Welcome to Ironshare’s Cyber Round-up, where we look back at the events of that last week to cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
The LockBit ransomware group has claimed a total of 24 victims in a 24-hour period. Security researchers were active throughout the day, documenting all of the attacks as they were reported. The long list of victims includes Pittsburg Unified School District, a Virginia healthcare centre, a municipality in Iceland known as Dalvíkurbyggð, and many more. The target organisation’s have been handed ransom deadlines by LockBit and threaten to publish vital data if ignored.
By cybernews.com
Microsoft have been charged for the illegal collection and retention of Xbox user data, specifically children whose data has been captured without parental consent. Microsoft will soon be limited on the information they are permitted to keep, which should “make it abundantly clear that kids’ avatars, biometric data, and health information are not exempt from COPPA (Children’s Online Privacy Protection Rule).” As a result of these actions, Microsoft are required to pay a sum of $20 million to the US Federal Trade Commission. There is also speculation that the collected data has been frequently shared with third parties, which is also being investigated.
By thehackernews.com
Getwid, a collection of Gutenberg blocks that extend the library of existing core WordPress blocks, has received an update addressing a newly discovered server side request forgery flaw. Identified by security researcher Ramuel Gall, the vulnerability has a CVSS of 8.8 and is related to the get_remote_content REST API endpoint in versions up to, and including, 1.8.3.
This flaw could allow an authenticated attacker with subscriber-level permissions or higher to create web requests to arbitrary locations from the web application and query or modify information from internal services.
Technical details have been responsibly disclosed by WordFence and users of Getwid are advised to update to 1.8.4 or higher to be protected from this vulnerability.
By wordfence.com
ChatGPT has been in the cybersecurity spotlight recently, especially with its new capabilities to create bespoke phishing emails and assist in hacking operations. The most recent concern with ChatGPT is its ability to create malicious polymorphic code; code that changes its structure to evade traditional signature-based malware detection, and even advanced EDR (Endpoint Detection & Response).
A proof-of-concept has been developed, in which a seemingly benign executable makes a call to ChatGPT requesting dynamically generated mutating versions of malicious code at each call; this process results in the creation of exploits that are difficult for many tools to detect.
“The malware ChatGPT can be tricked into producing is far from ground-breaking but as the models get better, consume more sample data and different products come onto the market, AI may end up creating malware that can only be detected by other AI systems for defense. What side will win at this game is anyone's guess.”
Said Mackenzie Jackson, developer advocate at cybersecurity company GitGuardian.
By csoonline.com
A weakness in Hondas API for its e-commerce platform allows unauthorised password resets for user accounts. This flaw is believed to affect the platform’s power equipment, marine, lawn, and garden divisions, but has no impact on their automobiles and motorcycles. Successful exploitation of this flaw allowed security researcher Eaton Works to access administrator accounts with access to the business's internal network. The exposed data included:
• 21,393 customer orders across all dealers from August 2016 to March 2023
• 1,570 dealer websites.
• 3,588 dealer accounts.
• 1,090 dealer emails.
• 11,034 customer emails.
• Potentially Stripe, PayPal, and Authorize.net private keys if provided by dealers
• Internal financial reports.
This vulnerability in Honda’s API has since been resolved as of 3rd April 2023.
By bleepingcomputer.com
A new critical vulnerability has been discovered in the Cisco Expressway series and TelePresence Video Communication Server (VCS). With a CVSS score of 9.6, this flaw allows a read-only administrator to elevate their privileges to read-write on affected devices. This is possible due to an issue in the way password change requests are handled, allowing read-only admins to request a password change for any user account on the target system, and ultimately impersonate them. Cisco has released a patch addressing this vulnerability, and revealed that they are not aware of any active exploitation. We advise all users of the Cisco Expressway series, and TelePresence VCS, to apply the latest patch as soon as possible.
By securityweek.com
And that’s it for this week’s round-up, please do check in next week for our new batch of security news and posts.
Stay Safe, Secure and Healthy!
Edition #238 – 9th June 2023
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.