Welcome to the Ironshare Cyber Round-up where we look back atthe events of that last week and cover some of the news, posts, views, and highlightsfrom the world of Security.
In this week’s round-up:
Email spoofing is becoming more of an issue for companies ofall sizes and the best thing we can do is spread awareness. It only takes oneemployee falling for this type of deception for your entire company topotentially collapse, so ensuring everyone understands what to look out for isa big priority. Spoofing methods such as Business Email Compromise is done byimpersonating a user’s email (typically an executive) and requesting somethingfrom the company that seems legitimate; this often results in a massive loss ofmoney for the company affected. This post details the different types ofspoofing and how to be aware of them. We recommend you take a look and educate yourstaff to help protect your business.
By BBC.co.uk
The DCH Health System has reported that a cyber-criminal isrestricting use of their computer systems until a payment is made. Ransomwareis reportedly affecting the operation of three hospitals in Alabama, and thelimitations have forced them to turn away patients. In a separate incident,seven hospitals in Australia have been hit by ransomware, resulting in theircomputer systems being shut down. The loss of patient record, booking andmanagement services has significantly hindered their ability to operate. CyberIncident Response Services for the Australian Government have reportedly had todeal with more than 600 cyber-attacks since July 2018, and the problem doesn’tseem to be getting any better.
By BBC.co.uk
The mobile gaming industry is massive, which makes bigdevelopers like Zynga a prime target for hackers. The company amassed anestimated $671 million in 2018 and is expected to have earned much more by theend of this year. Zynga are responsible for making games such as Farmville,Mafia Wars and Zynga Poker, which are all very popular; one of their morepopular games, Words with Friends, has reportedly suffered a data breachaffecting all players on both Android and iOS. The breach apparently containsthe names, email addresses, login IDs, hashed passwords and connected socialmedia IDs. This breach is massive, and we recommend that any users who haveinstalled this game reset their passwords on all linked accounts to preventfurther compromise.
By Forbes.com
Users of the Jamf Pro management software are being urged toupdate to 10.15.1 as soon as possible. A flaw was recently discovered in thesoftware that could allow an attacker to remotely execute code and delete filesfrom your computer systems. Although no attacks have been reported in the wild,this is still a potentially dangerous vulnerability; however, it only affectsversions older than 10.15.1 so we recommend updating when you can.
By TheRegister.co.uk
Cybersecurity firm, Comodo, has suffered a potential data breach on their forums due to a flaw in the vBulletin software, which the site uses for its forum commenting. This vulnerability appears to have been exploited, resulting in a breach affecting 245,000 registered users. No further details have been disclosed by Comodo however they do recommend an immediate password change for all forum users as a precaution. The firm have apologized for any inconveniences and have confirmed that they are working hard to implement the appropriate security measure to ensure this doesn’t happen again.
By Forums.Comodo.com
Despite the decreased usage of legacy TLS versions, the riskpresented by them is something that Chrome plans to remove entirely. Their planto remove support for TLS 1.0 and 1.1 is said to arrive in Chrome 81. Startingon January 13, 2020, Chrome will begin a pre-removal phase, where a warningwill be issued when accessing a site using these legacy TLS versions. Theseoutdated configurations will no longer be supported from March 2020, and Chromewill begin blocking connections to sites using them. This is all part of alarger plan to improve the overall security of the internet and move into asafer future.
By Blog.Chromium.org
And that’s it for this week round-up, please don’t forget totune in for our next instalment.
Why not follow us on social media using the links providedon the right.
Edition #61 – 4th October 2019
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
