Cyber Round-up for 12th February
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
The administrator of the Ziggy ransomware has published a statement announcing that they are shutting down operations and publishing all decryption keys. In this announcement, the operator apologises for the harm they have caused their victims and says that the keys will be published as soon as possible. The administrator also revealed that they “created the ransomware to generate money as they live in a third-world country”; however, they felt too guilty to continue operations.
A SQL file containing 922 decryption keys was posted by the admin. Based on this information Emsisoft have made a decryptor available which can be found here.
The computer systems of Oldsmar, Florida’s water treatment facility were compromised last week and the chemical levels of the drinking water were changed. The hacker, who is yet to be identified, gained access to the facility from a remote computer set up for control of the water treatment operations. The attack was discovered almost immediately, and the changes were reverted; Oldsmar city staff have confirmed that no altered water was delivered to the locals. These kind of critical infrastructure attacks are what the cyber security community have been dreading, lets hope this does not become a more common occurrence.
CD Projekt Red, known for making games such as Cyberpunk 2077 and the Witcher, have become the latest victim of ransomware. Researchers have labelled this as a “double extortion ransomware”, as they expect another leak to be published soon. The firm have stated that they will not pay the ransom. The author of the leak has previously been seen on hacking forums associated with the Cobalt Strike malware, which explains his ability to perform the attack.
More updates will undoubtedly follow in the coming days.
Two groups of cybercriminals from Iran have been found running surveillance operations on users in Iran, the UK, US and 10 other countries. One of the groups is known as Domestic Kitten and has been observed fooling victims into downloading malicious applications that spy on the user’s activity on their mobile device. This campaign has had over 600 successful infections so far. We advise all users to only download applications from trusted app stores.
Vulnerabilities & Updates
Microsoft’s Patch Tuesday for February has just arrived, and it covers 56 flaws including 11 critical, 43 important and 2 moderate severity. Among the critical vulnerabilities is a zero-day that is being actively exploited in the wild; other critical flaws include a privilege escalation bug in Windows Win32K, and remote code execution bugs in Windows DNS Server, .NET Core, Visual Studio, Microsoft Windows Codecs Library and Fax Service.
Microsoft’s update guide for this patch release can be found here.
Adobe have issued a warning regarding a critical vulnerability in Adobe Reader for Windows. It was confirmed that this flaw is being actively exploited in the wild and is classed as a heap-based buffer overflow bug, which could lead to the execution of arbitrary code. Adobe released a patch for this on Tuesday, and we advise all users to update as soon as possible.
SAP have released their latest batch of security updates which address seven vulnerabilities, including a critical remote code execution flaw existing in the Commerce product. The patch also includes updates for Google Chromium, as well as several flaws in SAP Business Warehouse. As always, we recommend applying the latest patches immediately to ensure you are protected.
And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #128 – 12th February 2021
Why not follow us on social media:
Ironshare – Security Simplified