Cyber Round-up for 10th July
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
A spokesperson for the North American energy company, Energias de Portugal, has released a statement confirming they were hit by a Ragnar Locker ransomware attack. The attack targeted the information systems of EDPR’s parent corporation, who started investigating the incident immediately. They quickly discovered that their computer systems were being accessed by an unauthorised third-party, reportedly for ‘the first time’. The attack was announced by an EDP spokesperson, who spoke about a ransom note requesting $10 million in bitcoin; the company however stated they were unaware of a ransom demand being issued. No further details regarding the ransom have been released, however reports suggest that attackers stole 10 TB of data, including contracts and transactions with clients and partners.
A group of cybercriminals has taken advantage of Covid-19 through the use of phishing & Business Email Compromise (BEC) campaigns. Their attacks have targeted Office 365 customers specifically, luring victims in with news of the virus. Their operation works different to most as it does not lead users to a phishing site, instead victims are baited into installing a malicious Office 365 app from a linked document. This month, Microsoft received a court order, giving them the ability to take control of six domains that were being used in the criminal group’s operations. More details on the nature of the campaign can be found here.
A premium WordPress plugin known as Adning Advertising is currently affected by critical vulnerability that could allow an unauthenticated remote attacker to execute code on the target system. This could lead to a full site takeover, which warrants a CVSS severity score of 10; it is also worth noting that this flaw has already been exploited in the wild. The author of the plugin has released a patch included in version 1.5.6, we strongly recommend you apply this patch as soon as possible, since there are no workarounds. In addition a second flaw is addressed in this patch, related to file deletion and directory traversal.
Over the years there have been some serious security flaws affecting smart tracker watches, and this one is just as bad, if not worse. The most recent one was aimed at elderly people, specifically those with dementia and similar illnesses. One of the main features of a dementia sufferer’s smart watch is the reminder to take medication, meaning it could be exploited, tricking the user into taking too much medication and potentially overdosing. The requirements to hack these kinds of smart devices are not very complex, and anyone with basic hacking skills could do it, making it very serious. More details on the nature of this issue can be found here.
Vulnerabilities & Updates
One of the world’s leading providers of networking equipment, F5 Networks, has warned its customers of a particularly dangerous security flaw. This vulnerability specifically affects their BIG-IP product, which are multi-purpose network devices. The flaw exists in the management interface of BIG-IP devices and allows an unauthorised remote attacker to execute arbitrary code. These network devices are immensely popular all over the world and are used in many government networks. The vulnerability was given a CVSS severity score of 10 causing the release of immediate patch. Users of these devices are recommended to apply the patch as soon as possible. Here is the official security advisory posted by F5
Citrix have released a security bulletin addressing a number of vulnerabilities present in Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP edition. The company announced that there are barriers for many of these attacks, which limit their potential; for example, if no untrustworthy traffic is present on the management network, denial-of-service is the only real risk. Other flaws include information disclosure, privilege escalation, authorisation bypass and code injection. As always we highly recommend applying patches as soon as possible; if you are interested, more CVE details can be found here.
And that’s it for this week’s round-up, please don’t forget to tune in for new instalments every week.
We hope this makes for light reading during these times of uncertainty.
Stay Safe, Secure and Healthy!
Edition #99 – 10th July 2020
Why not follow us on social media:
Ironshare – Security Simplified