Cyber Round-up for 11th September
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
Newcastle University is the latest in a long line of Universities being hit by cyber attacks in recent months. A notice was released on Friday 4th September, disclosing the incident that has affected it’s IT systems, stating that it may take several weeks before full services are resumed. Although it has not been confirmed, it is thought that this is the result of yet another ransomware attack. Universities have been consistently in the news, due to both ransomware attacks and becoming victims of the Blackbaud data breach.
In a report published by US insurance firm Coalition, 41% of cyber insurance claims made in the first half of 2020 have been attributed to Ransomware. They observed a 260% increase in ransomware attacks targeting their customers, with the average demand increasing by 47%. The Maze group are unsurprisingly at the top of the ransomware strain list used in these attacks, with the gang demanding ransoms up to 6 times greater than the average. In addition Business Email Compromise Fraud continues to grow, with a 67% increase in claims over the previous period. Check out the article on ZDNet for more information.
The French Cyber Security Agency have warned their public sector services of a rising threat after witnessing a surge of Emotet attacks. Emotet is a serious threat that has evolved from a banking trojan to become a dropper for more advanced malicious payloads like trojans, info stealers and ransomware. It typically uses a malicious office document attachment to perform initial infection, by convincing users to open the attachments and enable embedded macros. Although this is being reported by the French, Emotet is targeting all types businesses around the globe. Be sure to educate your users to not open suspicious attachments or enable macros unless you are certain they are being sent from a trusted source.
A new timing vulnerability called Raccoon Attack has been identified by researchers, in the Transport Layer Security Protocol (TLS). TLS is the most widely used protocol for securing internet based communications, so any threat to the protocols security can quickly become a serious concern. This side channel attack exploits TLS versions 1.2 and below, by extracting the shared key used to secure the communications between the two parties. Fortunately, as is common with timing based attacks this is not something that is easy to exploit, which also relies on the same Diffie-Hellman key being used across multiple sessions. So far F5, Microsoft, Mozilla and OpenSSL have confirmed they are vulnerable, each of which have released patches to fix the issues.
Vulnerabilities & Updates
This week was the 2nd Tuesday of the month which as we all know is Microsoft’s Patch Tuesday. In the September edition, they have released a total of 129 vulnerabilities, which includes 23 rated critical, 105 rated important and 1 moderate flaw. The key issue patched this month is a memory corruption vuln in Microsoft Exchange mail servers that can result in remote code execution. This flaw can be exploited by simply sending a specially crafted email to a vulnerable target.
A total of seven remote code execution flaws have been found in multiple versions of SharePoint Server, while other critical issues impact the Windows Graphic Device Interface, ChakraCore, and Visual Studio.
We recommend getting these updates reviewed and deployed as soon as you can, prioritising the critical patches if you are unable to patch them all.
A list of all updates can be found at the Security Response Center portal.
Five critical vulnerabilities have been identified in the popular messaging app WhatsApp. The flaws affected numerous WhatsApp components including both the Android and iOS applications and the desktop client. These flaws can be exploited using malicious video calls and messages and include privilege escalation, overflows and remote code execution vulnerabilities. Fortunately all of these issues were patched within days of discovery. If you haven’t already please updates your apps, if possible always set your mobile apps to automatically update.
Palo Alto have published 9 new security advisories for its PAN-OS firewall operating system, including 1 critical and 5 high rated vulnerabilities. The critical vuln is a buffer overflow, that when exploited could provide an unauthenticated attacker with the ability to launch code with root privileges, when malicious requests are sent to the captive portal or MFA interface.
A list of all the advisories can be found here.
And that’s it for this week’s round-up, please don’t forget to tune in for new instalments every week.
We hope this makes for light reading during these times of uncertainty.
Stay Safe, Secure and Healthy!
Edition #108 – 11th September 2020
Why not follow us on social media:
Ironshare – Security Simplified