Welcome to Ironshare’s Cyber Round-up, where we look back at the events of that last week and year to cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
GCHQ’s National Cyber Security Centre (NCSC) recently released a report that covered their work and achievements over the last year. In this report, it was revealed that the NCSC were responsible for defending against sixty “nationally significant” cyber attacks in the last 12 months. While the specifics of these attacks were not discussed, there were some mentions of ransomware attacks against the NHS, and South Staffordshire water utility company. This report also talks about the “growing focus” of supporting Ukraine, and how the NCSC has contributed to the repelling of Russian cyberattacks.
By News.Sky.com
Since the pandemic, the number of remote workers in small businesses has skyrocketed. While this isn’t necessarily a bad step, it has left many firms vulnerable to attacks that they are not prepared to defend against. According to a recent study by Barracuda Networks, small businesses are currently three times more likely to be targeted by an attack than larger organisations.
“[Small businesses] are the lifeblood of the United States, and we need a wake-up call.”.
Almost 50% of Americans are employed by small businesses and, without them, the economy would collapse. Cybersecurity experts are desperately trying to bring this issue into the spotlight, in hopes that small firms will reach out for help and begin taking steps towards a more secure future. Experts have highlighted the important of identifying critical data and creating response plans to use in the case of a security incident. These small improvements could make a huge difference; security is not about doing everything all at once, it’s about taking small steps forward and constantly improving.
By BBC.co.uk
Thomson Reuters has notified customers of an exposed server with unprotected business data on it. A spokesperson for the company told the record that the issue involved an ElasticSearch server used with their ONESOURCE Global Trade product. The spokesperson has said that the server contained logs of customers’ searches on the platform. “We have proactively notified the small subset of customers who may have had data logged on that server. We have also addressed and mitigated the misconfiguration.” Cybernews said evidence for the server showed that the open instance “was used as a logging server to collect vast amounts of data gathered through user-client interaction, “with some data samples logged as recently as October 26. Thomson Reuters have collected and exposed thousands of gigabytes of data that Cybernews researchers believe is worth millions of dollars on underground criminal forums because of the potential access it could give to other systems.
By TheRecord.media
On Tuesday 1st November, Dropbox disclosed that it was the victim of a phishing campaign that allowed unidentified threat actors to gain unauthorized access to 130 of its source code repositories on GitHub. Dropbox is a cloud storage, data backup, and document signing services, among others, which has over 17.37 million paying users and 700 million registered users as of August 2022. The repositories included copies of third-party libraries slightly modified for use by Dropbox. The breach resulted in the access of some API keys used by Dropbox developers as well as “a few thousand names and email addresses belonging to Dropbox employees, current and past customers, sales leads, and vendors.”
By TheHackerNews.com
It has been reported that the personal phone of former U.K. Prime Minister, Liz Truss, was hacked by cyber-spies working for the Kremlin. It has been reported that private messages between Liz Truss, the former U.K. Prime Minister, and international foreign ministers, relating to the war in Ukraine during her time as Foreign Secretary, fell into the hands of cyber-spies suspected of working for the Kremlin. Some of the messages sent included “detailed discussions about arms shipments. The newspaper claims that details of the phone hacking were “suppressed by Boris Johnson, who was Prime Minister at the time, and the Cabinet Secretary, Simon Case.
By Forbes.com
OpenSSL version 3.0.7 was released on Tuesday, the 1st of November, and included fixes for two serious security vulnerabilities. These two flaws were initially thought to be a single critical remote code execution vulnerability, however this was later found to be two separate flaws that are very difficult to exploit. Because of this, they have been downgraded to “high”. Despite this, we still strongly recommend updating to OpenSSL 3.0.7 as soon as possible.
OpenSSL 3.0.x is the only currently affected version; all other versions of OpenSSL are not at risk.
By SentinelOne.com
A recently discovered security flaw in the Samsung Galaxy app store was allowing attackers to remotely execute commands on target mobile phones. This flaw has been identified as a cross-site scripting vulnerability that can be leveraged by exploiting certain deeplinks in the app. This flaw has now been patched, so we strongly advise updating your Samsung devices as soon as possible.
More details for this vulnerability can be found in this security advisory.
By SecurityAffairs.co
And that’s it for this week’s round-up, please do check in next week for our new batch of security news and posts.
Stay Safe, Secure and Healthy!
Edition #210 – 4th November 2022
Why not follow us on social media:
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
