Welcome to the latest edition of the Ironshare CyberRound-up where we look back at the events of that last week and cover some ofthe news, posts, views, and highlights from the world of Security.
In this week’s round-up:
This week at the RSA conference, Cisco has unveiled SecureX,a new platform designed to improve visibility across all their cloud-based securityproducts. This dashboard aims to integrate a customer’s array of securitysolutions to streamline the customer experience, as well as incorporating thirdparty integration. SecureX introduces unified visibility, automation, managedthreat hunting and many other features designed to improve the operationalsecurity experience and speed up time to detection and remediation. You canlearn more about the upcoming platform on the Cisco website.
By Cisco.com
A facial recognition company known to work with high profilelaw-enforcement agencies has recently announced that their entire client listhas been stolen by an intruder. The company, Clearview AI, revealed that thehacker managed to gain a list of customers, number of user accounts and numberof searches made by customers; despite this, they confirmed that their networkand servers were not compromised. Clearview said they have since patched thevulnerability and as usual with these incidents they claim, ‘security is theirtop priority’, which always seem to come after the fact.
By TheDailyBeast.com
A new SMS phishing campaign has been discovered that istargeting US mobile devices. The attackers have been seen stealing bankingcredentials and reportedly installing the Emotet malware onto compromiseddevices. The phishing SMS contains a warning saying the victim’s bank accounthas been locked and prompts them to click a link to reactivate it. Thisphishing attempt looks remarkably legitimate; check out the blog post whichcontains a list of indicators to help you know if a message is a scam.
By HotForSecurity.BitDefender.com
A new version of the well-known Android banking trojan, Cerberus,is reportedly capable of stealing codes from the Google Authenticator app,therefore allowing access to 2FA-enabled accounts. Current versions of Cerberusare already remarkably advanced, possessing features usually exclusive toremote access trojans; the new versions, which are reportedly still beingtested, have capabilities very rarely seen in malware strains. The features itpossesses make it capable of bypassing all authentication on online bankingaccounts, making it extremely dangerous and profitable for the bad guys.
By ZDNet.com
Google announced this week that they have released a patchfor a zero-day bug for the Chrome web browser. This flaw was being activelyexploited in the wild and affects all versions of the browser on Windows, macOSand Linux. Google disclosed information about the severity of the bug andlabelled it as a memory corruption vulnerability linked to Chrome’s open-sourceJavaScript and Web Assembly Engine known as V8.
By ThreatPost.com
A new bug, known as Kr00k, has been discovered that allowsan attacker to intercept and decrypt WiFi network traffic. This vulnerabilityreportedly affects all WiFi devices that use Broadcom and Cypress WiFi chips;these are some of the most popular chipsets in the world and are used in themajority of devices, including smartphones laptops and even smart speakers.Patches should be available for most vulnerable devices but may require afirmware update; this article includes instructions on how to check yourdevices for a patch.
By ZDNet.com
And that’s it for this week’s round-up, please don’t forgetto tune in for new instalments every week.
Why not follow us on social media using the links providedon the right.
Edition #80 –28th February 2020
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
