Welcome to the latest edition of the Ironshare CyberRound-up where we look back at the events of that last week and cover some ofthe news, posts, views, and highlights from the world of Security.
In this week’s round-up:
The Computer Misuse Act was introduced in 1990 as a way ofcriminalising unauthorised computer activity, however 30 years later, cybersecurity experts want change. According to the Criminal Law Reform Now Network,the Computer Misuse Act is restricting expert’s ability to carry out researchinto threats, thus compromising the UK’s cyber security. The report from CLRNNincludes a list of recommendations on how the CMA can be improved to bothcriminalise malicious activity and benefit threat intelligence research.
By Birmingham.ac.uk
The Information Commissioner’s Office, which is responsiblefor the UK’s data privacy regulations, have published a new code of practiceaimed at protecting the privacy of children online. The long overdue code issaid to be ‘transformational’ and comes following the suicide of a 14-year-oldgirl who killed herself in response to graphic content she had seen online. Theprivacy settings introduced by the Age Appropriate Design Code are likely to bein operation by autumn 2021, once it is approved by parliament; to furtherenforce these privacy policies, large fines will be issued to online contentproviders, such as social media platforms for breaches in its conduct.
By BBC.co.uk
250 million Microsoft customer records from the last 14years have been exposed in an online database with no password protection. The exposed records included theemail addresses, IP addresses, locations and support cases of those affected;this database is a goldmine for fraudsters planning to carry out Microsoftsupport scams. The exposure was found on December 28, 2019 and was disclosed toMicrosoft immediately; within 24 hours all servers had been secured. Theseverity of this leak comes as no surprise; Microsoft have been in the news alot recently, and not for good reasons.
By Forbes.com
Citrix have partnered with well-known security company,FireEye, to develop a tool that can be used to check for compromise. After thenews hit regarding critical vulnerabilities being actively exploited, Citrixresponded with this tool which they highly recommend to all of their customers.The tool is said to provide a quick response assessment that highlights anyindicators of compromise based on known attacks and exploits; it is alsocompatible with all versions of the Citrix Application Delivery Controller andGateway. If you are concerned that you might be impacted, Citrix customers shouldtry this tool to quick assess their products; it is both free and easy to use.
By Forbes.com
Following a recent series of exploitation attempts andproof-of-concept exploits, Citrix has sped up their patch rollout process, andintends to have all versions of their Application Delivery Controller andGateway products patched by January 24. Citrix originally stated they would notbe patching the products; however, they were given no choice afterproof-of-concept exploit code was published publicly. We suggest looking intothis if you use these products to understand what versions are expectingupdates and when they can be applied.
By ThreatPost.com
An unpatched zero-day vulnerability has been discovered inInternet Explorer, and it is being actively exploited in targeted attacks. Theflaw could allow an attacker to execute arbitrary code and is typically beingexploited via web-based attacks in which the victim is sent to a maliciouswebpage, often through an email link. This vulnerability is believed to belinked to a critical Firefox flaw from earlier this month, and Microsoft haveconfirmed that all supported versions of windows are vulnerable. There iscurrently no security patch for this flaw, however Microsoft have released alist of workarounds to help mitigate the threat. We highly recommend lookinginto these workarounds to best protect yourself from potential attacks.
By GrahamCluley.com
And that’s it for this week’s round-up, please don’t forgetto tune in for new instalments every week.
Why not follow us on social media using the links providedon the right.
Edition #75 – 24th January 2020
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
