Welcome to the Ironshare Cyber Round-up where we look back atthe events of that last week and cover some of the news, posts, views, and highlightsfrom the world of Security.
In this week’s round-up:
As we enter the holiday season, we will inevitably see the annual increase in online fraud and theft. Retail companies have become a big target for criminals in the last year and have suffered more data breaches than any other company. Due to the ease in which cybercriminals can monetise stolen information the Retail industry have become a bigger target for organised crime. The article covers typical attack methods and advise to retail companies on how they can protect themselves. This includes achieving compliance, securing data and encrypting their payment card systems. The retail industry cannot afford to ignore cybersecurity, if your retail systems are not up to scratch we suggest you get securing them immediately.
By TechRepublic.com
Hours after the release of their new streaming service, Disney+, users took to social media to complain about their accounts being compromised. It was later discovered that these stolen accounts were being listed on hacking websites and were on sale for $1 a month. This was achieved through phishing emails sent to the subscribers, which were used to gain their login credentials. The credentials were changed by the hackers immediately to lock the users out. Users are advised to take caution when responding to emails or clicking links to avoid being involved in this kind of phishing attack.
By InfoSecurity-Magazine.com
The personal information of approximately 2.2 million users has been posted online, including passwords. The leaked information has come from two websites; the first is a cryptocurrency wallet service called GateHub, and the other is a RuneScape bot provider called EpicBot. Around 1.4 million accounts were breached from GateHub, and around 800,000 from EpicBot. The attacker posted the database online, which included 2FA keys, mnemonic phrases and wallet hashes; despite the leaked information, GateHub confirmed that no wallet hashes had been accessed. Any users of these websites are advised to change their passwords as soon as possible.
By ArsTechnica.com
Macy’s recently made an announcement in which they told thepublic of a MageCart skimming attack that was present on their website. Theattack was implanted in the online payment portal of the site and hasreportedly been active since October 7. The company has not disclosed how manycustomers were affected by the breach, or how the unauthorised code made itsway into their website; however they have confirmed that law enforcement and aforensics firm are looking into the incident and are actively investigating theseverity of the breach. More details on the incident included in the originalpost.
By ZDNet.com
A recent phishing scheme has emerged that sends emails using legitimate organisations’ Office 365 infrastructure. The attackers are targeting administrator accounts which they then use to send out phishing emails; by doing this, they do not have to worry about teh organisations users discovering their malicious intent. More details on the nature of this phishing scheme are included in the original post, as well as potential trends and ways to spot them.
By ThreatPost.com
The security research team at Checkmarx have discovered whatis possibly the most alarming vulnerability to date. Their most recentdiscovery is a flaw affecting all Android devices which could allow an attackerto seize control of your smartphone camera, remotely take photographs, recordconversations and discover your location. This vulnerability which is essentiallya full spyware functionality has the potential to impact hundreds of millionsof Android users worldwide. This flaw has been patched for Google devices in arecent update, but there has been no news on Samsung devices yet.
By Forbes.com
And that’s it for this week round-up, please don’t forget totune in for our next instalment.
Why not follow us on social media using the links providedon the right.
Edition #68 – 22nd November 2019
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
