Cyber Round-up for 11th June
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In related news, he is no longer in power, but we are still receiving pearls of wisdom from former President Donald Trump. In response to the recent increase in cyberattacks he recommends that in order to stop these attacks we should no longer use these new-fangled computer things and return to using pen and paper. What better way to prevent cyber-attacks than abandoning technology and returning to paper records!
Oh and apparently Bitcoin is a scam (he obviously missed jumping on that lucrative train in the early days).
In this week’s round-up:
Skinners’ Kent Academy and Skinners’ Kent Primary School have both confirmed their closure following an attack on their IT systems. The schools announced that they are unsure what information was accessed by the attackers, but parents have been urged to contact their banks, as personal data may have been compromised. The incident is currently being investigated by Action Fraud and the NCSC, and learning will continue remotely until the schools can reopen.
The UK’s biggest furniture retailer, Furniture Village, was recently hit by a cyber-attack that forced them to shut down their IT systems. 7 days on from the initial attack, their website is operational, however they are “still experiencing technical issues with internal systems”. It is currently unknown who is behind the attack, or the reason behind it; we can however confirm that Furniture Village are working hard to restore their systems to operation as soon as possible.
The FBI and Australian Federal Police have launched an encrypted chat service called ANoM; this was designed to intercept criminal communications online. The operation has resulted in the arrests of more than 200 criminals and law enforcement were able to seize 55 stolen vehicles, eight tons of cocaine, 22 tons of cannabis and 250 firearms. This campaign has been active for around 3 years and has played a huge part in crime prevention for these federal organisations.
Vulnerabilities & Updates
Microsoft’s patch Tuesday for June has arrived, and it contains fixes for 50 vulnerabilities. Six of these security flaws are considered critical and are being actively exploited in the wild; this includes remote code execution in the Windows MSHTML Platform and denial of service flaws affecting Remote Desktop Services. We recommend that everyone applies the latest updates as soon as possible, to ensure that you are protected against the flaws addressed in this month’s batch of security fixes.
Google’s latest batch of security updates includes a fix for critical flaw affecting Android devices. Successful exploitation of this flaw could allow a remote attacker to execute arbitrary code on the target device. It was confirmed that this vulnerability affects Google Pixel phones, as well as all third-party devices running the Android operating system. We recommend updating as soon as possible to ensure you do not become a victim of associated exploits.
Critical zero-day vulnerabilities have been discovered in the open-source school management system, Fedena, some of which could allow remote code execution. There are currently no patches for the system, but some mitigation recommendations have been released. One of these recommendations is “stopping the Fedena application server, altering the secret using a securely generated random string, and restarting the server.”.
Other techniques to protect your systems against these flaws can be found here.
And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #145 – 11th June 2021
Why not follow us on social media:
Ironshare – Security Simplified