Welcome to the Ironshare Cyber Round-up where we look back atthe events of that last week and cover some of the news, posts, views, and highlightsfrom the world of Security.
In this week’s round-up:
XENOTIME, the Advanced Persistent Threat group behind the TRISIS Industrial Control System (ICS) malware, whom originally targeted oil and gas industries, has recently been expanding its focus to target electric companies. The Russian linked XENOTIME group, have been spotted exploring the networks of U.S. electric organisations, indicating a potentially attack on critical infrastructure. It is believed that an attack of this nature could also result in loss of life and major physical damage, making it extremely dangerous. Governments and companies are recommended to work cooperatively to defend critical infrastructure and the lives of the workers, from such devastating cyber attacks.
By ThreatPost.com.
ASCO, one of the world’s largest airplane manufacturers, has been hit by a ransomware attack. After ASCO’s plant in Zaventem, Belgium, was severely impacted by the infection, it was forced to shut down production in its U.S, Canada and Germany based factories. About 70% of the Belgium plant’s workers have been given leave for a week until the issue is resolved. ASCO have not revealed if the ransom has been paid, but it is evident that the damage caused by the attack is severe. It is never recommended to pay the ransom, always ensure that you have offline backups available to restore systems and service, in the event of an attack.
By ThreatPost.com.
A Mobile cyberespionage campaign, named “Bouncing Golf”, has been discovered and it is targeting Middle Eastern Countries. The malware involved in the campaign has been identified as AndroidOS_GolfSpy.HRX; and possesses a large amount of cyberespionage capabilities. The attack works by embedding malicious code in applications that bad actors have repackaged from legitimate apps. The capabilities of this malware give it the potential to completely hijack an infected android mobile device, and from this hackers can effectively steal device accounts, device locations, stored files and messages. Although the number of devices impacted so far is small in number, military info was included in the stolen data. Users are recommended to keep their devices up to date with the latest software and install mobile endpoint security (such as Cisco AMP for Endpoints), to help protect your device against these types of exploits and rogue applications.
By TrendMicro.com.
A new critical vulnerability in Firefox and Firefox ESR allows attackers to completely take over any device affected by the exploit. Due to a flaw in Array.pop method, the attacker can exploit JavaScript objects, resulting in an exploitable crash that allows control over an affected system. Anyone using Mozilla Firefox is vulnerable to an attack of this nature. Patches have now been released for this vulnerability, available in Firefox 67.0.3 and Firefox ESR 60.7.1. As this vuln is being actively exploited in the wild, Mozilla recommends that users update their systems immediately.
By SCMagazine.com.
A new cryptocurrency mining botnet has been discovered, that exploits poor default settings, including a lack of authentication on open ADB (Android Debug Bridge) ports. The botnet has the potential to spread to any system that has previously established an SSH connection with the infected host. This vulnerability is present in all Android-based devices, and the botnet has been seen operating in 21 different countries. Users are suggested to update their devices immediately and always change any default authentication settings to ensure devices are secure.
By TrendMicro.com.
MSRC (Microsoft Security Response Center) recently confirmedthe existence of an active Linux worm that could potentially take advantage ofa critical Remote Code Execution vulnerability in Linux Exim email servers.Only customer’s using Exim version 4.87 to 4.91 are affected, and it wasconfirmed that the vulnerability does not exist in Microsoft Azureinfrastructure and Services. Microsoft recommends that any customer’s running avulnerable version of Exim should update to the latest fixed version as soon aspossible.
By Microsoft.com.
And that’s it for this week round-up, please don’t forget totune in for our next instalment.
Why not follow us on social media using the links providedon the right.
Edition #46 – 21st June 2019
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
