Cyber Round-up for 10th September
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
The Ragnar Locker group are well known for their constant presence in the world of ransomware. One of their more interesting tactics is to warn victims against contacting law enforcement, claiming that they will leak data immediately. The group’s official announcement states “we will consider this as a hostile intent and we will initiate the publication of whole compromised Data immediately”. Avoiding the involvement of police or recovery agencies ensures that they can continue to freely commit cyber crimes without disruption; is calling the police worth the risk? Or should you just pay the ransom?
An issue in McDonald’s annual Monopoly VIP game has caused all customer usernames and passwords to be sent to its winners. This means that those who redeem their prizes via email will also receive a list of credentials from the Monopoly database. McDonald’s have stated that they “take data privacy very seriously” and assured everyone that their information has not been compromised.
A hacker has reportedly leaked the usernames and passwords of around 500,000 Fortinet VPN accounts, which were gathered from exploitable devices last year. This was made possible by a vulnerability that has since been patched, however it is believed that the majority of the credentials are legitimate. The actor responsible for this leak is simply known as ‘Orange’ and is an admin on the RAMP hacking forum, where the credentials were posted. Fortinet admins are advised to perform a forced reset of all passwords, as well as checking for signs of an intrusion. It also wouldn’t hurt to ensure you have installed all of the latest patches.
Here is a list of all victims of the Fortinet leak.
Vulnerabilities & Updates
Netgear, who are known for selling networking devices and equipment, were contacted recently regarding a newly discovered vulnerability affecting their switches. The vulnerabilities, which have been named Demon’s Cries, Draconian Fear and Seventh Inferno, reportedly allow an attacker to bypass authentication and change passwords for admin accounts. Demon’s Cries is the most severe of the three, with a CVSS rating of 9.8 out of 10. These flaws were addressed in Netgear’s latest patch; we advise applying this update as soon as possible.
A list of affected switch models can be found here.
On Tuesday, Microsoft disclosed details of a zero-day vulnerability in Internet Explorer that allows an attacker to take over Windows systems. This attack targets Windows users and takes advantage of weaponised Office Documents, including Word, Excel and PowerPoint. The default configuration for Office is to open documents from the web in Protected View; if these settings have been changed you are likely at risk. A fix is expected to arrive in the next Microsoft Patch Tuesday.
Zoho have released an emergency patch addressing a newly discovered zero-day vulnerability that could allow an attacker to bypass authentication and execute arbitrary code remotely. This flaw exists in the ManageEngine ADSelfService Plus and affects all version up to 6113; it was also confirmed that active exploits have been observed in the wild.
If you wish to learn more, you can find the official Zoho advisory here.
And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #157 – 10th September 2021
Why not follow us on social media: