Welcome to Ironshare’s Cyber Round-up, where we look back at the events of that last week and year to cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
As we get closer and closer to Christmas, the NCSC understands how important it is to be safe when shopping online. Their most recent guide covers how to shop online in a secure way that will reduce the chances of you falling victim to an attack. The key points covered in this advisory are carefully choosing where to shop, using a credit card to guarantee refunds in the event of a scam, securing your accounts, and avoiding suspicious phishing attempts. We strongly advise everyone to read this guidance to ensure you are safe during this busy period of online shopping.
The official NCSC guide can be found here.
By ncsc.gov.uk
MSI Afterburner is an overclocking utility that is compatible with many popular graphics cards. Attackers have recently taken advantage of the software’s popularity by creating a fake website that appears to download MSI Afterburner. Despite looking legitimate, this site instead downloads an information-stealer and an XMR miner, allowing the attacker to mine cryptocurrencies when the device is idle, and even potentially steal account credentials. Users looking to install MSI Afterburner are advised to be careful when visiting the download site, and to carefully inspect the website before clicking any links.
By BleepingComputer.com
A nascent and legitimate penetration testing framework known as Nighthawk is likely to gain threat actors attention for its Cobalt Strike-like capabilities. Proofpoint said it detected the use of the software in mid-September 2022 with several test emails sent using generic subject lines such as “Just checking in” and “Hope this works2.” So far there are no indications that a leaked or cracked version of Nighthawk is being weaponized by threat actors in the wild, but opportunities are highly likely.
By Amp.TheHackerNews.com
The Netherlands is one of the most digitised countries in the world. Dutch people work, live, shop and meet ever more digitally, making reducing digital security risks a priority. The Netherlands government has drawn up a new national cyber security strategy that aims to provide digital protection in Dutch society. Cyber threats are ever-present and increasing, with criminals and state actors threatening organisations of all types.
By ComputerWeekly.com
Datadog security researchers recently discovered a serious flaw in Amazon’s AWS AppSync service. This flaw has been labelled as a “cross-tenant vulnerability” that allows attackers to traverse across multiple organisations and access their resources. Amazon have since issued a statement and believes that “No customers were affected by this issue, and no customer action is required.”. The vulnerability has now been patched by Amazon, who has thanked Datadog for their work in discovering this issue.
By TheRecord.media
Microsoft is rolling out fixes for the Kerberos network authentication protocol on Windows Servers after it was broken by November Patch Tuesday updates. Updates that were released on November 8th, were planned to fix security issues in Kerberos on Domain Controllers, but have actually resulted in breaking network and identity security requests using Kerberos authentication. Impacted users have been unable to access remote desktop connections, shared folders and printer connections that all rely on domain user authentication. Microsoft has now released out of band and cumulative updates to address these issues.
By TheRegister.com
And that’s it for this week’s round-up, please do check in next week for our new batch of security news and posts.
Stay Safe, Secure and Healthy!
Edition #213 – 25th November 2022
Why not follow us on social media:
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.