Welcome to Ironshare’s Cyber Round-up, where we look back at the events of that last week to cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
RaidForums used to be a popular website for sharing leaked data; the site has been inactive for some time, but recently returned to the headlines following the exposure of more than 470K of its users. This leak contains the usernames, passwords, and email addresses of RaidForum members; ironically, this is the exact data that RaidForum became known for exchanging. The validity of this data was confirmed by trusted researchers, but it is still unclear where this data was found.
By cybernews.com
A recent study of U.S. clinics and hospitals has found that less than one in five are sufficiently protected against basic phishing threats. Of the 2,000 clinics and hospitals included in the survey, only 359 could confidently say that security policies were in place to catch and report phishing emails. Healthcare institutions have become a huge target for cybercriminals over the last few years, making cybersecurity more important than ever. With the majority of these institutions not even implementing basic anti-spoofing records, there is justified concerns over the safety of data and operations of the U.S healthcare industry.
By securitymagazine.com
Toyota investigated its original data leak on May 12th, they admitted leaving its primary cloud service publicly available for over a decade, putting more than 2 million clients at risk. They blamed that a human error caused their cloud system to accidentally be set to public rather than private. The most recent leak saw the same issue happen again, “As we believe that this incident was also caused by insufficient dissemination and enforcement of data handling rules, since our last announcement, we have implemented a system to monitor cloud configurations,” Toyota said in a statement. According to Toyota, the latest leak includes user data such as address, name, phone number, email address, customer ID, vehicle registration number, and vehicle identification number. Toyota has said that the details accessible vary for each customer and have estimated that their cloud system was accessible from October 2016 to May 2023.
By cybernews.com
Security researchers at Doctor Web, a Russian antimalware company, discovered spyware code in over 100 applications on the Google Play Store. The applications identified are known to contain a module labelled as “SpinOk” which is advertised as an SDK. The module aims to keep users interested through mini-games, tasks, and alleged prizes but in reality connects to a command and control server and sends data such as device information, files, copy or substitute clipboard content. “This allows the module’s operators to obtain confidential information and files from a user’s device—for example, files that can be accessed by apps with Android.Spy.SpinOk built into them. For this, the attackers would need to add the corresponding code into the HTML page of the advertisement banner,” Doctor Web explains. In total, 420 million downloads of the affected applications have been reported with the highest, Noizz and Zapya, having over 100 million each.
A full list of the identified applications by Doctor Web can be found here.
By securityweek.com
The latest update to Kali Linux brings some interesting features to the open-source OS. A new pre-built Hyper-V version of Kali Linux 2023.2 provides an out-of-the-box experience for Hyper-V users with an enhanced sessions mode which allows easier resizing of the desktop and sharing of local devices such as USB drives and printers. The new tools added to Kali Linux’s already vast portfolio are:
• Cilium-cli - Install, manage & troubleshoot Kubernetes clusters
• Cosign - Container Signing
• Eksctl - Official CLI for Amazon EKS
• Evilginx - Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
• GoPhish - Open-Source Phishing Toolkit
• Humble - A fast security-oriented HTTP headers analyzer
• Slim(toolkit) - Don’t change anything in your container image and minify it
• Syft - Generating a Software Bill of Materials from container images and filesystems
• Terraform - Safely and predictably create, change, and improve infrastructure
• Tetragon - eBPF-based Security Observability and Runtime Enforcement
• TheHive - A Scalable, Open Source and Free Security Incident Response Platform
• Trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
• Wsgidav - Generic and extendable WebDAV server based on WSGI
Along with these tools more generic improvements have been made to the audio and GUI. Read more about the latest update here.
By kali.org
WordPress have released an automatic update in response to a critical vulnerability found in the Jetpack Plugin. This was a high priority patch, due to the plugin being present on more than 5 million sites. This flaw, if exploited, would allow an author to “manipulate any files in the WordPress installation.”. The vulnerability was discovered during a recent internal audit and has reportedly been present in the plugin since November 2012. Fortunately, there have been no signs of active exploitation in the wild. No action is required from site owners, since WordPress has force installed the patch for all sites running the plugin.
By thehackernews.com
And that’s it for this week’s round-up, please do check in next week for our new batch of security news and posts.
Stay Safe, Secure and Healthy!
Edition #237 – 2nd June 2023
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.