Welcome to this week’s Ironshare’s Cyber Round-up, where we take a look back at the events of that last week and handpick some of the news, posts, views, and highlights from the world of Security.
This week the British TV licensing website www.tvlicensing.co.uk was highlighted to have a serious flaw that allowed customer personal information and payment details to be submitted over an insecure HTTP connection.A lengthy twitter thread was started when Mark Cook (@Thetafferboy) published a blog on the current issues with the website.https://i83.co.uk/why-tvlicensing-co-uk-are-processing-millions-of-customers-data-insecurely/Mark Cook contacted TV licensing via their twitter account and after initially ignoring him they eventually responded with the following statement:
“Our website is secure and security certificates are up to date. Pages where customers enter data are HTTPS. Non-HTTPS pages are safe to use despite messages from some browsers (e.g. Chrome) that say they are not.”
The screenshot below of the insecure payment page provided evidence that this certainly was not the case.
The website was taking offline on the Wednesday for what was stated as planned maintenance, but as we write the site is still reporting it is offline.
TV licensing has also responded to questions from The Register, admitting that issues have been found in the websites transactional pages and that they were being addressed:
“We take security very seriously which is why we use encryption for all payment transactions. However, an issue has been brought to our attention over the recent level of security on transactional pages which were previously fully secure via HTTPS, and as a precaution, we have taken the website offline until this is resolved and are working urgently to fix it. We've identified that this issue has happened very recently, and we're not aware of anyone's data being compromised.”
As the industry is pushing to encourage people and organisations to migrate away from insecure HTTP services, this provides a clear reminder of the pitfalls that can occur when using a mix of insecure HTTP and encrypted HTTPS.Ensure you perform regular testing and reviews of your internet services to confirm issues such as this are not introduced, especially when performing updates or system changes.Our advice is that everyone should now be considering the move to HTTPS for all web content, not just pages that collect personal or financial information.
British Airways are one of the latest companies to experience a data breach, after a reported hack has resulted in the personal and financial details of approximately 380,000 customers being compromised.According to reports the passport and travel details for passengers were not leaked during the attack, which occurred between August 21st and September 5th.A statement by BA has confirmed that the issues related to this breach have now been resolved and the website is working normally, but this will not be any comfort to the customers that have lost their information.BA are in the process of communicating with any customers that may have been affected, and they have confirmed that the authorities have been engaged.If you are a customer that has made a booking with BA during the period of 21st August to 5th September, then it is advised that you check your credit card or bank details for any unauthorised transactions and get in touch with your bank to advise them of the compromise to your details.https://www.thesun.co.uk/money/7195832/british-airways-hacked-personal-data-bank-details-stolen/
August saw the discovery of a new variant of Ransomware by the Malware Hunter Team, called ‘RansomWarrior’. Since then the Checkpoint Research team has been analysing the sample that was poorly developed by a group of hackers from India.Checkpoints blog (link below) highlights that the group are possibly new to the ransomware game, due to the fact that key common techniques to secure the malware were missing.During the analysis Checkpoint found that Ransom Warrior stored the key index locally and the encryption key is selected randomly from a list of 1000 keys hardcoded into the ransomware. This has made it easier for Checkpoint to extract the keys and develop a tool that will allow victims to decrypt their files.https://research.checkpoint.com/ransom-warrior-decryption-tool/If you have been a victim of the Ransom Warrior malware, the decryption tool can be downloaded here: https://research.checkpoint.com/wp-content/uploads/2018/08/RansomWarrior_Decryption_Tool.zip
Cisco released a number of Critical to Medium impact vulnerabilities on the 5th September covering a number of different products and services that were affected.Included in this release were 3 vulnerabilities related to the Cisco Umbrella Secure Internet Gateway service. These issues focus on the Umbrella Roaming Client, the AnyConnect Roaming module and the Umbrella API.For more information see below post related to these advisories:https://www.ironshare.co.uk/security-advisory/cisco-security-vulnerabilities-advisories-sept-18/That’s it for this edition but please tune in for our next instalment.
To keep up to date with our news and posts why not join our mailing list by using the link to subscribe: http://bit.ly/IronMailListYou can also follow us using the social media links provided.If your business needs to improve its security, kick-start your Cyber plans with our Free Cyber Assessment: http://bit.ly/IronFreeCyberReviewIronshare – Security SimplifiedEdition #7 – 7th September 2018
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
