Welcome to Ironshare’s Cyber Round-up, where we look back at the events of that last week and year to cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
The National Cybersecurity alliance is a non-profit organisation helping to promote cybersecurity, privacy, education and awareness. In an effort to push awareness on phishing they have teamed up with Amazon to create a public service website with enjoyable video content. They used the weight of Prime Video and big stars Michael B. Jordan and Tessa Thompson to promote the service. The PSA focuses on staying secure online, including changing passwords if phished, strong passwords and multi-factor authentication to protect user accounts. Along with these methods of protection, Ironshare recommend that accounts should not share the same password to avoid a hacker breaching multiple accounts across different services.
Check out the site here: https://protectconnect.com/en/index.html
By AboutAmazon.com
General Bytes, manufacturer of Bitcoin ATMs, has confirmed that they were recently hit by a cyberattack. The attack was made possible by a zero-day vulnerability that has been present in CAS (Crypto Application Server) software since version 2020-12-08, which allowed the attacker to remotely create an administrator account on their servers. General Bytes are still unsure how many servers were compromised in this manner, but the breach led to the attacker forwarding coins to his wallet from certain Bitcoin ATMs.
More details on this attack can be found in General Byte’s advisory here.
By TheHackerNews.com
Threat Group, TA558, has recently put a heavy focus on the travel and hospitality industries when it comes to their attacks, with active campaigns relating to fake reservations for flights and hotels. The group was very active back in 2018 with a similar campaign, however security researchers warn that TA558 have stepped up their game with their latest work. In the past, they utilised malicious Word documents in their attacks, but have recently pivoted towards ISO and RAR files; researchers believe this is due to Microsoft disabling macros by default in Office products. We urge everyone to keep an eye open for scams and phishing attempts and to verify the sender of all emails before clicking any links or attachments.
By ThreatPost.com
Twitter’s previous head of security Peiter Zatko has reported on concerning issues inside twitter. The ex-head of security declared that twitter’s internal “production environment” was unsecure and "it was impossible to protect the production environment. All engineers had access. There was no logging of who went into the environment or what they did.... Nobody knew where data lived or whether it was critical, and all engineers had some form of critical access to the production environment." Among this, multiple other security concerns were uncovered such as misleading the government of its security vulnerabilities, not appropriately deleting user data as well as misleading regulators about whether it deletes the data as it is required to do and employees working for foreign government's intelligence service. By whistleblowing Peiter Zatko has said that he is doing what he was hired to do, “I signed on to do it and believe I'm still performing that mission"
By Edition.cnn.com
A new attack method has been spotted across WordPress sites getting users to install malware. An unknown threat actor has been compromising weak protected WordPress sites and inserting obfuscated JavaScript. This will produce a fake Cloudflare protection DDoS screen which requests visitors to click on a button which downloads “security_install.iso” on the visitor’s machine. They are then requested to open the file and enter the personal verification number into the site to gain access. In the background a powershell command runs and installs NetSupport RAT, a remote access trojan and Racoon Stealer, a credential stealing trojan. If you suspect a site has been compromised contact the organisation running the site or WordPress directly to report the issue and protect other visitors accessing the site.
By BleepingComputer.com
Apple has released iOS 15.6.1, which fixes two key vulnerabilities that are already being actively exploited. The first is a flaw that exists in the iPhone Kernel and could allow applications to execute code with kernel privileges. The second is a flaw in WebKit which allowed an attacker to execute arbitrary code. We strongly advise updating your iOS devices as soon as possible, since these vulnerabilities are already being exploited.
By Forbes.com
Back in 2021, a critical command injection flaw was found in Hikvision cameras; recent reports have shown that more than 80,000 cameras are still vulnerable. This vulnerability boasts a CVSS score of 9.8 out of 10, and is being actively exploited by governments and hacker groups alike. We strongly recommend all Hikvision users to keep their devices up to date and keep on top of patch releases.
By TheRecord.media
And that’s it for this week’s round-up, please do check in next week for our new batch of security news and posts.
Stay Safe, Secure and Healthy!
Edition #203 – 26th August 2022
Why not follow us on social media:
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
