Welcome to the Ironshare Cyber Round-up where we look back atthe events of that last week and cover some of the news, posts, views, and highlightsfrom the world of Security.
In this week’s round-up:
Following a recent security incident, Microsoft has announced the introduction of mandatory multi-factor authentication for Cloud Solution Providers. CSPs typically offer licenses for a lower price than what Microsoft do, as well as providing management services, making them appealing to most companies. For this reason, one company opted to partner with PCM Inc., the world’s sixth largest CSP, who managed the initial setup of Office365 for them. One PCM employee maintained full access to all the company’s files in Office365 after the initial setup, without the security team realising. This employee, who was not using multi-factor authentication, was later hacked leaving the Office365 documents vulnerable. By forcing CSPs to use MFA, Microsoft hope to prevent these kinds of incidents from happening in the future.
By KrebsOnSecurity.com.
Equifax suffered a massive data breach back in 2017 that allowed attackers to steal the names, addresses, social security numbers and dates of birth of over 150 million consumers. The Equifax IT team was aware of the vulnerability for around 5 months before the breach occurred but failed to patch it. The company kept the breach secret for 40 days before revealing it to the public. During this time, the man next in line to be global CIO of Equifax, Jun Ying, used the confidential information of the breach to sell his shares for almost US $1 million before the public learned of the incident. Ying was sentenced to four months in federal prison for insider trading and was fined accordingly.
By GrahamCluley.com.
Warnings have been issued by the Canadian CommunicationsSecurity Establishment regarding the upcoming elections. They believe thatforeign actors have attempted to influence the country’s October election. Theaccusation was supported by the Canadian Security Intelligence Service (CSIS),who issued similar warnings. It was unclear in the reports which groups wereattempting to tamper the elections, but it was said that threat actors were seekingto influence the Canadian public ahead of the voting period.
By SCMagazine.com.
The telecoms regulator, Ofcom, plans to introduce a new wayto switch UK mobile operators; their new “text-to-switch” system does notrequire mobile users to speak with their existing provider, which makes theprocess much less painful. Instead, you must text the word “PAC” to the number65075; this responds with a code that can be used to switch providers. Despitethis process being a much easier alternative to older methods, it opens up thepossibility of a significant increase in fraud for mobile users. This newmethod will provide attackers with another easy route to SIM Swap, furtherthreatening mobile and online account security, including compromising two factorauthentication services that use SMS text messaging.
By ISPreview.co.uk.
It isn’t a secret that ATMs aren’t very secure, which makesthem easy, profitable targets for attackers. We have recently seen a rise innew ATM attacks, that are threatening users, and potentially their bank cards.One of these attacks is Jackpotting, which involves making a hole to plug alaptop into the ATM; this can then be used to force money out of the machine.Thanks to the ATMs minimal encryption, this is extremely easy for attackers topull off. Another attack that is on the rise is Shimming. Shimming involves usinga thin insert in the card reader, which can steal data from chip-enabled cards.The tech required makes this a more expensive attack, but the simplicity of it meansanyone can do it. A common way to spot for Shimming is feeling for resistancein the card reader when inserting your card. Users are recommended to use tapand smartphone payments such as apple pay, to bypass the security issues ofATMs.
By SecurityWeek.com.
Attackers have built a new complex loader that ensures antivirus systems do not detect their malicious payload. The loader uses the well-known technique, “Heaven’s Gate”; a trick that allows 32-bit malware running on 64-bit systems to disguise API calls by switching to a 64-bit environment. In this instance, the loader was used in a new campaign to hide and deliver the popular malware, HawkEye Reborn. This malware is never saved to the hard disk of the target machine, it is run in memory to evade detection from standard anti-virus products, and can be adapted to deploy other malware payloads. Advanced Endpoint protection such as Cisco AMP for Endpoints can help in defending this type of fileless malware. In-Depth analysis of how this works is included in the original post by Talos Intelligence.
By TalosIntelligence.com.
The two vulnerabilities, SACK Panic (CVE-2019-11477) andSACK Excess Resource Usage (CVE-2019-11478), are affecting over 30 different products.The vulnerabilities exist because of a flaw associated with the Linux kernelimplementation of TCP Selective Acknowledgement (SACK), which can be exploitedby an attacker to execute a Denial of Service attack against any of theaffected products. The flaw was originally discovered by Netflix researchers,who then disclosed it to the public. A list of all affected products isincluded in the original post, as well as any patches currently available. Keepin mind that VMware is still working on patching these vulnerabilities and havenot yet released patches for all products.
By SCMagazine.com.
And that’s it for this week round-up, please don’t forget totune in for our next instalment.
Why not follow us on social media using the links providedon the right.
Edition #48 – 5th July 2019
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
