Welcome to Ironshare’s Cyber Round-up, where we look back at the events of that last week and year to cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
Advanced, an organisation providing IT services to the NHS is still being affected by a ransomware attack launched on the 4th of August. Seven servers were affected during the attack which offered services for patient check-ins, medical notes, and the NHS 111 service. With four weeks already passed and some NHS systems still down doctors and nurses have been forced to record patient interactions on paper rather than the digital service that would be used. "Because we can't send notifications to GP practices, except by methods that don't work because they require a lot of manual handling, and we haven't got the staff to actually do the manual handling" reported Dr. Fay Wilso. Since 22nd August NHS 111 services have been coming back online however Advanced has announced that some other services may take up to 12 weeks to become operational again. This unfortunately is the harsh reality for a lot of organisations not adequately prepared to deal with a cyber attack.
By BBC.co.uk
A new campaign by hackers has been spotted by Securonix researchers which involves hiding malware in images created from the James Webb Telescope. The campaign labelled GO#WEBBFUSCATOR uses a malicious file attached to an email that is sent to the victim. The file called “Geos-Rates.docx” contains a macro that downloads an image taken from the James Webb space telescope. Within this image is a base64-encoded executable that establishes a DNS connection to a command-and-control server and sends encrypted queries.
By BleepingComputer.com
As of the Telecommunications (security) Act 2021 the UK government is allowed to introduce new standards to bolster cyber security across mobile and broadband networks. This includes hardware and software present on phone masts as well as inside telephone exchanges. The government telecoms supply chain review brought worrying results as telecoms suppliers are currently responsible for developing their security standards, often showing little incentive to adopt the best security practices. The new standards developed by the NCSC and Ofcom hope to improve the security of telecom businesses to follow the best security practices. This includes:
Providers are expected to introduce these changes by March 2024 or be met with fines of up to 10% of turnover and £100,000 per day for continued failure to align to these new standards.
By Gov.uk
On August 25th, LastPass have shared that they detected some very unusual activity within parts of the LastPass development environment. After further investigation, LastPass discovered that this incident involved no access to customer data or encrypted password vaults.
They have determined that an unauthorized party gained access to parts of the LastPass development environment, this was through a single compromised developer account. They took portions of source code and some proprietary LastPass technical information. LastPass have now said that their products and services are operating normally.
To respond to the incident, LastPass have “deployed containment and mitigation measures, and engaged a leading cybersecurity and forensics firm”.
By Blog.LastPass.com
On 20th December, Gloucester City Council’s services were disrupted after malware was sent to a council member via email. At the time, the website’s benefits, house sales and planning application sections were all affected. Jeremy Hilton said the council needs to “get its act together”.
The council have fixed most of the issues but are yet to restore operations for its planning portal. The Gloucester City Council’s website says, “it is not currently possible to view historic planning applications on our website and not able to email or post plans to customers”. They have said the website will be updated as soon as they have more information.
By BBC.co.uk
On 26th August, The U.S Cybersecurity and Infrastructure Security Agency (CISA) added 10 new actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. Among the 10 added to the list, there is one high-severity flaw “affecting industrial automation software from Delta Electronics”. CISA have stated that the affected product is end-of-life and “should be disconnected if still in use”. Attackers are becoming quicker and more active with their use of newer known vulnerabilities, so we urge all users to keep their systems and services updated.
By TheHackerNews.com
A new high severity TikTok vulnerability has been discovered, specifically affecting Android Users, that could allow an attacker to take over your account with ease. This “one-click exploit” potentially affects millions of users and gives attackers the ability to execute weaponizable functions within the TikTok app. TikTok have since worked with Microsoft to resolve the issue. While this vulnerability has now been fixed, it is unsure how many of the 1.5 billion userbase were affected; there is no evidence that this had been actively exploited, however caution is advised.
By TheVerge.com
An exploit has been discovered that could allow an attacker to execute code on GitHub Pages by exploiting the build process. Joren Vrancken has been credited with discovering and reporting the vulnerability and was awarded $4,000 for his work. Vrancken claims that this bug bounty was “fun”, and claimed the techniques used were “Hack the Box-esque”. This vulnerability has now been patched and the bug is no longer present.
More details on this finding can be found here.
By PortSwigger.com
And that’s it for this week’s round-up, please do check in next week for our new batch of security news and posts.
Stay Safe, Secure and Healthy!
Edition #204 – 2nd September 2022
Why not follow us on social media:
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
