Welcome to the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security. Following the theme of cyber awareness month, we have included a section on cyber security education!
In this week’s round-up:
It is a loteasier than you may think to give away sensitive information unwillingly, andthis post proves it. There are multiple surveys and interviews included herethat show how easy it can be for your passwords to be stolen; a large number ofpeople use personal information such as birthdays and names for theirpasswords, and in this post you can see how easily an interviewer can figureout passwords. Many people do not understand the importance of account securityand leave themselves vulnerable to attacks by simply answering personalquestions.
This isanother post in John Opdenakker’s Cyber Security Month series which includesmore great advice on how to stay safe online.
By JohnOpdenakker.com
TheNational Cyber Security Centre has reported on their efforts to prevent paymentcard fraud, and in the last year, more than 1 million suspected cases of fraudhave been prevented. Over 1,800 cyber-attacks targeting UK citizens andbusinesses have been thwarted in the first three years of the campaign. Arecent report speaking about NCSC’s efforts to protect the public includeddetails on the fraud prevention plan, as well as their attempts to speed upthreat awareness and combat malicious phishing sites. Since being set up in2016, the NCSC has made huge improvements to the UK’s cyber-security strategyand have even uncovered a Russian group that had gained access to an Iraniancyber-gang to launch attacks against UK universities.
By BBC.co.uk
Popular VPNprovider, NordVPN has responded to suspicions of a breach, and have announcedthat they were in fact hacked. They have disclosed that an expired internalprivate key had been exposed, which could potentially allow an attacker to spinout their own servers imitating NordVPN. Despite reports that the provider doesnot collect or share private data, many are still worried about the hackershaving acquired access to sensitive user data. To gain access to the server,the attackers exploited a vulnerable remote management system, which thecompany was supposedly unaware of. Many are worried about this breach,considering the provider’s promise to ‘protect your privacy online’ and it isbelieved that various other VPN providers were also hit around the same time.
By TechCrunch.com
A newMicrosoft phishing campaign has been discovered that appears to primarilytarget Office365 users. This campaign has proven troublesome due to its complexnature; it appears to target specific users regarding important work-relateddocuments that leads to the compromise of the users accounts. Upon opening thedocument, the victim is redirected to what looks like a legitimate OneDriveportal where they will be prompted to input their login credentials. There area few obvious features of the login page that can easily be recognized as fake,such as the web address; however, unless you are looking out for theseabnormalities, it is easy to fall for the scam. More details on the nature ofthis campaign are included in the original post.
By HeimdalSecurity.com
A massivedata leak of over 2 terabytes of sensitive information has been discovered inthe money-saving websites PouringPounds.com and CashKaro.com. The breachincludes the bank details, email addresses, plain text passwords, usernames andIP addresses of over 3.5 million people who use the sites. The incident wasfound by a group of researchers, who found the publicly exposed database on anelastic server that was not password protected. Upon discovering the breach,the researchers contacted PouringPounds informing them, but did not receive aresponse until over two weeks later. At this point, the database had beenexposed for six weeks; this raises the issue that many companies do not respondto breaches as fast as they should, and often allow the situation to escalatebefore taking action.
By InfoSecurity-Magazine.com
A recentlydiscovered vulnerability in Microsoft SQL Server could potentially allow aremote attacker to take control of a compromised system without the ownerknowing. The backdoor, named Skip-2.0, only works after a device has alreadycompromised, as it is a post-exploitation tool; in addition the malware candisable the machine’s logging capabilities and auditing functions to avoiddetection, this happens every time the ‘magic password’ is used to connect to anyaccount on the server. All of this allows the attacker to change or delete anycontent stored on the server without being detected; this exploit has beenrecognized as the work of Winnti Group, as it uses a variety of their known tools.
By TheHackerNews.com
And that’s it for this week round-up, please don’t forget totune in for our next instalment.
Why not follow us on social media using the links providedon the right.
Edition #64 – 25th October 2019
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
