Welcome to Ironshare’s Cyber Round-up, where we look back at the events of that last week to cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
GoldPickaxe is the latest malware strain developed by the Chinese threat group GoldFactory and is the first to affect both iOS and Android devices.
A typical GoldPickaxe attack begins with phishing and smishing messages being sent to the victim, tricking them into install fraudulent apps. For Android users, a fraudulent site impersonating the Google Play Store is used, whereas iOS users are led to download a malicious Mobile Device Management profile that allows the attacker to take over their device.
Once the trojan application has been installed, it attempts to capture videos of the victim’s face, images of ID cards, and other device information. It is assumed that this data is sought after for use in banking fraud operations, however this has not been confirmed.
It is worth noting that the malicious app will attempt to lure the user into providing videos of their face and ID cards but cannot access existing Face ID data stored on the device.
“Biometric data stored on the devices’ secure enclaves is still appropriately encrypted and completely isolated from running apps.”.
By bleepingcomputer.com
Fulton County, Georgia, has reported a cyberattack on their systems and the culprit, LockBit, is threatening to publish confidential documents if a ransom isn’t paid. The attack has caused widespread IT outages during the last week of January, affecting phone, court, and tax systems.
Fulton County chair Robb Pitt has stated that there is no evidence that the group stole sensitive personal data belonging to citizens or employees, but the investigation is still at an early stage. Despite this statement, LockBit has released screenshots proving they had gained access to sensitive systems and have stolen sensitive personal data.
“Documents marked as confidential will be made publicly available. We will show documents related to access to the state citizens' personal data,” reads LockBit’s threat.
LockBit have a deadline set for the 16th of February; if the ransom is not paid by this date, data will be leaked. Fulton administration appears to be unwilling to pay the attackers and is instead looking to insurance to aid in the recovery of their systems.
By bleepingcomputer.com
A critical vulnerability in Zoom’s Windows applications, tracked as CVE-2024-24691 (CVSS score of 9.6), has been labelled as an improper input validation flaw that could allow an attacker with network access to elevate their privileges.
The flaw affects the following Zoom Windows Applications:
- Desktop Client for Windows (all version before 5.16.5),
- VDI Client for Windows (all versions before 5.16.10 - excluding 5.14.14 and 5.15.12),
- Rooms Client for Windows (all versions before 5.17.0),
- Meeting SDK for Windows (all versions before 5.16.5)
Multiple other vulnerabilities were addressed in this batch of security updates, including a high-severity privilege escalation flaw, two medium-severity information leak flaws, and more. For full details on all vulnerabilities addressed this week, as well as all affected versions, please consult Zoom’s Security Bulletin.
By securityweek.com
Less than one month after the initial attack, Southern Water has disclosed that 5-10% of its customers had their details stolen, in addition to affected staff. The attack, attributed to the Black Basta group, potentially compromised names, DOBs, national insurance numbers, bank details, and more. Customers will receive notifications and be offered credit monitoring. Investigations have found no further data publication and Southern Water have apologized and collaborated with authorities in their investigation.
By theregister.com
Welcome to our Round-Up of Microsoft's February 2024 Patch Tuesday. A total of 73 vulnerabilities were addressed this month, including: 5 critical, 66 important, 0 publicly disclosed, and 2 actively exploited vulnerabilities. Critical vulnerabilities have been patched for Microsoft Outlook, Exchange Server, Windows 10, and Multiple versions of Windows Server. We advise consulting our round-up of Microsoft’s latest batch of security updates and applying the latest fixes as soon as possible.
And that’s it for this week’s round-up, please do check in next week for our new batch of security news and posts.
Stay Safe, Secure and Healthy!
Edition #268 – 16th February 2024
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
