Cyber Round-up for 14th May
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
The operator of America’s largest gasoline pipeline, Colonial Pipeline, was forced to halt operations after they were hit by a ransomware attack last week. Their systems were taken offline proactively, and they are working hard to get back to normal as soon as possible. We do not yet know who was behind the attack and it is unclear when Colonial will be able to return to operation; it is vital that systems are restored as soon as possible, since they are the main source of gasoline in the Eastern half of the US.
West Midlands Railway have been criticised for their controversial cyber-security tests targeting their staff. The company’s staff were all sent fake emails containing a link; the email promised them a bonus for their hard work during the pandemic, but was followed up by a notification confirming that no payments would be made. Though it is good that the railway company are carrying out these simulations, many have criticised their methods, and demand that the workers receive the bonus they were falsely promised.
A new financial startup known as Fintech has been seen offering users up to $500 dollars for the username and password to the payroll account provided by their employers. The startup claims to support people who work multiple jobs to help “improve their credit and employment options”. Many security researchers are concerned with the level of access that the company has and has warned users of the risks of their data harvesting; the startup has also been investigated for relations to a phishing scam. We advise all users to be cautious of sharing credentials with others and avoid giving away access to financial systems such as your payroll.
The UK foreign secretary has issued a warning to Russia regarding their involvement in protecting ransomware actors. The secretary has stated that even if attacks are not linked to the state, they are responsible for prosecuting the criminals. Ransomware attacks have been constant this year, and it seems the actors behind them have gone mostly unpunished. The warnings sent to Russia demand that they take responsibility for those acting out of the country, as their operations have been constantly disrupting educational institutions in the UK.
Car Dealership Service Provider, DriveSure, have been hit by a data breach in which multiple databases were posted on the dark web. The exposed databases include dealership and inventory information, revenue data and client data. Researchers examined the data and found that names, addresses, phone numbers, email addresses and IP addresses were leaked, as well as 93,063 bcrypt hashed passwords. Although Bcrypt is considered a strong encryption method, it can still be brute forced; because of this, we advise all DriveSure customers to change their passwords as soon as possible.
Vulnerabilities & Updates
Security Researchers have found multiple vulnerabilities affecting the WiFi standard, including some flaws dating back to 1997. Some of these isssues are design flaws within the standard, meaning they affect the majority of devices. Unlike most vulnerabilities, these come from “widespread programming mistakes”, meaning they will be much more difficult to patch. WiFi Alliance have been working hard to resolve the issues and while some patches are already available, there are much more to come.
Microsoft have released their monthly batch of security updates for May, and it addresses 55 vulnerabilities, four of which were classified as critical. Among the four criticals, there are three zero-days, including a privilege escalation flaw in .NET and Visual Studio, a Security Feature Bypass flaw in MS Exchange Server and a Remote Code Execution flaw in Common Utilities. As always, we advise applying the latest patch as soon as possible to ensure you are protected against attacks.
And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #141 – 14th May 2021
Why not follow us on social media:
Ironshare – Security Simplified