Welcome to Ironshare’s Cyber Round-up, where we look back at the events of that last week and year to cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
The NCSC has created a package of useful information focusing on increasing the security of online retailers, hospitality, and utility services. The package focuses on aspects such as authentication methods for users and malware takedown guidance.
NCSC Deputy Director for Economy and Society Sarah Lyons said “Businesses have a major role to play in protecting online shoppers which is why we’ve produced new guidance to help them do so. Following this guidance will allow businesses to help keep their customers safe online as well as protect themselves from potentially crippling cyber-attacks.”
The public is also encouraged to forward any suspicious emails to the NCSC’s Suspicious Email Reporting Service (SERS) at report@phishing.gov.uk, and to forward any suspicious text messages to 7726.
By NCSC.gov.uk
Campaigners are requesting reform of the Computer Misuse Act 1990 to allow cybersecurity activities that should be legally defensible. A Consensus by experts in the field has also agreed that cybersecurity activities such as responsible vulnerability research and disclosure, proportionate threat intelligence, best practice internet scanning, enumeration, use of open directory listings, and honeypots should be legally allowed. The consensus “would form the core basis of a new legal environment for cybersecurity professionals based on a statutory defence,” and “will enable the UK’s cybersecurity sector to more effectively protect the UK as part of the whole-of-society effort, whilst ensuring cybercriminals can still be prosecuted”, said the CyberUp campaign in a report they published.
By PortSwigger.net
Uber was a victim of a cyberattack, information released around the attack has reported that an attacker had accessed several internal systems including the companies google workspace account allowing them to download messages and tools used to manage some invoices. Leaked screenshots also show the attack got access to Uber's AWS account, SentinelOne security dashboard, VMware vSphere control panel, and other critical IT infrastructure. It was also said that the attacker got access to private source code repositories and internal documents. Uber believes that the attack perpetrated by the hacker group Lapsus$ which has been hacking many high-profile companies this past year. Uber has reported that no customer and driver data was accessed as well as the databases storing customer banking information.
By TheRegister.com
GTA 6 has had its source code and videos leaked after an attack on Rockstar Games. The source code and videos were leaked after the hacker breached Rockstar Game’s slack server and confluence wiki. The videos and source code were first leaked 17th September, where a threat actor called ‘teapotuberhacker’ shared the link to a RAR archive containing 90 stolen videos. The videos have revealed things like the location of the game, NPC tracking and camera angles. The hacker has claimed to have stolen “GTA 5 and 6 source code and assets, GTA 6 testing build,” but is trying to extort Rockstar Games to prevent further data from being released. The threat actor has said that he will accept offers for the source code and assets that are over $10,000.
By BleepingComputer.com
Optus have confirmed they have been hit by a cyberattack that has compromised customer information. The information that may have been compromised includes customers’ names, date of birth, phone numbers and emails. For some customers, addresses and ID document numbers, such as driver’s licenses and passport numbers, have been exposed. The company has stated that they have shut down the cyberattack and is working with the Australian Cyber Security Centre on the issue. Ms Bayer Rosmarin said “We are devastated to discover that we have been subject to a cyberattack that has resulted in the disclosure of our customers’ personal information to someone who shouldn’t see it”.
By ABC.net.au
Many Atlassian Confluence Servers are still vulnerable to a now-patched critical flaw that attackers are actively exploiting to deploy crypto miners. This flaw is being tracked as CVE-2022-26134, and with a CVSS score of 9.8 we highly recommend applying the latest patch as soon as possible. While this flaw was addressed back in June 2022, there are still many unpatched servers vulnerable to a plethora of attacks, including but not limited to the deployment of remote access trojans (RATs), ransomware, and crypto miners/information stealers.
By TheHackerNews.com
A well-known vulnerability in the Profanity vanity key generator has been exploited in a major attack, almost 8 months after its disclosure. The flaw, which was patched back in January of 2022, was exploited as part of the Wintermute hack; the attack resulted in a loss of around $162.5 million in cryptocurrency for the currency maker. It is believed that “most of the Profanity wallets were secretly hacked”, meaning the attack could be even more serious than what is currently known. All Profanity users are advised to move their assets to a different wallet as soon as possible to avoid the possibility of an imminent loss of funds.
By CoinTelegraph.com
Microsoft's Patch Tuesday for September has been released, addressing 63 total vulnerabilities, 5 of which are considered critical. Flaws affecting Azure Arc, Microsoft Edge, Microsoft Office and more have all been addressed this month, so we advise applying the latest updates as soon as possible, using you standard processes for patch management and testing. Please see our round-up of this month's Patch Tuesday for more details.
And that’s it for this week’s round-up, please do check in next week for our new batch of security news and posts.
Stay Safe, Secure and Healthy!
Edition #206 – 23rd September 2022
Why not follow us on social media:
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
