Cyber Round-up for 14th February
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
Cybercriminals have taken advantage of the recent coronavirus outbreak and have begun deceiving victims disguised as the Center for Disease Control (CDC). The phishing attempt includes a link that redirects to a fake outlook page where your details can be stolen. The email is intended to scare a user into giving up details by issuing a warning of an outbreak in your city; at first glance this can look real but there are many obvious giveaways if you know what you’re looking for. The link appears to go to the CDC website, but instead redirects to an outlook phishing page. We strongly recommend avoiding clicking email links if not from a trusted source and always proceed with caution when opening attachments.
Google have recently announced their plans to force Nest customers to use two-factor authentication; there is a lot of concern regarding the security of smart home products like the nest, but this is definitely a step in the right direction from Google. If you are unsure what two-factor authentication is, it requires a user to use a secondary method of authenticating when logging in; for example, after entering your username and password you may be asked for a random generated code from your smartphone. This increases account security massively; if you are interested in setting this up, visit the Nest website to learn how to enable it.
The records of 440 million Estée Lauder customers have been exposed online due to a non-password protected cloud database. The leaked information includes plaintext email addresses and content management system logs. It was confirmed that no sensitive employee records or payment information were leaked which was fortunate. The database was exposed as a result of misconfiguration, however the company resolved the issue very quickly as soon as they were aware of it; this is respectable, as many organisations lack the urgency needed in these situations.
IBM Security’s recent threat intelligence report included details of old Microsoft vulnerabilities that still seem to be actively causing trouble. Upon investigating global spam activity, IBM X-Force discovered that two previously patched vulnerabilities were accountable for almost 90% of those exploited by threat actors in these campaigns. One of these flaws’ dates back to 2016, even though a patch was released in April 2017; the other is a memory corruption flaw that reportedly surfaced almost 20 years ago. With old vulnerabilities like this still active, attackers have no reason to develop new attack methods; many high-profile systems such as hospitals still run older Windows versions that can be exploited easily, which makes the patching situation much more complex.
Vulnerabilities & Updates
A vulnerability has been discovered that exists in the WebUI of the Vigor 2960 / 3900 DrayTek routers; this was discovered on Jan 30th and was dealt with quickly. A patch was released on Feb 6th addressing the flaw, which we recommend applying as soon as possible. This issue only affects the Vigor 3900 / 2960 / 300B; if you use any of these, you should update as soon as possible to 1.5.1 firmware or later. DrayTek also has a number of other recommendations such as disabling remote access to mitigate the risk of an attack; these can be found on the security advisory, as well as the associated firmware downloads.
A total of 98 vulnerabilities have been addressed in this month’s bumper edition of Microsoft Patch Tuesday, 12 of which are critical. The critical flaws include 8 memory corruption vulnerabilities affecting the Microsoft scripting engine and Windows Media Foundation, as well as 4 remote code execution flaws which exist in Windows 10, RDP, and some versions of Windows server. The patch also addresses 84 important vulnerabilities, for which details can be found online; we recommend applying these updates as soon as possible.
And that’s it for this week’s round-up, please don’t forget to tune in for new instalments every week.
Why not follow us on social media using the links provided on the right.
Edition #78 –14th February 2020
Ironshare – Security Simplified