Welcome to the Ironshare Cyber Round-up where we look back atthe events of that last week and cover some of the news, posts, views, and highlightsfrom the world of Security.
In this week’s round-up:
Hackers have found a way to obtain complete control ofmobile carrier networks after infiltrating over a dozen companies since 2012.The hackers have been using their power to steal sensitive data and monitor users,whilst also having the potential to do so much more; they even have the controlto shut down communications if they wanted. Despite this, it is believed thatthe hackers care little about disruption and are more focused on espionage. Theattack seems targeted, as only a small portion of the users they are monitoringhave had data stolen (likely high-profile military and government figures).
It appears that the hackers exploited old vulnerabilities to infiltrate the carriers, and spread the malware by flooding all the computers on a network to achieve successful login attempts; this led to the creation of user accounts with escalated privileges, which they used to blend in as company staff. Researchers recommended that mobile carriers closely monitor high-privilege accounts and servers, however users can do nothing to protect themselves from being monitored.
By cnet.com.
NASA recently revealed that 500 MB of data has been stolen from its Jet Propulsion Laboratory (JPL) by an attacker using a Raspberry Pi. The stolen files detail the transfer of military technology, as well as space technology related to the Mars Science Laboratory Mission. Auditors learned that users were able to access applications on JPL’s network that they should not have had access to, meaning the attacker could also gain similar access to the network. Since the system admins didn’t effectively monitor devices that were added to the network, the hacker went undiscovered for a very long time.
Upon discovery, NASA officials were worried that the attacker would be able to disrupt their mission systems and intercept messages, and so they disconnected the Johnson Space Center from the core Gateway. The Johnson Space Center is responsible for the ISS (International Space Station) program, which puts into perspective the scale of the breach. The hacker went 10 months before being discovered and was not the first person to target NASA. The massive amount of data regarding cutting-edge technology has made NASA a profitable target for malicious actors over the years.
By DigitalTrends.com.
The bad actors responsible for the Wipro phishing attack have been spotted targeting several other big companies, including Expedia, Rackspace and Western Union. The hacker group is also responsible for a large campaign of phishing attacks, intended to obtain cash from vulnerable businesses. The group was described as ‘reasonably sophisticated’, and it is believed that they used obscure phishing templates to carry out the attacks. The templates used in these attacks are identical to those marketed by pentesting firm, Lucy Security, although they deny their that software products were used in the Wipro attack.
By TheRegister.com.
A new method of phishing has been recently discovered thatattackers are taking advantage of. Commonly referred to as Calendar Phishing,attackers are making use of the default google calendar settings that allowinvitations and events to be sent to users, even if that user hasn’t respondedto the invite. The victims are typically caught off guard by calendar phishing,and are likely to dismiss the possibility of a link being malicious if it comesfrom a trusted google app. This method of phishing, although effective, can beprevented very easily. Simply changing your event settings in Google Calendarto stop automatic invitations will resolve this issue; details on how to dothis are included in the original post.
By FossBytes.com.
A recent security failure has resulted in WeTransfer, a popular online file sharing service, sending file transfer links to the wrong recipients. This could potentially lead to unauthorised parties accessing sensitive files. Despite acknowledging the security incident, WeTransfer did not reveal how many users were affected, who the emails were sent to and it is also unclear whether this was a malicious attack, or a mistake made by the company. Users are recommended to encrypt sensitive files before using file sharing services, and to use a medium other than email when transferring files.
By GrahamCluley.com.
Last week, two zero-day flaws were discovered in MozillaFirefox. The first involved manipulating JavaScript objects, whereas the secondwas a sandbox escape allowing access to the OS layer. Researchers discoveredthat the two flaws were intended to be used together to create a malicious backdoorknown as netwire, which can infect macOS and Linux systems. The netwirerelation was discovered by Apple security expert Patrick Wardle, however it isnot clear how the attackers learned that the flaws worked together. Despitethis, both flaws were patched by Mozilla last week and fixes for both vulnerabilitiesare included in version 67.0.4 of Firefox.
By NakedSecurity.com.
Programming tricks such as Rambleed allow an attacker toread bits in memory without directly accessing your memory space, due to areliability issue in DRAM cells. Rambleed attacks have their flaws, and onlyallow the attacker to make educated guesses as to where bits are stored,however the authors of the Rambleed paper managed to successfully read OpenSSHprivate keys from memory without root privileges. In response to the extractionof private keys, OpenSSH have released new code, which works by only keepingprivate keys in memory for the short time it is required. OpenSSH’s aim is toreduce the time that keys are exposed to danger, thus making RAM-sniffingattacks much harder. The functions for the key-shielding code are included inthe original post.
By NakedSecurity.com.
And that’s it for this week round-up, please don’t forget totune in for our next instalment.
Why not follow us on social media using the links providedon the right.
Edition #47 – 28th June 2019
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
