Cyber Round-up

Cyber Round-up for 12th March

Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.

In this week’s round-up:

Security News

150,000 Cameras Hacked in Verkada Data Breach

Security company, Verkada, recently had their systems hacked by a group of unknown cybercriminals. The firm provides security cameras for many high-profile companies, such as Tesla and Virgin Hyperloop. Verkada have set up a support line for the affected customers while their security team investigates the incident alongside law enforcement. Tesla have not yet commented on the situation, but other victims such as Cloudflare have confirmed that a number of offices around the world have been affected.


Darknet Marketplaces Selling COVID-19 Vaccines

The darknet has quickly taken advantage of those desperate to get the COVID-19 vaccine by selling them on dark web marketplaces. Prices for these vaccines range from $250 to $1,200 across 15 different marketplaces and Kaspersky researchers have observed multiple sellers, all of which have made between 100 and 500 transactions. Although some of these sellers are providing legitimate vaccines, interacting with these individuals is very risky and we advise everyone to wait for an official vaccine.


Remediation for Microsoft Exchange Vulnerabilities

CISA have released an article containing guidance for those affected by the recent Microsoft Exchange vulnerabilities, this includes advice for organisation leaders and IT security staff, with remediation and mitigation techniques. We advise all companies affected by these flaws to look into this article, as it include references to multiple sources of information and will be regularly updated by CISA with new information and guidance.


Umbrella Graphic 2809


Google reCAPTCHA Scam Targets Office 365 Users

A new phishing scheme has been discovered that is targeting Office 365 users with the intent of stealing their credentials. This scam is unique, as it uses a fake Google reCAPTCHA that redirects to a malicious Microsoft login page containing the logo of the victim’s company. All Office 365 users are advised to verify the legitimacy of any emails they receive, and be cautious when asked to provide credentials or other sensitive information.


DUO 2809

Vulnerabilities & Updates

Microsoft March 2021 Patch Tuesday

Microsoft have released their monthly batch of security updates, including fixes for 89 vulnerabilities, 14 of which are considered critical. These critical flaws include remote code execution in Internet Explorer, Git for Visual Studio and DNS Servers. We advise all users to apply the latest updates as soon as possible to stay protected.

More details on these flaws can be found here.


Remote Hacking Bug Present in Billions of Apple Devices

Apple have released an emergency patch for a vulnerability affecting iOS, macOS, watchOS and the Safari web browser. The exploit was made possible by a memory corruption issue and allows an attacker to execute arbitrary code on the target devices using malicious web content. This was reported to Apple by researchers from Google’s Threat Analysis Group and Microsoft’s Browser Vulnerability Research group. We advise all Apple customers to update their devices as soon as they can.


Overview of F5 Critical Vulnerabilities

This week, F5 released a security advisory for four critical vulnerabilities, including remote code execution and buffer overflow flaws in the iControl REST interface, the TMUI and TMM. These flaws are are considered critical severity, and so F5 advises all users apply the latest updates as soon as they can.

More details on these vulnerabilities can be found here.


And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.

Stay Safe, Secure and Healthy!

Edition #132 – 12th March 2021

Why not follow us on social media:

Ironshare – Security Simplified