Welcome to the Ironshare Cyber Round-up where we look back atthe events of that last week and cover some of the news, posts, views, and highlightsfrom the world of Security.
In this week’s round-up:
An international investigation has led to the closing downof a website known as Imminent Methods. This site has been a hotspot for peoplelooking to buy hacking tools, or more specifically spying tools; the UK’sNational Crime Agency (NCA) confirmed that around 14,500 people had purchasedsuch tools from the site. Police have raided over 80 properties around theworld in search of the sellers. One of the tools they were selling, known asthe Imminent Monitor Remote Access Trojan, gives an attacker complete controlof an infected device, allowing them to monitor the victim’s activity, accesstheir webcam and even steal data.
By BBC.co.uk
UK based music streaming platform, Mixcloud, has suffered ahuge data breach exposing the account details of over 20 million users. Thebreach, which occurred at the start of November, included the usernames, emailaddresses and passwords of all users affected; After being stolen by theattacker all of the details were listed for sale on the dark web. Shortly afterthe breach, the streaming service issued a customer-wide password reset, butinitially misled users to avoid announcing the breach; it has now been madeclear that this was done to secure the user’s accounts.
By TechCrunch.com
A recently discovered trojan known as CStealer has beendetected in the wild and has been utilising a remote MongoDB database to stashstolen passwords. The passwords are being stolen from Google Chrome and sentdirectly to the database where they can be retrieved by the attacker at a latertime. This technique allows the attacker to gain access to the stolencredentials. We recommend looking into this and taking a look at the CStealerremoval guide included in the post if you believe you may be a victim of thisattack.
By SensorsTechForum.com
A new innovative malware campaign has been discovered thatappears to be targeting educational and healthcare institutions. What makesthis campaign unique is that it utilises a trojanised variant of the populargame Tetris to steal credentials from its victims. This trojan is very advancedand is capable of performing a number of different attacks, includingman-in-the-middle, keylogging, web-injection and credential harvesting. Thisworks once the victim has downloaded the trojanised game and executes CobaltStrike binaries while the application is loading; this also allows the deviceto communicate with the command and control server
By BankInfoSecurity.com
A recently discovered wiper malware named ZeroCleare hasbeen targeting the energy and industrial sectors in the Middle East. This isbelieved to be the work of the group APT34, an Iranian cluster of cyberespionage activity. This attack supposedly started in the autumn of 2018 andcontinued to escalate until summer of 2019 when the attackers used passwordspraying on the local network to access the accounts and gain administrativeaccess. These kind of wiper attacks are typically intended to destroyinfrastructure and disrupt operations and are not interested in stealing data.
By ThreatPost.com
A new Android vulnerability has been discovered that isbeing actively exploited in the wild; the flaw allows phishing overlays andpermission requests to be displayed in legitimate applications on an infecteddevice. The flaw has been named StrandHogg and resides in the taskAffinitycontrol setting on all Android devices; root access is not required to exploitthis flaw and it was confirmed that all versions of Android are affected by it.Google have announced that they have suspended the potentially harmfulapplications to help protect users, but still advise caution when receivingnotifications and requests.
By SCMagazine.com
And that’s it for this week round-up, please don’t forget totune in for our next instalment.
Why not follow us on social media using the links providedon the right.
Edition #70 – 6th December 2019
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
