Welcome to the latest edition of the Ironshare CyberRound-up where we look back at the events of that last week and cover some ofthe news, posts, views, and highlights from the world of Security.
In this week’s round-up:
Despite warnings from the US, the UK has decided to allowHuawei to participate in building its 5G networks. The UK Prime Ministerbelieves working together is important in diversifying the market, but stillproceeded with caution; restrictions will be implemented that exclude Huaweifrom high profile areas, such as military bases and nuclear sites. The UK andUS are in disagreement over this decision, as the US believe it to be too big arisk; despite this, the Foreign Secretary has confirmed that the changes willnot affect the UK’s intelligence-sharing relationship with allies, includingthe US.
By BBC.co.uk
Microsoft have plans to build a new cyber security centreand have chosen Belfast as its location. Northern Ireland has taken a recentinterest in cyber security, and the sector has been growing rapidly; because ofthis, Microsoft are providing £800,000 to fund the pre-employment training providedby Belfast Met college. This collaboration with the college will aim to developthe necessary skills to compete for a place within the company’s new cybersecurity centre. This will create eighty-five new jobs initially, nut thegovernment plan to establish Northern Ireland as a global hub for cybersecurity within the next 10 years, with over 5,000 employed professionals.
By BBC.co.uk
The UN are facing criticism following a major attack ontheir IT systems in Europe that started back in July 2019. Despite the severityof the attack, the UN decided to not disclose it to the public. It is said thatstaff records, details of health insurance and commercial contract details wereall compromised, and it is believed that the entire breach could have beenprevented with a simple software patch. The breach reportedly affected dozensof servers in multiple locations and included the personal information of itsemployees and staff. The public are unhappy with the secrecy of the UNregarding this attack and see it as a breach of trust; the scale of theorganisation only amplifies the risk of such careless procedures.
By TheNewHumanitarian.org
The Shlayer malware, which was discovered two years ago, is continuingto infect Apple Mac devices at an increasing rate. Shlayer disguises itself asan Adobe Flash Player update and although it was considered a minor threat backthen, it now has almost 32,000 unique variants that make up a third of allmalware detections of Mac AV products. The staggering statistics show that 10%of all macOS users have reported seeing this malware and it was the most commonin all of 2019. Users of Adobe Flash are warned to only download updates fromthe official Adobe website to avoid the risk of an attack; we advise lookinginto all the mitigation techniques to best protect against this kind ofmalware.
By GrahamCluley.com
Version 2.3.4 of the Magento e-commerce platform has beenreleased, and it addresses a number of vulnerabilities, three of which wererated critical. The critical vulnerabilities include an SQL injection flawcapable of leaking personal information, as well as two remote code executionflaws. Other important vulnerabilities include cross-site scripting and pathtraversal and as far as we know, these attacks are not being actively exploitedin the wild. All versions of Magento Commerce, Open Source, Enterprise Editionand Community Edition are at risk; we highly recommend applying the recentpatch as soon as possible.
By SecurityAffairs.co
Apple has released their monthly patches, 23 affecting iOS,31 in macOS and 2 in Safari. This long list of security issues includes addressbar spoofing exploits, memory corruption issues, iOS camera exploits and remotecode execution flaws. Apple refuses to disclose details of vulnerabilitiesuntil after they have been patched. These serious vulnerabilities affect allprevious versions, and we advise updating as soon as possible to minimise therisk of an attack.
By SCMagazine.com
And that’s it for this week’s round-up, please don’t forgetto tune in for new instalments every week.
Why not follow us on social media using the links providedon the right.
Edition #76 – 31st January 2020
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
