Welcome to the Ironshare Cyber Round-up where we look back atthe events of that last week and cover some of the news, posts, views, and highlightsfrom the world of Security.
In this week’s round-up:
The USgovernment has extradited a man following a criminal scheme targeting AT&T.Until September 2017, the attacker had been paying large sums of money toAT&T employees to unlock cellphones, remove them from the network andinstall malware onto the network. The staff were found and bribed using Facebookand telephone, one of which received $428,500 over a 5 year period to carry outthe criminal acts. It is believed that the company lost more than US $9.5million over the course of the malicious campaign. This is a strong reminder ofthe damage that can be caused by insider threats / rogue employees.
By HotForSecurity.BitDefender.com
A malicious WordPress plugin called WP Security has been recently been discovered; it has been spotted targeting blog posts and encrypting them, making the content unreadable. This is the first time a plugin has been seen targeting specific posts. Security researchers have said that encrypted blog posts can be recovered from a database backup. WordPress website owners are advised to update all plugins and reset their database passwords to mitigate the risk of these threats. In addition, ensure your WP site is secure and always do a thorough review of any plugin before installing.
By ThreatPost.com
A new ransomware threat has hit Android devices and couldbecome a serious problem. The ransomware spreads through malicious linksdropped in forum posts and SMS messages; once the device is affected, theattacker can then use the victim’s contact list to spread the malware further.Once the ransomware app has been downloaded from the link and the files areencrypted, deleting the app will result in your stolen files being encryptedindefinitely. Security researchers have said that the ransom for files haveonly been around $100-200, however if the attackers were to target biggergroups, the threat could become very serious. Android users are advised to downloadapplications exclusively from the Google Play store, and avoid random links inforums and SMS messages.
By Infosecurity-Magazine.com
A path-traversal vulnerability in Microsoft’s Remote DesktopProtocol has been discovered that that leaves Azure users vulnerable toattacks. The flaw has been marked as a medium-level vulnerability that impactsMicrosoft’s Hyper-V tool. The flaw was found in February and affects allversions of Windows from Windows 7 to 10. The exploit could potentially allowan attacker to install programs as well as change or delete data. A patch forthis vulnerability was released in Microsoft’s July Patch Tuesday update. Moredetails included in the original post.
By ThreatPost.com
Cisco has released several updates for their 220 smallbusiness series switches after 3 critical vulnerabilities were found in the products.The first is CVE-2019-1912 allows authentication bypass, the second isCVE-2019-1913, allows remote code execution and the third is CVE-2019-1914, acommand injection flaw. The vulns exist in the web-based management interfaceof the 220 switch and can be used to completely take over a vulnerable device, whilealso replacing firmware or installing malware. If you are running Cisco 220 switches,please get updating, but if updating quickly is difficult, this can be easily workedaround by temporarily disabling the HTTP/S server.
By ZDNet.com
Millions of android devices have been exposed to hackingfollowing the discovery of a series of critical vulnerabilities. Thevulnerabilities are currently known as QualPwn and exist in the WLAN and modernfirmware of Qualcomm chipsets that are used in many android devices. Theseflaws are present in both smartphones and tablets and can be chained with therecently discovered Linux kernel driver flaw to completely take over the targetdevice. Google released patches for these vulnerabilities in the August editionof its Android Security Bulletin. It is highly recommended that Android users updatetheir devices, as soon as possible.
By TheHackerNews.com
And that’s it for this week round-up, please don’t forget to tune in for our next instalment.
If you have any recommendations for additional content, or things you would like to see covered then please let us know.
Why not follow us on social media using the links providedon the right.
Edition #53 – 9th Aug 2019
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
