Cyber Round-up

Cyber Round-up for 13th May

Welcome to Ironshare’s Cyber Round-up, where we look back at the events of that last week and year to cover some of the news, posts, views, and highlights from the world of Security. 

In this week’s round-up:

Security News

BIG-IP Critical Vulnerability Allowing Device Wipe

A critical vulnerability in F5’s BIG-IP, a collection of hardware and software designed around application availability, access control, and security solutions has been at the mercy of hackers after a critical vulnerability has been exploited in the wild. The critical vulnerability allows hackers to execute commands on BIG-IP network devices as an administrator without authentication. This attack has been used to initiate webshells, steal SSH keys, enumerate system information and attempts have been made to wipe the network devices. F5 has recommended all users update to the newest version immediately.


REvil Ransomware Gang Returns With New Samples Found

After six months of inactivity, it appears that the REvil ransomware gang has returned, with analysts finding multiple new samples associated with the group. While it has not been confirmed that the group is back, we do know that the developer of these samples has access to REvil source code. REvil were one of the pioneers of double extortion attacks, so their return may cause trouble for a lot of people. We will keep an eye out for any signs of their return and provide updates when we learn more.


UK Government Destroy Stolen Credit Card Details

Hundreds of thousands of credit cards were stolen by criminals across the UK, which could have potentially led to a loss of tens of millions of pounds. Fortunately, UK government hackers were quick to act on this and were able to avoid any fraudulent use by destroying the stolen credit card details. Not much has been revealed about this operation, however we do know that the UK government has been actively tackling criminals online; this strategy is proof that their strategies have been hugely successful in the prevention of cybercrime.

By News-sky-com

AGCO Hit By Ransomware

AGCO, a producer of agricultural machinery, has been hit by ransomware. AGCO has reported that it was the victim of a ransomware attack affecting some of its production facilities causing workers to be sent home. An investigation is underway to identify and remediate the ransomware. AGCO has not said whether it is prepared to pay the ransom or how much it is. The manufacturer said that business operations will be “adversely affected for several days” and may take longer to fully recover.


Recent Cyberattacks Target MM.Finance and Fortress DeFi Platforms

DeFi platforms MM.Finance and Fortress have both reported cyberattacks that drained millions of dollars’ worth of cryptocurrency. MM.Finance has reported losses of more than $2 Million, while Fortress claims to have lost about $3 Million. These companies have requested that no assets are supplied while they investigate the incidents; as soon as more information is available we will provide updates here.

More details on the Fortress attack can be found here.

For information on the MM.Finance attack click here.


Vulnerabilities & Updates

Emergency Google Android Update Addresses 36 Security Flaws

All Android users are advised to update their devices as soon as possible, as the latest security update contains fixes for 36 vulnerabilities. 11 of these flaws are unique to the Google Pixel, with two critical vulnerabilities allowing a remote attacker to execute arbitrary code on the target device.

More details on these vulnerabilities can be found here and as always, we recommend upgrading to the latest version immediately.


Application Errors Caused by Windows 11 KB5013943 Updates

Microsoft’s Patch Tuesday for May 2022 dropped this week, featuring fixes for a number of key vulnerabilities. One of the most important things to mention about this months batch of security updates is the issues it has caused in Windows 11. The KB5013943 update for Windows 11 has reportedly been breaking .NET applications, causing users to be unable to open them. Guidance on how to fix this issue can be found here.

As well as this, you can find Microsoft’s official security update guide for May 2022 Patch Tuesday here.


And that’s it for this week’s round-up, please do check in next week for our new batch of security news and posts.

Stay Safe, Secure and Healthy!

Edition #189 – 13th May 2022

Why not follow us on social media:

Ironshare – Security Simplified