Welcome to the latest edition of the Ironshare CyberRound-up where we look back at the events of that last week and cover some ofthe news, posts, views, and highlights from the world of Security.
In this week’s round-up:
A new bug has been discovered in Let’s Encrpyt’s CA software,that prevented them from checking CAA records properly. After confirming the bug,the organisation had to suspend distribution of certificates while they workedon a fix. As a result, Let’s Encrypt began revoking certificates this weekwhich will reportedly affect around 3 million customers who will need to gettheir certificate replaced as soon as possible. The company released a list ofthe affected domains that you can find in the article on their website; as wellas providing a link to check if your certificate is affected. We advise lookinginto this to determine whether you are impacted. If you are affected simplyjust follow your normal certificate creation/renewal process to resolve thisissue.
By LetsEncrypt.org
Attackers have attempted to gain access to Boots’ customer accounts using stolen passwords; as a result, Boots have taken precautionary actions and suspended use of advantage cards for payment. The company confirmed that none of their systems were compromised and fewer than 1% of customers were affected by the incident. No payment card information was accessed, and points can still be earnt when making purchases, however they cannot be used until the service is back up and running. This incident happened shortly after a similar compromise regarding Tesco Clubcards, in which more than 620,000 clubcards had to be blocked. Both of these incidents are a result of credential stuffing attacks that are possible because customers are reusing username and passwords for multiple online services, leading to the potentially exposure of private customer information.
By BBC.co.uk
Online vigilantes have been active recently, and assistedthe police in taking down an Indian tech support scam centre. The vigilantesgained access to CCTV footage of the scam centre which led to a successful policeraid on the scammers. Many people have questioned the actions of thesevigilantes in terms of legality; however their actions were undoubtedly vitalin taking down the scamming operation. The article includes footage of thescammers at work which makes you think about both sides of the vigilante’sactions.
By GrahamCluley.com
A recent report by the FBI states that in the last six and ahalf years, over $140 million has been payed by Ransomware victims. The rapidrise in these kind of attacks is staggering, and the standout variant recentlyis Ryuk, which is responsible for generating approximately $61m in 2018/19. Itwas reported that a large portion of ransoms are payed in virtual currencies,and an estimated $37m reside in bitcoin wallets. Law Enforcement agencies areactively urging victims to avoid paying ransoms as you will not only fundcriminal activity, but also may not get your data back. We advise looking intothis article, as ransomware is something that threatens businesses of allsizes, not just big corporations.
By ZDNet.com
A new emerging phishing campaign has been found to be distributingthe Agent Tesla keylogger malware using Microsoft OneNote. This method of usingOneNote allows the attacker to bypass security and detection tools to downloadmalware without interruption; however, this is not the only process involved inthe campaign. The attempt begins with an email being sent to the victims containinga OneNote document; attackers devised several intrusion methods based aroundthis scheme which allow them to succeed in evading security measures in email.As always, we advise not opening email links or attachments if you are notcertain they are safe.
By ThreatPost.com
A recent surge in WordPress attacks has seen hackerstargeting already patched vulnerabilities in hope that admins have not yetapplied the required security patches. WordPress is always a big target forcyber criminals due to its unparalleled number of users compared to otherwebsite builders; it is also becoming more common that attackers are focusingtheir attention on WordPress plugin flaws, rather than the site itself. Toprotect against these frequent attacks, the best thing you can do is applypatches as soon as they are available; a list of all plugins being targeted whichincludes ‘Flexible Checkout Fields for Woocommerce’, ‘Profile Builder’ & ‘Duplicator’are in this post, we advise taking a look at it to determine if you are atrisk.
By BlackHatEthicalHacking.com
And that’s it for this week’s round-up, please don’t forgetto tune in for new instalments every week.
Why not follow us on social media using the links providedon the right.
Edition #81 – 6th March 2020
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
