Cyber Round-up for 13th September
Welcome to the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
An investigation known as Operation reWired has saw the arrests of 281 suspected criminals in association with recent Business Email Compromise (BEC) scams. The criminals are expected to have stolen almost $37 million during the recent scheme. Despite targeting US victims, the majority of arrests took place in Nigeria, as well as a number of arrests in 9 other countries. The scams primarily targeting employee email accounts in attempts to compromise them and their business associates. The intention of Operation reWired was to send a message to cybercriminals and let them know that they are actively working to prevent BEC schemes. Despite the success of this operation, email scams are still a big threat, and we advise that everyone should take caution when opening emails.
Microsoft are planning to roll out a new feature in October that is designed to enhance how customers are notified of quarantined malware and phishing attempts. The new system allows admins to configure alerts for their users to notify them of quarantine actions. These steps are being taken to help identify threats much faster. By sending notifications to the end-user, admins can easily confirm if legitimate content is being blocked. As well as this, the update will also introduce a new feature called the email timeline, which allows an admin to easily explore threats through triggered events in a user’s email. These changes are a step in the right direction and should massively improve phishing threat hunting in Office365.
Mozilla have announced their plans to introduce DNS-over-HTTPS for the Firefox browser starting at the end of September. The protocol is designed to transfer domain-name queries over a secure HTTPS connection rather than an unprotected DNS connection. This is intended to protect users and prevent third parties from eavesdropping on and manipulating DNS data. DoH acts as an extra layer of security to protect users when accessing the internet. The rollout is said to start late September but is expected to be a slow process and will not be available everywhere immediately.
Cybercriminals are recently showing a lot of interest in macOS systems and attacks are becoming more and more frequent. Malicious and potentially unwanted programs are becoming increasingly popular the last few years; in 2018 there was over 4 million attacks of this nature. In 2019 there has been almost 6 million phishing attacks targeting macOS users alone; the most common phishing pages seen are those pretending to be banking services. During 2019, there has also been a number of Adware threats present in various trojans and viruses. More details on the threats present for macOS users are included in the original post.
A critical vulnerability in the Exim mail server has been discovered that demands attention. The flaw has been identified as a buffer overflow in the part of the TLS negotiation connected to Server Name Indication (SNI). Exim is by far the most popular open-source mail server on the internet, making the threat even more critical. The flaw was discovered in July 2019 and affects all versions from 4.80 to 4.92.1. Exim admins are advised to update to 4.92.2 as soon as possible to prevent being affected by this threat. Further details on the flaw are included in the original post.
Vulnerabilities & Updates
In this month’s edition of patch Tuesday, Microsoft have released updates for 79 vulnerabilities of which 17 have been classified as Critical, and 2 are actively being exploited in the wild. These include remote desktop, privilege escalation, remote code execution and denial of service vulnerabilities. There is also a critical severity Adobe Flash Player flaw that needs to be updated as soon as possible. A list of all patches is included in the original post. We recommend testing and deploying the latest patches as soon as you can.
Two denial-of-service vulnerabilities have been discovered in the NETGEAR N3000 line of wireless routers. The small and affordable devices typically found in home and small office networks, can be exploited by sending HTTP and SOAP requests to various functions of the router, causing it to crash. Cisco Talos is working closely with NETGEAR to resolve the issues and ensure that updates are available to those using the affected products. Further details on the nature of these vulnerabilities are included in the original post.
And that’s it for this week round-up, please don’t forget to tune in for our next instalment.
Why not follow us on social media using the links provided on the right.
Edition #58 – 13th September 2019
Ironshare – Security Simplified