Welcome to the Ironshare Cyber Round-up where we look back atthe events of that last week and cover some of the news, posts, views, and highlightsfrom the world of Security.
In this week’s round-up:
Flipboard, the popular news app, has this week confirmed that it has been hacked twice in the last 12 months. Unauthorised access to it databases has resulted in the hacker gaining access to potentially 150 million user account details, which included names, emails and encrypted passwords. Users of Flipboard will still be able to access the app, but they will be requested to replace their password the next time Flipboard is used, and connections to social media accounts will need to be reset.
By Forbes.
GCHQ, the British intelligence arm of the UK government are in the crosshairs of tech companies over their proposal for a ‘Ghost User’ back door into encrypted messaging services. A host of tech giants that include Microsoft and WhatsApp are against the proposal, stating concerns around how this would lead to a serious threat to cyber security, privacy and human rights. Dr Ian Levy of the NCSC, states this is the starting point for the discussion of a hypothetical proposal which will assist in the fight against global terrorism.
By The Register.
The local Government in Baltimore have been suffering for several weeks now after being hit by a crippling ransomware attack. Thousands of computers have been infected by the malware, which is reportedly using the NSA’s EternalBlue exploit (previously used in the WannaCry ransomware) that was leaked by the ShadowBrokers group in 2017. There are mixed reports across the industry though, with some experts suggesting EternalBlue is not involved, and that RobbinHood ransomware is to blame. If EternalBlue is involved, then it’s highly likely that Baltimore’s computers systems had not been patched for some time.
By BBC.
A new phishing threat has been discovered that pretends tobe an alert from Office 365. The alert email warns the victim that an unusual numberof files in their account have been deleted and tricks the user into clicking alink to verify the details. A fake Microsoft login page then aims to steal the victimsOffice 365 credentials. The fake page is hosted on MS Azure and uses valid MScertificates which makes the threat far more convincing.
By Bleeping Computer.
The latest blog from Cisco Talos provides a look into theincrease of ATM cash machine malware over the last 10 years. It gives anoverview on the evolution of the malware, explains the differences betweenSkimmer and cash dispenser types, and covers the numerous families of ATM malwareseen in the wild. It concludes with good security practices to secure your ATMdevices.
By Cisco Talos Intelligence.
A critical vulnerability has been found in the Convert PlusWordPress plugin, that allows malicious actors to create new WordPress adminusers through the use of a hidden field. By intercepting a form request, theactor can modify the “cp_set_user” field to administrator and submit the form tocreate a new privileged admin account, with full control of the WordPressinstance. If you are running the Convert Plus plugin please get updating to version3.4.3, to fix this flaw.
By Bleeping Computer.
And that’s it for this week round-up, please don’t forget totune in for our next instalment.
Why not follow us on social media using the links providedon the right.
Edition #43 – 31st May 2019
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
