Welcome to Ironshare’s Cyber Round-up, where we look back at the events of that last week to cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
UK startup, CyberSmart, has announced the upcoming release of their new cybersecurity solution. This new technology, targeting small and medium businesses, aims to be an “all-in-one platform providing cybersecurity technology, and cyber insurance if things go wrong.” The firm has a current customer base of 4,000, and has received investment from European VC, Oxx, to fund the £12 million platform. This seems like a promising venture from CyberSmart, and we are excited to see how this product develops in the near future.
By techcrunch.com
Hackers are using a fake ChatGPT apps and websites to push their malware. After recent popularity of OpenAI’s ChatGPT chatbot, threat actors are taking advantage to distribute malware for Windows and Android. ChatGPT gained immense popularity since its launch in November 2022. The popularity made it become the most rapidly growing consumer application in modern history with more than 100 million users by January 2023. OpenAI released a new tool and launched a $20/month paid tier for individuals who want to use the chatbot with no availability restrictions. Over 50 fake apps have been discovered that steal personal and credit card information.
By bleepingcomputer.com
Google delivers a Record-Breaking $12 million in Bug Bounties. Google have addressed more than 2,900 security vulnerabilities in its products last year. This awarded more than $12 million in bug bounty rewards to researchers in a record-breaking cash storm. According to a VRP (Vulnerability Reward Program) report, several VRP segments saw record highs in 2022 which doled out $4.8 million to bug hunters.
By darkreading.com
NSA (National Security Agency) shares guidance on how to secure your home network. This is to help remote workers secure their home networks and defend their devices from attacks. The guide was published by the Defence Department’s intelligence agency on Wednesday. This includes a long list of recommendations, including a short list of highlights urging teleworkers to ensure their devices and software are up to date. Remote workers have also been advised to back up their data often. This is to prevent data loss and to disconnect equipment they are not using if it doesn’t require an active Internet connection at all times.
By bleepingcomputer.com
Fortinet’s latest patch rollout on February 16 contained a fix for a critical remote code execution flaw in their FortiNAC network access control solution. Just days after the release of this patch, attackers are actively exploiting this flaw in the wild. We urge all FortiNAC owners to update their devices to the latest version as soon as possible, to ensure you do not fall victim to these recent exploits.
By securityweek.com
Critical patches have been released for the following versions of ClamAV:
• 0.103.8
• 0.105.2
• 1.0.1
All three patches contain fixes for a critical remote code execution vulnerability that exists in the HFS+ file parser, as well as a potential remote information leak flaw in the DMG file parser. With a CVSS score of 9.8, this RCE flaw makes these updates vital, and we urge all ClamAV users to apply the latest updates as soon as possible.
It is also worth noting that ClamAV version 0.104 has reached end-of-life, and will no longer be receiving updates. Any users running this version are advised to move to a supported version.
By blog.clamav.com
And that’s it for this week’s round-up, please do check in next week for our new batch of security news and posts.
Stay Safe, Secure and Healthy!
Edition #225 – 24th February 2023
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
