Welcome to the Ironshare Cyber Round-up where we look back atthe events of that last week and cover some of the news, posts, views, and highlightsfrom the world of Security.
In this week’s round-up:
Researcher Anureg Sen, has discovered an unprotecteddatabase containing the details for millions of Instagram users. The data wasfound in a publicly accessibly Amazon Web Services S3 storage bucket, managed bymarketing company Chtrbox, which could be accessed without needing a usernameor password. Users profiles and contact information was included in the leak.
By Tripwire.
We have seen a huge increase in phishing scams over the pastcouple of years and they are not looking like slowing down. Brian Krebs hasreported on a recent scam campaign that hit more that 100,000 business emailswith legal threats. A fake document is delivered to the victim and includes trojanmalware that can deliver additional malicious content such as ransomware. Asper our usual guidance never open email attachments or click on links if theyare untrusted or you are not expecting them.
By KrebsonSecurity
The infamous GozNym gang, who were responsible for stealingapproximately 100Million Euros from its victims, have been taken down in ajoint effort by US and EU law enforcement agencies. The group of cyberspecialists used advanced banking malware, sourced from a mix of the Gozibanking trojan and the Nymaim ransomware variant to capture banking credentialsand steal funds, before laundering the money through its financial network.
By SCMagazine UK.
Cisco Talos have identified a recent campaign they have dubbed “BlackWater”, which is suspected of being associated with the known threat actor MuddyWater. New samples discovered use the same method of delivery as previous variants of MuddyWater malware, in the form of macro infected Office documents. They deliver a PowerShell backdoor and bundle new techniques that evade detection. Head over to the Talos blog for another excellent technical write up.
By Cisco Talos Intelligence.
The Magecart threat just keeps rolling on, this time hitting the subscription page on the Forbes Magazine website. Magecart uses malicious javascript to collect credit card and personal information from online checkout pages. But this attack on the Forbes sites show that the Magecart group are not just focused on ecommerce sites.
By Trend Micro
Mozilla have this week released their latest version of theFirefox browser, which aims to provide better speed and greater privacy. Version67 includes updates for two critical memory corruption vulns, that allow codeexecution and could result in a bad actor taking control of the target system. Ifyou are running Firefox its time for an update.
By Threatpost.
On the back of the critical RDP vulnerability, disclosed byMicrosoft in last week’s patch Tuesday, Cisco Talos have released Snort IDS /IPS rule coverage for CVE-2019-0708. Users of Snort can now get access to the updatefor rules set 2019-05-20 which includes rule 50137 for this vuln.
By Cisco Talos Intelligence.
And that’s it for this week round-up, please don’t forget totune in for our next instalment.
Why not follow us on social media using the links providedon the right.
Edition #42 – 24th May 2019
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
