Cyber Round-up for 11th October
Welcome to the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security. Following the theme of cyber awareness month, we have included a post on cybersecurity education!
In this week’s round-up:
The first half of 2019 has been difficult for local councils across the UK as they suffered an average of 800 cyber attacks an hour. This information was taken from research into just 201 of the 405 local councils that were contacted. The number of attacks is rapidly increasing, and lack of security is still an issue. Just 13% of councils have a cyber insurance policy in place, meaning the majority of them have no effective recovery process in the event of a successful attack. As well as this, of the 114 councils that suffered breaches between 2013 and 2018, 56% did not report them out of embarrassment; this calls for an increase in education for cyber awareness, to both improve security and response time if or when a breach does occur.
Cyber Awareness Month is here, and Cisco want to make the most of it by educating as many people as they can. One way they are doing this is through free online courses which would be beneficial to those interested in cyber security. These courses can benefit anyone who is unsure of the threat they face online, as well as those interested in exploring the path in cyber. We recommend taking advantage of this offer and looking at these as an introduction to cybersecurity; you can never be too safe.
EA Sports were forced to shut down the FIFA 20 Global Series competition registration process after suffering a data leak, which included the personal information of those who registered for the event. When a player tried to register, they were instead presented with the personal information of those who had already registered. This incident included the compromise of usernames, email addresses, country of residence and date of birth. This occurred on October 3rd; the site has since been closed and the issue has been resolved. EA announced that the leak affected around 1,600 players, and they are taking the necessary steps to ensure this doesn’t happen again; despite this, FIFA 20 players are demanding compensation on social media.
The hacker group known as Magecart has launched an attack on e-commerce and shopping cart service provider Volusion; once compromised, the service was used to deliver a credit card-skimming code. Security researchers initially discovered the scam through the webstore for the Sesame Street Live! touring show, which runs on the Volusion e-commerce platform. The site has been taken down until the issue is resolved. Researchers have said that this attack is likely affecting many other websites using the same platform and advises users to consult the list of potentially affected sites included in the original post.
Vulnerabilities & Updates
Microsoft’s October 2019 Patch Tuesday has addressed nine critical vulnerabilities including a remote code execution bug in the Windows Remote Desktop Client. Another four critical memory corruption flaws were also patched in the Chakra Scripting Engine, as well as two critical VBScript RCE flaws in the Internet Explorer browser. The final two vulnerabilities addressed in this patch are RCE bugs for the Azure App Service and MSXML parser of XML Score Services. Further details on these flaws are included in the original post; We suggest updating as soon as you get the chance.
A 7-year-old critical vulnerability has been found in the macOS terminal emulator app, iTerm2. This flaw exists in the tmux integration of iTerm2 and allows an attacker to execute arbitrary code on the user’s Mac computer. The vulnerability affects all versions of iTerm2 up to 3.3.5 and was recently patched in 3.3.6. We recommend updating as soon as possible due to the critical nature of this vulnerability; you can either check for updates in the application or download it manually.
And that’s it for this week round-up, please don’t forget to tune in for our next instalment.
Why not follow us on social media using the links provided on the right.
Edition #62 – 11th October 2019
Ironshare – Security Simplified