Cyber Round-up for 14th August
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
A recent coordinated campaign has taken over a number of popular subreddits, filling them with pro-Trump propaganda. Right now, experts are unaware of how the accounts were compromised, but moderators appear to be cleaning up just a few days after the incident. Investigation is currently underway, and the affected subreddits are being restored; all that is known right now is that the attacks were carried out through the use of compromised moderator accounts, however the group behind the attack is still unknown. This is not the first social media / forum takeover, as many high profile twitter accounts were taken over as part of a bitcoin scam last month; this recent increase in social media activity is worrying, and we will be keeping an eye out for future incidents.
iOS 14 is just around the corner, and with it comes a load of new features that are sure to catch your eye. The update is rumored to contain a lot of changes for Maps and Photos, but we are more interested in the security and privacy updates that were promised. One of these features includes the ability to opt in to having your data tracked to deliver personalised ads. Another big feature that was announced is forcing app developers to specifically detail what data they will collect, and warn the user before they download the app. Users will also be notified if an app is spying on their clipboard. We are all excited to see how these brand-new features improve the security and privacy of iOS devices, and how other mobile companies manage to compete.
A new phishing attack has been seen targeting cPanel users; however, it does not use the typical methods we are used to seeing. Instead, this scam sends users a fake security advisory which warns them of critical vulnerabilities affecting the web hosting platform. They are then prompted install an ‘update’ which claims to patch the flaw, but instead redirects them to login with their cPanel credentials. The attackers responsible for constructing this phishing attack have really taken the time to create a convincing scam, and it is no surprise that some people have fell for it. As always, stay safe and do not give away your login credentials unless you are certain it is safe to do so.
Smart locks have become increasingly popular recently, which in turn draws attention from cybercriminals. These new IoT devices are an alternative to your traditional lock; however good they may seem they have their flaws. One has been found recently and can be quite dangerous. One feature of the smart lock is the ability to share access keys with others, so that they can gain access through their smartphone; this seems like a good idea, aside from the security risks. This new vulnerability allows an attacker to help themselves to an access key, and all they need to do so is the MAC address of the device. In response to this flaw, U-Tec began to make improvements to their security, and after a few days have resolved the issue.
On August 6th, SANS carried out a review of their email configuration and found a mail forwarding rule that was leaking data to an external email address. The forwarded files included data such as email addresses, names, country of residence and company names. Once this was discovered, it was immediately prevented from sending any more emails, but not before a total of 513 had already been sent. SANS have said that most of the emails were harmless, but a few contained some personally identifiable information. If you wish to learn more about this attack, and how the individuals have been affected, this can all be found in this article.
Vulnerabilities & Updates
Microsoft’s patch Tuesday for August arrived this week, and it is a big one. With 120 total vulnerabilities addressed, 17 critical bugs and two zero-days that have already been exploited in the wild. The first zero-day is a Windows OS bug that allows attackers to bypass security features and incorrectly validate file signatures. The second zero-day is a remote code execution flaw that exists in the scripting engine in Internet Explorer. The full list of security updates can be found here on Microsoft’s Security Update Guide Portal.
And that’s it for this week’s round-up, please don’t forget to tune in for new instalments every week.
We hope this makes for light reading during these times of uncertainty.
Stay Safe, Secure and Healthy!
Edition #104 – 14th August 2020
Why not follow us on social media:
Ironshare – Security Simplified