Welcome to the Ironshare Cyber Round-up where we look back atthe events of that last week and cover some of the news, posts, views, and highlightsfrom the world of Security.
In this week’s round-up:
The McAfeeteam has announced its views on the ongoing issues surrounding data leaks. Dataleaks are becoming more common by the day, with the majority going unnoticed. McAfeebelieve that lack of visibility is to blame for the problem; their recentreport revealed that enterprises are unaware of 99% of the exposed instancesthey are running. These instances are typically databases and storage bucketsthat were left accessible to the public on the internet, which makes up a largeportion of the data leaks in recent years. A recent study proved that just 26%of organisations have tools to audit their cloud configurations, meaning themajority of companies have no idea what is happening within their cloudinstances. By simply introducing cloud auditing to an organization, they canknow exactly what needs changing to keep their data secure.
By TheRegister.co.uk
Notorioushacker group GandCrab, who were originally known for building ransomware forother criminals, have reappeared after retiring from their activities earlierthis year. Researchers have been analyzing a new strain of viruses that showsigns of GandCrab’s involvement. Their customized ransomware that they sell toothers, has reportedly hit over 1.5 million machines, including devices locatedin hospitals. This code that appears to have surfaced shares many similaritieswith GandCrab’s old work, including their mistakes. Researchers are notsurprised of the group’s return and remain on the lookout for any further activity.
By BBC.co.uk
A massivesurge of account hijacks has hit YouTube creators over the last few days; thescheme has mainly targeted those in the car review and auto-tuning community,although others have reported issues. The attack was part of a coordinatedcampaign that involved a phishing scheme to lure users into giving up theiraccount credentials. A user who managed to recover their account providedinsight into the attack chain that led to the hijack. It appears that thehackers use phishing emails to gain credentials and use them to access theirgoogle accounts; from there they can re-assign channels to new owners andchange the channel’s custom URL, so it appears the account has been deleted. AsSMS based 2FA was also compromised during these account takeovers its recommendedto move your accounts to 2FA using hardware keys or authentication apps.
By ZDNet.com
Gamedevelopers Blizzard, who created World of Warcraft, have made an announcementfollowing a recent DDoS attack targeting their game service. They revealed thatshortly after the attack, the developers began working with law enforcement tofind the person responsible; it was confirmed that law enforcement havearrested the individual they suspect was behind the attack. Although thehacker’s identity was not disclosed, a twitter account by the name of‘UKDrillas’ claimed responsibility shortly before the attack took place; uponanalysis of the twitter account it appears that the hacker is based in theUnited Kingdom. Another Blizzard title, Overwatch, was also reportedly affectedby the DDoS, however the suspect has since been arrested and the game servicesshould return to normal.
By HotForSecurity.BitDefender.com
Adobe hasreleased updates for the 2016 and 2018 versions of ColdFusion after identifyingthat they are affected by three new vulnerabilities; 1 rated important & 2 ratedcritical. ColdFusion is Adobe’s commercial rapid web-application developmentplatform. The first critical vulnerability is a command injection flaw thatallows an attacker to execute arbitrary code; the second is a path traversalexploit that allows attackers to bypass access controls. The twovulnerabilities were addressed in a recent unscheduled update; Adobe recommendupdating to the latest version of ColdFusion to minimize the risk of an attack.More details on the flaws are included in the original post.
By ThreatPost.com
Its been arough few weeks for Microsoft and Windows users due to the overwhelming amountof severe security issues. As well as the problems that recent Windows updateshave presented, including breaking Windows Defender, warnings have been issuedfor exploits such as weaponized worms and device driver flaws. Among the massof issues is a critical zero-day vulnerability in the scripting engine memoryof Internet Explorer 9, 10 and 11. This remote code execution flaw allows anattacker to corrupt memory and execute arbitrary code in the context of thelogged in user. Most of the issues have been patched, including the flawmentioned above; however, the update does have to be installed manually, so werecommend seeking out updates from the official Microsoft website.
By Forbes.com
And that’s it for this week round-up, please don’t forget totune in for our next instalment.
Why not follow us on social media using the links providedon the right.
Edition #60 – 27th September 2019
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
