Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
Following on from last week’s NurseryCam post, more information has come to light. Parents have now been informed of a confirmed breach of security and the company have shut down their server as a “precautionary measure”. Their services, which were being used by more than 40 nurseries across the UK, have been suspended until a fix is found. NurseryCam confirmed that usernames, passwords, names, and email addresses may have been leaked in the breach.
By BleepingComputer.com
Bombardier, a Canadian airplane manufacturer, has announced they fell victim to a recent security breach. The attack, which is likely related to the recent Accellion FTA flaw, was carried out by the Clop ransomware gang, who published the firm’s sensitive data on a dark web portal; this was made possible by a 0-day vulnerability existing in a third-party file-transfer application running on isolated servers in the Bombardier network.
More details on this breach can be found here.
By ZDNet.com
A new undetected strain of malware has been found that targets macOS systems. This malware, which has been named “Silver Sparrow”, uses a lot of common techniques such as using a LaunchAgent. However, Silver Sparrow is interesting because it does not operate the same as other strains; the main talking point being its method of execution using JavaScript. This is something that has not been seen in macOS malware before. As of February 17, this malware had infected 29,139 macOS devices across 153 countries; the majority of these infections however were in the US, the UK, Canada, France, and Germany.
More details on this malware, including technical analysis and a list of indicators of compromise, can be found here.
By RedCanary.com
Many Microsoft email users have reportedly received phishing emails from individuals pretending to be couriers for FedEx and DHL Express. The aim of these phishing attacks was to steal email account credentials by hosting their scam page on a legitimate domain to bypass email security measures. This is a common technique used in phishing attacks recently, with many hosting their phishing pages on services such as Google Sites and Box.
By ThreatPost.com
New social media site Clubhouse, which is known for its audio chatrooms, has suffered a data leak in which an unauthorised user was able to stream audio feeds they should not have had access to. This violated the app’s terms and conditions, and so the individual responsible was permanently banned; Clubhouse state that additional security measures were implemented to ensure this does not happen again.
By BBC.com
Recently, firewall vendor SonicWall discovered and patched a zero-day vulnerability in their SMA-100 remote access devices. A week later, a second firmware update has been published to introduce “additional safeguards”. The latest update includes performance enhancement, code-hardening fixes, a number of customer issue fixes and previous SMA 100 series zero-day fixes. We recommend applying this latest patch as soon as possible if you use SMA appliances.
By BleepingComputer.com
It was recently discovered that multiple flaws exist in the VMware ESXi and vSphere Client, including a remote code execution vulnerability with a CVSS score of 9.8. Updates have now been published for these flaws and we recommend that all VMware customers update their products to the latest version as soon as possible.
More details on these bugs can be found here.
By vmware.com
And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #130 – 26th February 2021
Why not follow us on social media:
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
