Cyber Round-up for 14th June
Welcome to the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
MI5 have been holding on to people’s personal data illegally for many years and have been keeping it a secret. Under the Investigatory Powers Act, MI5 can apply for a warrant to obtain people’s personal data, for important investigations such as counter-terrorism. The act also states that data should only be kept for as long as it is relevant to an investigation; despite this, MI5 have reportedly held onto this information unlawfully for much longer than required. The Investigatory Powers Commissioner also announced that the retained information had not been stored safely either. It was revealed that senior members of MI5 have been aware of the security issues since 2016, and have kept it secret from the public, the home office and the prime minister.
Spammers have found a way to beat the Gmail spam filters by taking advantage of the ‘preferential treatment’ it offers its own applications. Messages shared by other Google apps, such as Google Calendar and Photos, get a free pass through the Gmail filters; this means that any spam incorporated into one of these messages will also be allowed past. For example, a scammer can send a malicious link to a user via the description of a Google Calendar invite. Similar bypass methods have been observed in Google Forms, Drive, Photos, and even Google Analytics. A spokesperson for Google announced that they are constantly trying to combat spam, and while they are making progress, not all spam will be blocked.
A high severity vulnerability has been discovered in popular command-line text editing applications, Vim and Neovim. The vulnerability allows an attacker to execute commands and gain remote control of your Linux system without you knowing and can be exploited as soon as you open a file on either of the applications. The text editors include a feature that lets you use a set of custom preferences, known as ‘modelines’. Sandbox Protection is enabled in case the modeline contains an unsafe expression, however this can be bypassed by using the “:source!” command. Updates were released by Vim and Neovim to address the flaw, and it is recommended that you install these patches as soon as possible. Additional recommendations are listed in the original post.
Email is the primary form of communication among businesses, which is why it is still the preferred delivery method for most attackers. In 2018, many of the top critical threats used email to execute attacks. For example, Emotet delivered malware by attaching malicious docs to emails disguised as invoices or payment-related spam. Despite transforming into a much more advanced platform, Emotet still uses email as its preferred method of launching attacks. Other critical threats such as cryptomining also use email to deliver malicious payloads. A newly emerging threat, Unauthorised MDM (Mobile Device Management) Profiles, also uses email to trick the user into installing a malicious profile onto their device. Be aware that the popularity of email attacks means that they won’t be going anywhere, so stay vigilant.
Vulnerabilities & Updates
The months are rolling round fast meaning its update time again. The June Patch Tuesday security updates include a total of 88 vulnerabilities. 17 updates have been rated Critical, 65 Important, 4 vulns have been publicly disclosed but none have been detected as already exploited in the wild.
Microsoft released an update in the April 2019 edition of Patch Tuesday, for an Important Win 10 privilege escalation bug (CVE-2019-0841), however this week, a second bypass for this patch has been published on GitHub by SandboxEscaper. This vulnerability allows a low-privileged attacker to gain access to files which they wouldn’t usually have control over. Microsoft did not have enough time to fix this before the June Patch Tuesday, so there is currently no available patch to resolve this flaw.
A new vulnerability has been discovered in IOS XE, the Linux version of Cisco’s Internetworking Operating System. The flaw allows a remote attacker to take full control of routers or switches due to a vulnerability in the web-based UI. Since the web UI does not have CSRF (Cross-Site Request Forgery) Protection, an attacker can send a malicious link to a user that executes an unwanted action on the web app they currently have open. The vulnerability was given a CVSS Score of 8.8 out of 10. There are currently no workarounds for the flaw, however a software patch has been released by Cisco.
And that’s it for this week round-up, please don’t forget to tune in for our next instalment.
Why not follow us on social media using the links provided on the right.
Edition #45 – 14th June 2019
Ironshare – Security Simplified