Welcome to the Ironshare Cyber Round-up where we look back atthe events of that last week and cover some of the news, posts, views, and highlightsfrom the world of Security.
In this week’s round-up:
Every day, attackers attempt 300 million fraudulentsign-ins. This number is constantly increasing, meaning the need for cybersecurity is going up with it. Despite this, there is one simple action you cantake to drastically improve your account security and keep your informationsecure. We all know that no matter how much you try to enforce good password practice;people always use the simplest passwords. MFA is the solution to this. MultiFactor Authentication applies an added layer of security to your accounts andasks for a randomly generated code from an app on your smartphone; this meansthat even if your password is cracked, an attacker would also need your phoneto access the account. MFA is easier to use and implement than you think, soget securing your accounts today.
By Microsoft.com
On August 16, a coordinated ransomware attack was launched against 23 local government organisations in Texas. Officials have confirmed that no state networks were affected by the attack and they have not yet disclosed if the agencies have paid the ransom. The Texas Department of Information Resources revealed that the ransomware came from a single source and they are still investigating the origin of this attack. This is the biggest coordinated ransomware attack we have seen to date that targets multiple local governments; however, it is not the first. Ransomware has been particularly prominent this year, and this is just another example of the threat affecting all types of organisations. Check out our Blog covering the dangers of ransomware and how to recover.
By ArsTechnica.com
Earlier this year, Google released a new Chrome extensioncalled Password Checkup, which was designed to tell users if their credentialshad been leaked from website databases. Security researchers have analysed theresults of the extension and revealed that out of 21 million accounts, 1.5% oflogins were performed using compromised credentials. The researchers monitoredthese results for a 28-day period, during which over 300,000 users logged inusing leaked usernames and passwords; worryingly 26% of these users ignored thewarnings issued by the extension. It is believed that users are not actingbecause they either don’t believe the risk, don’t have control of their accountor because they are unsure how to reset their password. If you receive awarning regarding leaked credentials, we recommend resetting your password;never assume you’re accounts are safe.
By TheRegister.co.uk
Apple has accidentally reverted patches for a recentvulnerability. The latest version of iOS, 12.4, has reintroduced a flaw thatmakes jailbreaking up to date iPhones much easier. We have not seen a publicjailbreak scheme on iPhones for years, but this recent mistake from apple hascaught people’s attention. The dangerous part is that if a device is vulnerableto jailbreaking, it can be hacked just as easily. The jailbreak code has notbeen publicly released to avoid Apple patching it; reports have shown exploiteddevices selling for millions of dollars. Until this is patched again in thenext update, we recommend caution when downloading apps, as the likeliness ofthem being malicious is much higher than usual.
By Vice.com
Fortnite’s huge global player base makes it the perfecttarget for attackers. A recent ransomware campaign, known as Syrk, has beenaffecting users everywhere. This ransomware attack was built using toolsavailable on the internet and works by disguising itself as an aimbot cheat forthe game. Players who download the hack will have their files encrypted untilpayment is made. It was revealed that Syrk is the popular ransomwareHidden-Cry. Hidden-Cry is known for how quickly it deletes files afterencrypting them, and how simply they are deleted. Victims can possibly recovertheir deleted files by following the instructions in the original post. Werecommend avoiding all cheats available online, to minimise the risk of beingvictim to these attacks.
By Cyren.com
A backdoor was intentionally placed in Webmin, a Unix administration tool. The backdoor allowed anyone who knew about it to completely take over the target device and execute commands as root. The backdoored version of Webmin was available on the official site for over a year, before being publicly disclosed during the DEF CON 2019 security conference. Affected versions include version 1.890, 1.900 and 1.920. Although 1.890 was the primary version affected by this vulnerability, the other two were found with almost identical backdoor code. The vulnerabilities were addressed in Webmin v1.930 and Usermin v1.780. If you are using Webmin its time to review and update.
By ThreatPost.com
Bitdefender researchers have recently discovered aworm-cryptominer that uses a supply chain attack and is delivered via aPotentially Unwanted Application known as DriveTheLife. The attack works bymoving laterally and using a variety of unpatched vulnerabilities and advancedtools to compromise victims. The interesting thing about this cryptominer isthat it pauses itself if it detects a game running in order to avoid detection.Detailed analysis is included in the original post, including how the attackworks and a list of indicators of compromise.
By BitDefender.com
And that’s it for this week round-up, please don’t forget totune in for our next instalment.
Why not follow us on social media using the links providedon the right.
Edition #55 – 23rd Aug 2019
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
