Welcome to Ironshare’s Cyber Round-up, where we look back at the events of that last week and year to cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
The Department of Justice recently published news of the FBI’s latest cyber-crime retaliation. It was revealed that they have:
“Infiltrated a prolific cyber-crime gang to secretly sabotage their hacking attacks for more than six months.”
In doing this, the FBI have been able to secretly warn future victims of incoming attacks, as well as providing decryption keys to those currently affected by the ransomware. The US’ recent efforts to go on the offensive against cyber-criminals appears to be having a positive impact, and we are interested to see what the FBI are able to achieve in the near future.
By BBC.co.uk
Arnold Clark have confirmed that customer information has been stolen in their recent cyber-attack. The Headquarters in Glasgow was subject to an attack on December 23rd. They were forced to shut down systems across the UK on Christmas Eve. They said that was done as a “purely protective measure”. The car dealership is now emailing all of the affected customers to inform them that personal data stored in the company’s network may have been stolen. This includes names, contact details, dates of birth, vehicle details, ID documents (passports / driving licenses), national insurance number and bank account details. A treasure trove of personal info for attackers and identity thieves.
By news.stv.tv
JD Sports have reported that they have been hit by a cyber-attack that impacts 10 million of their customers. JD have said information that “may have been accessed” by hackers including names, email accounts, addresses, phone numbers, order details and the final four digits of bank cards. JD have been contacting the affected customers. The data related to the attack was from online orders between November 2018 and October 2020. Neil Greenhalgh, chief financial officer of JD Sports, has said “We want to apologise to those customers who may have been affected by this incident.”
By BBC.co.uk
Planet Ice have been hacked with 240,000 skating fans details stolen. Planet Ice, who operate 14 ice rinks around the UK, has revealed that hackers managed to break into its systems and steal the personal details. The first hint fans saw is when their attempted to buy tickets on the website and were met with terse message explaining that Planet Ice’s servers were “experiencing unplanned server downtime.” Planet Ice have been letting all fans know of the breach via their website.
By bitdefender.com
New HeadCrab malware has infected 1,200 Redis servers to mine Monero (cryptocurrency). New malware that was designed to find vulnerable Redis servers online has infected 1,200 devices since September 2021. The intention to build a new botnet that mines for Monero cryptocurrency. This was discovered by Nitzan Yaakov and Asaf Eitani, researchers who work for Aqua Security. It runs in memory and deletes its logs to evade detection from AV scans. Defensive recommendations are included in the post.
By BleepingComputer.com
There has been a recent surge in exploit attempts that leverage a critical vulnerability in Realtek Jungle SDK. These attacks were first spotted in the wild back in August 2022; since then, researchers have observed more than 134 million attempted exploits. The flaw itself allows a remote attacker to execute arbitrary code on the affected system, and is tracked as CVE-2021-35394 with a CVSS score of 9.8. As always, we recommend users of Realtek Jungle SDK upgrade to the latest version to ensure you are protected against this flaw.
By TheHackerNews.com
January has been a dramatic month for security updates, with iOS, Android, Windows, Chrome, and more all receiving important patches. To start things off, Apple released version 16.3 for iOS, which provided fixes for multiple code execution flaws. Microsoft also released a larger-than-usual Patch Tuesday rollout, with 98 total security fixes; the worst of which were elevation of privilege vulnerabilities in Windows Kernel. There were also some vital security updates for Mozilla Firefox and Android, which we strongly urge users to apply as soon as possible.
By Wired.co.uk
Earlier this week, VMware confirmed the validity of exploit code that was publicised for its vRealize Log Insight product. The exploit code focuses on three major vulnerabilities (CVSS 9.8) affecting the appliance, which VMware have labelled a “matter of urgency”.
“VMware described the flaws as directory traversal and broken access control issues with dangerous implications.”
Mitigation techniques, details and impacted versions can all be found in this official security advisory. VMware urges all users to implement their mitigations as soon as possible.
By SecurityWeek.com
And that’s it for this week’s round-up, please do check in next week for our new batch of security news and posts.
Stay Safe, Secure and Healthy!
Edition #221 – 3rd February 2023
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
