Welcome to Ironshare’s Cyber Round-up, where we look back at the events of that last week and year to cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
The Strava fitness-tracking app has recently been used to spy on members of the Israeli military. This was discovered by an Israeli open-source intelligence operation, who believes the app was used to track movements between secret bases and observe overseas activity. This has the potential to be very dangerous, since undercover members may be discovered or identified.
By BitDefender.com
In the past, the well-known RIG Exploit Kit has been primarily used to deliver the Raccoon Stealer, however recent activity has shown that the operators have chosen a new malware for their latest campaign. Since January 2022, RIG operators have been using the exploit kit to deliver the Dridex financial trojan; another campaign that began in April has also been spotted using the RedLine Stealer. Many different variants have been spotted in the first half of 2022 and we expect to see more in the near future. This latest switch has been triggered by the death of a key team member in the Russia-Ukraine war.
By TheHackerNews.com
Flagstar Bank recently disclosed news of a data breach that occurred back in December 2021. The announcement claims that the personal data of 1.5 million customers has been compromised, including full names and social security numbers. Affected users are being offered two years of identity monitoring and protection services for free. Not much more is known about the incident, but it appears that Flagstar’s response has been positive; despite this, there is still cause for concern since this is their second major security incident in the last year and they could of informed impacted customers earlier.
By BleepingComputer.com
Yodel have announced they are experiencing service disruption due to a recent cyber incident. Their latest statement claims they are “working to restore our operations as quickly as possible”, but also stated that order tracking is currently unavailable, and deliveries may be delayed. While no payment information has been leaked, there is the possibility that other personal data may have been stolen; this is being investigated now.
By InfoSecurity-Magazine.com
ToddyCat, a new advanced persistent threat, has been identified as the culprit of a series of attacks hitting Microsoft Exchange Servers. The attacks are primarily targeting government and military installations in Asia and Europe and appear to “leverage two passive backdoors within the Exchange Server environment with malware called Samurai and Ninja”. This reportedly allows the attacker to completely take over the target hardware.
More details on the nature of these attacks can be found here.
By ThreatPost.com
New research conducting by Claroty has revealed fifteen vulnerabilities in Siemens SINEC network management system. If exploited correctly, these flaws could allow a remote attacker to execute code on the affected system. These vulnerabilities are especially dangerous since they affect devices primarily used in industrial automation; this means there is also a potential risk to human life. All versions prior to V1.0 SP2 Update 1 are affected; we recommend all Siemens users update their systems as soon as possible.
By TheRecord.media
Cisco recently revealed four new vulnerabilities in their security products, one of which is high severity and exists in email and web security appliances. While there is no trace of this flaw being exploited in the wild, it could allow an attacker to steal sensitive information like user credentials from a LDAP external authentication server. This is accompanied by three medium severity vulnerabilities; some fixes have been released for earlier versions of affected products, however some will not be available until August and December.
More details on fix releases for the affected appliances can be found here.
By TheRegister.com
And that’s it for this week’s round-up, please do check in next week for our new batch of security news and posts.
Stay Safe, Secure and Healthy!
Edition #194 – 24th June 2022
Why not follow us on social media:
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
