Welcome to Ironshare’s Cyber Round-up, where we look back at the events of that last week and year to cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
If you’re one of the many people who have recently followed Elon Musk on Twitter, you may have just become a target of crypto scammers. The latest crypto scam disguises itself as a giveaway, and specifically targets Elon’s newest followers, promises to multiply the victim’s Bitcoin by 5-10 times if they deposit a small amount into the attacker’s wallet. All Twitter users are advised to keep an eye out for this scam, which is circulating via Twitter lists.
By BleepingComputer.com
After repeated cyber-attacks bombard Russian organisations Microsoft has warned Europe to be on high alert for cyber-attacks. A DDoS attack on Russia’s second-largest bank and wiping software deployed on Russian mayor's and court's computers could potentially be fuelling the fire of Russia’s cyber warfare effort. Russian-affiliated cyber gang Sandworm was previously known to have deployed prestige ransomware against logistics and transportation networks in Ukraine and Poland marking the first war-related cyber-attack on a NATO member.
By TheRegister.com
A security researcher was able to exploit vulnerabilities in the Genesis and Hyundai app used to control their vehicles. These exploits provided a method to bypass authorisation checks and allow for interaction with vehicles or account takeover just by knowing the owner's email address. Further vulnerabilities related to the SiriusXM Connected Vehicles Services allowed unauthorised parties were able to send commands to a Nissan, Infiniti, Honda, and Acura vehicle, just by knowing its Vehicle Identification Number, which on a lot of vehicles is on show behind the windscreen.
By BitDefender.com
Apple has announced new security features across multiple services to help boost security. End-to-end encryption will now be available for device and message backups, iCloud Drive, Notes, Photos, Reminders, Voice Memos, Safari Bookmarks, Siri Shortcuts, and Wallet Passes. This will mean that users’ personal data can only be decrypted on their trusted devices, which retain the encryption keys. Unfortunately, Mail, Contacts, and Calendar will remain untouched to be able to operate with legacy technologies. Apple ID will now support two-factor authentication and iMessage will have “Contact Key Information” to make sure that "they are messaging only with the people they intend."
More information about the new security protections can be found here.
By TheHackerNews.com
After the release of their November batch of updates, Microsoft discovered an issue that was affecting apps that used ODBC database connections. After installing the update, “apps that use ODBC connections through Microsoft ODBC SQL Server Driver to access databases might not connect”. There is currently no fix for this, however Microsoft have confirmed they are actively trying to resolve it.
This article contains the possible error messages you may see, as well as ways to determine if you are affected.
This is not the only issue caused by the November Patch Tuesday updates, with domain controller sign-in failures being reported as well. This, however, was addressed in an out-of-band emergency update.
By BleepingComputer.com
And that’s it for this week’s round-up, please do check in next week for our new batch of security news and posts.
Stay Safe, Secure and Healthy!
Edition #215 – 9th December 2022
Why not follow us on social media:
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.