Welcome to the latest edition of the Ironshare CyberRound-up where we look back at the events of that last week and cover some ofthe news, posts, views, and highlights from the world of Security.
In this week’s round-up:
The everchanging threat landscape is a massive challengethat cyber security experts have to deal with constantly, because if preventionmethods don’t advance with it attacks will become more frequent and moredangerous. To tackle the problem, the Smart Grid Forum’s Smart GridCybersecurity 2020 conference has been created; this is where Europe’s topCISO’s and cyber experts meet to discuss ways of fighting new threats which areemerging every day, enhancing the protection of the energy sector’s smart gridplatforms.
By Finance.Yahoo.com
The Russian Cyber Threat Group, known as Gameredon, is usingUkraine as a cyber attack testing ground for releasing new weapons. Researchershave reported that their attacks on Ukraine are simply preparation for theirlatest technology before replicating the attacks on countries targeted by theRussian government. Their recent cyber campaign features newly crafted malwaredesigned to gather information, this is expected to be the ‘preparatory stage’of a larger scale cyber-attack.
By Forbes.com
Twitter have issued a warning to all users regarding arecently discovered exploit that could allow an attacker to find the phonenumbers associated with millions of user accounts. This is reportedly due to a vulnerabilityin one of the API’s designed to help user’s finding people they know, which isachieved through their phone contacts. This flaw was discovered when a securityresearcher unethically exploited it to discover the phone numbers of almost 17million users; Twitter have since taken care of the issue and announced that nouser action is required. If any users are still worried about this lack ofprivacy, the discoverability setting can be disabled in twitter to preventcontacts finding you through your phone number.
By TheHackerNews.com
A new vulnerability has been discovered that exists in thedesktop version of WhatsApp. This flaw, which affects Macs and Windows, allowsan attacker to send JavaScript in a WhatsApp message, which triggers the clientto start reading the files they have stored locally. Reportedly, this waspossible due to the software using an outdated version of the Google Chromiumengine, which had many known vulnerabilities. This flaw was addressed in lastmonth’s patch, which we recommend applying as soon as possible; it wasconfirmed that version 0.3.9309 and earlier are all affected.
By GrahamCluley.com
Cisco have released patches addressing five criticalvulnerabilities that exist in the Cisco Discovery Protocol; the info-sharinglayer present on all Cisco equipment. These flaws can reportedly allow anattacker to break network segmentation and remotely take over millions ofdevices; this collection of vulnerabilities have been named CDPwn. These remotecode execution flaws were addressed in Cisco’s most recent updates, which weadvise applying as soon as possible.
By ThreatPost.com
Many Windows 10 users have taken to social media reportingissues with the main search bar feature of the operating system. Users have allbeen sharing the same problem with the start menu showing as a blank box,rather than showing search results. This can be very inconvenient as it isquite time consuming to scroll through the list of applications, rather thansearch for it. Shortly after user reports were posted on social media,Microsoft issued a fix for the issue, which has now been released; apparentlythe bug was due to Bing integration in the Windows 10 start menu.
By BBC.co.uk
And that’s it for this week’s round-up, please don’t forgetto tune in for new instalments every week.
Why not follow us on social media using the links providedon the right.
Edition #77 –7th February 2020
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
