Cyber Round-up

Cyber Round-up for 10th September

Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.

In this week’s round-up:

Security News

Ragnar Locker Group Warn Victims to Avoid Police Contact

The Ragnar Locker group are well known for their constant presence in the world of ransomware. One of their more interesting tactics is to warn victims against contacting law enforcement, claiming that they will leak data immediately. The group’s official announcement states “we will consider this as a hostile intent and we will initiate the publication of whole compromised Data immediately”. Avoiding the involvement of police or recovery agencies ensures that they can continue to freely commit cyber crimes without disruption; is calling the police worth the risk? Or should you just pay the ransom?


McDonald’s Leak Passwords to Monopoly Winners

An issue in McDonald’s annual Monopoly VIP game has caused all customer usernames and passwords to be sent to its winners. This means that those who redeem their prizes via email will also receive a list of credentials from the Monopoly database. McDonald’s have stated that they “take data privacy very seriously” and assured everyone that their information has not been compromised.


500,000 Fortinet VPN Account Passwords Leaked

A hacker has reportedly leaked the usernames and passwords of around 500,000 Fortinet VPN accounts, which were gathered from exploitable devices last year. This was made possible by a vulnerability that has since been patched, however it is believed that the majority of the credentials are legitimate. The actor responsible for this leak is simply known as ‘Orange’ and is an admin on the RAMP hacking forum, where the credentials were posted. Fortinet admins are advised to perform a forced reset of all passwords, as well as checking for signs of an intrusion. It also wouldn’t hurt to ensure you have installed all of the latest patches.

Here is a list of all victims of the Fortinet leak.


Vulnerabilities & Updates

Netgear Patch Authentication Bypass Flaw

Netgear, who are known for selling networking devices and equipment, were contacted recently regarding a newly discovered vulnerability affecting their switches. The vulnerabilities, which have been named Demon’s Cries, Draconian Fear and Seventh Inferno, reportedly allow an attacker to bypass authentication and change passwords for admin accounts. Demon’s Cries is the most severe of the three, with a CVSS rating of 9.8 out of 10. These flaws were addressed in Netgear’s latest patch; we advise applying this update as soon as possible.

A list of affected switch models can be found here.


New Zero-Day Attack Uses Weaponised Office Documents

On Tuesday, Microsoft disclosed details of a zero-day vulnerability in Internet Explorer that allows an attacker to take over Windows systems. This attack targets Windows users and takes advantage of weaponised Office Documents, including Word, Excel and PowerPoint. The default configuration for Office is to open documents from the web in Protected View; if these settings have been changed you are likely at risk. A fix is expected to arrive in the next Microsoft Patch Tuesday.


Zero-Day Authentication Bypass Found by Zoho

Zoho have released an emergency patch addressing a newly discovered zero-day vulnerability that could allow an attacker to bypass authentication and execute arbitrary code remotely. This flaw exists in the ManageEngine ADSelfService Plus and affects all version up to 6113; it was also confirmed that active exploits have been observed in the wild.

If you wish to learn more, you can find the official Zoho advisory here.


And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.

Stay Safe, Secure and Healthy!

Edition #157 – 10th September 2021

Why not follow us on social media: