Welcome to the Ironshare Cyber Round-up where we look back atthe events of that last week and cover some of the news, posts, views, and highlightsfrom the world of Security.
In this week’s round-up:
A marketinganalytics company was storing a massive amount of sensitive information in an unsecuredopen database, and reportedly included the personal data of the entirepopulation of Ecuador. The leak was discovered by vpnMentor, who revealed thatthe database included records for 20 million individuals, which covers the 16.5million living in Ecuador. The leaked database included records such as fullnames, date of birth, home address, phone numbers and taxpayer IDs. This alsoincludes extensive information on family members, as well as social securitynumbers and vehicle purchases. The amount of information leaked from thisdatabase has researchers questioning how necessary it was for the marketingcompany to store this, and where they obtained it from in the first place.
By ThreatPost.com
Thesoftware hosting service, GitHub, has acquired the code analysis platform knownas Semmle; the idea behind this venture is to assist developers and researchersin discovering critical vulnerabilities and zero-day threats. Semmle offers avariety of tools and products that are capable of investigating and addressingsecurity issues, as well as uncovering vulnerabilities in third-partydependencies. In other news, GitHub has also announced it’s recent role as aCVE Numbering Authority, meaning the company can officially identify new flawsas they are discovered; this can also integrate with Semmle products sincetheir new collaboration.
By TheNextWeb.com
The privatemedical records of 24.3 million patients have been left on unprotected servers,freely accessible on the internet. The leak has exposed records from 52different countries and includes confidential images such as X-rays, CT and MRIscans. The leaked information includes patient names, dates of birth,examination dates; as well as compromising 13.7 million social security numbersfor American patients. Researchers confirmed that they did not have to exploitany software to access the database, all they did was visit a public webpage.The lack of security in place has researchers concerned, especially consideringthe amount of information that was being stored.
By GrahamCluley.com
Security experts have begun issuing warnings regardingcyber-insurance companies. Recently, cyber-insurance companies have beenencouraging ransomware victims to pay the criminals to recover their encryptedfiles, thus funding further criminal activity. Security researchers see this asa huge long-term impact on the cyber-security industry; the wealthier criminalsbecome, the more advanced the ransomware becomes along with them. Despiterequiring more downtime, companies should look to recovering their files frombackups, and use alternate methods instead of paying ransoms, as the long-termeffects could be extremely harmful.
By ZDNet.com
A new spamcampaign has hit Germany that masquerades as a job application, including a pdfclaiming to be a resume; the pdf is actually an executable that installs theOrdinypt Wiper onto the victim’s device and destroys files stored on it.Although this malware destroys files, it is disguised as ransomware andrequests payment; regardless of whether payment is made, the files cannot berecovered. This campaign was first spotted in use on September 11th,2019 and has almost exclusively targeted German speaking users.
By BleepingComputer.com
The well-known password manager, LastPass, has recentlypatched a vulnerability present in browser extensions for Chrome and Opera.This flaw could allow an attacker to steal the username and password of itsvictim, through the ‘fill-in’ feature. The fill-in feature allows a user tosave their login credentials to automatically input their username and passwordfor certain websites. Because of this vulnerability, if a user was to visit amalicious site their login details for the last site visited would be exposed.In practice, there is a lot more steps required to exploit this bug, and it wasnot actively exploited according to security researchers. This bug was patchedin LastPass version 4.33.0, an update which has been automatically applied to allusers’ browser extensions.
By GrahamCluley.com
Emotet, one of the world’s most dangerous botnets and malware droppers, stopped all activity at the start of June 2019; even their command and control sites went inactive. The constantly evolving botnet started out as a banking trojan five years ago and has since then been deemed one of the most prominent threats in cyber security (see our blog post for more info on Emotet). As of September 16th, 2019, the Emotet botnet appears to be active once again; all operations appeared to have resumed, including the dormant command and control site and spam campaigns. Despite the extended break, Talos have ensured that all coverage and protection remain active, and new indications of compromise have been pushed to supported Cisco Security products in response to the revival.
By TalosIntelligence.com
And that’s it for this week round-up, please don’t forget totune in for our next instalment.
Why not follow us on social media using the links providedon the right.
Edition #59 – 20th September 2019
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
