Welcome to the Ironshare Cyber Round-up where we look back atthe events of that last week and cover some of the news, posts, views, and highlightsfrom the world of Security.
In this week’s round-up:
Deliveroo users have recently had their accounts hacked andsold by dark web dealers for prices as small as £5. Hackers are using logindetails from previous mega-hacks and various phishing techniques to obtain auser’s credentials to sell online. Victims have been reporting unusual amountsof food being ordered from their accounts, with one order coming to £450. Asignificant number of account thefts have been reported recently, mostly inLondon. Many users have complained about the slow response from Deliveroo andare unhappy that they are simply deleting the compromised accounts. Theydisclosed that they were working hard to address the issue, using fraudprevention software, but no solution has been presented yet.
By Forbes.com
TV giant Sky has sent a notification to its customerswarning them that their passwords had been reset following an incident thathappened last week. After customers reacted with confusion to the email, Skyresponded saying that they occasionally reset passwords to keep accounts safe.The incident they referred to appears to be a potential breach of Sky email accounts,which indicated that unauthorised access had been identified. However,information regarding the nature of the incident has not yet been fully disclosed.This has not affected all of Sky’s customers, but a researcher has confirmedthat the customers contacted did not have their accounts breached. Sky respondedwith what they were they consider best practice account management and resetthose accounts they believed were affected.
By Forbes.com
Lancaster University is working to secure its systemsfollowing a recent data breach. Stolen data included phone numbers, IDdocuments and records of a small number of students. The data stolen wasreportedly linked to those who applied in 2019 and 2020. Officials announcedthat the stolen data was being used to send fake invoices to victims anddescribed the attack as sophisticated and malicious. The university announcedthat those who were affected will be contacted with advice.
By BBC.co.uk
Phishers have a new method of infiltrating people’s Office365 accounts, and it all starts with a fake email that appears to be fromMicrosoft. The email contains a link to a fake Office login site, where thevictim can enter their credentials; if login credentials are entered correctly,they are captured by the attacker before redirecting the victim to the officialOffice 365 dashboard, to avoid any suspicion regarding the breach. However, ifcredentials are entered incorrectly, a seemingly real error page is shownasking to login again. This method is unlike anything previously seen, as itfocuses on masking the truth from the victim, even after compromising theiraccount. Microsoft recommends enabling Multi Factor Authentication to mitigatethis threat.
By HelpNetSecurity.com
American Express card holders are being targeted by a newphishing campaign, in which attackers send a fake email to a victim, posing asan account update. The hyperlink then redirects to a malicious site. What makesthis method seem legitimate is its use of an embedded “base href” URL; thisalso hides its intent from security tools and anti-virus. The attack does notjust target consumers however, actual credit cards, membership reward accounts,merchant accounts and American Express @Work accounts are all at risk. Theattackers behind this campaign are taking many precautions to disguise themalicious site, these methods are discussed in more detail in the originalpost.
By Sesin.at
A recent malicious advertising campaign has been activelyexploiting WordPress plugin vulnerabilities to launch attacks. The most recenttarget was the ‘Coming Soon Page and Maintenance Mode’ plugin, which is presenton over 7,000 sites. The flaw allows an attacker to inject code into the targetwebsite, giving them the ability to display popup ads and even redirectvisitors to malicious sites disguised as tech support. The biggest flawtargeted by this campaign is the Yellow Pencil Visual CSS Style Editor plugin,which has over 30,000 installs. These vulnerabilities were recently disclosedby WordPress and, although patches have been released, those using versionsolder than 1.7.8 are still at risk.
By ThreatPost.com
Apple’s latest patch addresses recent vulnerabilities iniOS, MacOS, Safari, watchOS and tvOS. The update includes a total of 37 fixes,including patching for a few high severity vulnerabilities. One major flawallowed an attacker to authorise purchases without unlocking the phone usingthe wallet app. The patch also resolved a bug that allowed a Walkie-Talkieconnection to be active during a call without the user’s knowledge. More detailson this patch are included in the original post. If your devices are not set toautomatically update then we encourage you to update the latest patches as soonas you can.
By TheRegister.co.uk
And that’s it for this week round-up, please don’t forget totune in for our next instalment.
Why not follow us on social media using the links providedon the right.
Edition #51 – 26th July 2019
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
