the site and ignore anumber of security warnings. Devices using Android Nougat (Android 7.0) andhigher are not affected, provided they have set an unlock password already. Ifyou have been a victim of this ransomware, it is possible to get your data backwithout paying, as it is not the most advanced malware of its kind; several Redditusers have successfully recovered their data. Please take this as a warning toonly download authorised apps from the Google Play store and do not blindlytrust third-party providers.
By GrahamCluley.com
Trend Micro have been busy over the last week patching somenewly surfaced vulnerabilities that have been actively exploited in the wild.One of these is a remote code execution flaw that exists in the migration toolcomponent of Apex One and OfficeScan. The other bug that was addressed is acontent validation escape issue, and it allows an authenticated attacker to manipulatecomponents of certain agent clients. Products affected are Worry-Free BusinessSecurity, Apex One and OfficeScan. Affected versions can be found under the CVEon the TrendMicro website; we recommend updating as soon as possible to avoid therisk associated with these vulnerabilities.
By SecurityWeek.com
Adobe have addressed multiple critical vulnerabilities intheir most recent out-of-band software updates. These patches apply to flawsexisting in Genuine Integrity Service, Acrobat and Reader, Photoshop,Experience Manager, ColdFusion and Bridge. Their security advisories indicatethat 29 of the 41 flaws are marked critical, while the remaining 11 areimportant. All of the critical vulnerabilities addressed in this patch arememory corruption flaws; we recommend installing the latest version of all ofthese products to mitigate the risk of an attack.
By TheHackerNews.com
And that’s it for this week’s round-up, please don’t forgetto tune in for new instalments every week.
We hope this makes for light reading during these times of uncertainty.
Stay Safe, Secure and Healthy!
Why not follow us on social media using the links providedon the right.
Edition #83 – 20th March 2020
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
