Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
CISA have published a joint advisory named ‘Technical Approaches to Uncovering and Remediating Malicious Activity’. The Five Eyes intelligence alliance comprising of cybersecurity authorities from Australia, Canada, New Zealand, the United Kingdom, and the United States all contributed to this guide. The technical details in this guide are very informational and would be especially useful if you have the time to read through it. However, the key takeaways will offer a good understanding of incident response procedures, evidence collection and remediating discovered issues. You can view a PDF version of this advisory here.
By US-Cert.CISA.gov
Previously, TLS certificates had a maximum lifetime of 27 months (825 days); this was unnecessarily long. This week, a change was implemented to reduce the lifespan down to a maximum of 13 months (398 days). This is a good step forward in terms of improving security, with Apple, Google and Mozilla all agreeing to reject certificates that have passed their expiry date. This is drastically lower than the original 8-10 year lifespan that stood before 2011. Although Certificate Authorities are not too pleased, most browsers have welcomed the change that went live on the 1st of September.
By TheHackerNews.com
The Anti-Phishing Working Group (APWG) is known for releasing quarterly reports on phishing operations. With Business Email Compromise (BEC) becoming increasingly popular over the last few years, this has become a big part of their reporting. In their latest review, it was found that the average sum requested by BEC groups is around $80,000. This seems like a large amount, but it is nothing in comparison to the work of Russian Cybercrime group Cosmic Lynx; on average, the group requests $1.27 million. Their aspirations exceed your regular BEC groups, who are content with smaller payouts. It is interesting to see how things will change in future reports.
By ZDNet.com
2020 has been a busy year for hackers, with more than 2 billion Fortnite accounts being breached and listed for sale. Researchers discovered that the hackers are earning approximately $25,000 per week from the account sales, and around $1.2 million per year. The value of these accounts is calculated by the rarity of in-game accessories and customisation and are mostly stolen with simple password cracking due to reused/common passwords. ThreatPost have spoken to Fortnite developer, Epic Games, and are currently awaiting further comments regarding the issue.
By ThreatPost.com
Apple macOS is well known for its feature that requires all distributed software to be checked for malicious content. This prevents harmful applications from being available on the app store; at least it is supposed to. Apple has recently announced that they have made a mistake with this process and accidentally approved software that was found to be malicious. This was a fake Adobe Flash Player update that under the disguise is a version of Shlayer, a common Mac infection. Ensure that you are running antivirus on your machine just in case an app such as this bypasses Apple’s notarisation process.
By GrahamCluley.com
There are currently two unpatched vulnerabilities in the DVMRP feature of IOS XR that is present on most carrier-grade routers. These flaws can both be exploited remotely and allow an attacker to cause memory exhaustion denial of service. Affected devices include ASR 9000, NCS 5500, 8000, and NCS 540 & 560 series routers. Cisco’s security advisory can be found here, if you are in search of mitigation steps, or just more information on the nature of the flaw.
By SecurityWeek.com
And that’s it for this week’s round-up, please don’t forget to tune in for new instalments every week.
We hope this makes for light reading during these times of uncertainty.
Stay Safe, Secure and Healthy!
Edition #107 – 4th September 2020
Why not follow us on social media:
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
