Welcome to the Ironshare Cyber Round-up where we look back atthe events of that last week and cover some of the news, posts, views, and highlightsfrom the world of Security.
In this week’s round-up:
The RDP issue known as ‘BlueKeep’ that has been rolling insecurity news for the past 4 weeks, is now firmly on the radar of government securityservices, after the NSA has warned Microsoft Windows users to ensure theirsystems are updated. BlueKeep allows unauthenticated access to MS RemoteDesktop Services, and there is significant concern that this could become thenext WannaCry. Both Microsoft and the NSA are urging users to patch theirsystems as soon as possible to prevent cyber-attacks that could result incomplete system compromise.
By BBC.co.uk.
Radisson Rewards have contacted their members again, after inadvertentlysending emails containing account information to the wrong members. Rewardsmembers in Europe, the Middle East and Africa had their personal information exposedin the leak which included names, reward member numbers and balance info. Radisson’s investigation into the issue hasconfirmed that their network was not compromised, and they are asking membersto delete any emails received inadvertently. Not the worst breach seen thisyear but another goof, nonetheless.
By GrahamCluely.com.
Not directly cyber security related, but this topical postfrom GCHQ provides a brief insight into the early years of security and intelligence.It describes the key role that was played by the people in Bletchley Park, andtheir activities that helped turn the tide of World War II.
By GCHQ.gov.uk.
The inaugural UEFA Nations League finals have started thisweek, and as fans without Sky subscriptions find ways to the watch the footballfor free, they are at increased risk of cyber-attack. Fake streaming sites thatclaim to offer a live stream of the football for free, are a popular method of cybercriminals, to either install malware or scare the user into thinking they havea virus, so they can compromise machines or steal personal and financialinformation. Be on the look out for fake sites, domains / URLs with incorrectspelling, and stick to legitimate means of watching the game, to stay safe online.
By independent.co.uk.
Cisco Talos have identified a string of documents that forma series of cyber attacks they have dubbed the Frankenstein campaign. This campaignuses a combination of different open source techniques to build the tools for thesetargeted attacks, with an aim to infect the victims with malware. Once infectedthe system would communicate with the attackers C2 infrastructure via anencrypted channel, allowing remote interaction with the compromised machinethat could download further malware payloads, extract data and stealcredentials.
Advanced malware protection such as Cisco AMP and secureinternet gateways like Cisco Umbrella, are great tools to defend against thesetypes of advanced malware.
By Cisco Talos Intelligence - talosintelligence.com.
Another flaw in the MS Remote Desktop Protocol (RDP) has surfaced this week, that allows an attacker to bypass the lock screen. The flaw is triggered when a temporary disconnect occurs for a locked RDP session, and upon re-connection the session is restored unlocked allowing access to the system. Integrated Two factor authentication services are also bypassed by this vuln. The attacker does need physical access to the system that is running the locked RDP session. There is no current patch for this issue, and if reports are correct Microsoft are not in a hurry to deliver one.
By TheHackerNews.com.
A security researcher has discovered that security featuresin Apple MacOS can be bypassed using code validation issues that generatessynthetic clicks. Security access prompts, that are generated by the operatingsystem when an application wants to use items such as the camera, microphone,backups and remote-control services, can be bypassed using a synthetic click ofthe OK button, allowing malicious actors and applications access to systemcomponents. Apple are aware of the vuln, but it’s unclear if or when a fix willbe available.
By SecurityWeek.com.
And that’s it for this week round-up, please don’t forget totune in for our next instalment.
Why not follow us on social media using the links providedon the right.
Edition #44 – 7th June 2019
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
