Cyber Round-up for 14th September
Welcome to this week’s Ironshare’s Cyber Round-up, where we take a look back at the events of that last week and handpick some of the news, posts, views, and highlights from the world of Security.
GCHQ’s data collection deemed to have breached human rights
The European Court of Human Rights (ECHR) have finally ruled that the mass data collection activities that were carried out by GCHQ, have violated the European convention on human rights that is in place to guarantee privacy.
The GCHQ has been under investigation by the ECHR since 2013 when the whistle-blower Edward Snowden released classified information that the US and UK governments were secretly capturing the private data and communications of millions of people.
The ECHR carried out a comprehensive investigation into these allegations that focused on the previous regimes mass interception of communications. ECHR deemed that GCHQ had violated article 8 of the European Humans rights convention, based on the lack of safeguards and governance related to the collection of this data.
Snowden has responded to the result via his twitter feed:
“For five long years, governments have denied that global mass surveillance violates of your rights. And for five long years, we have chased them through the doors of every court. Today, we won. Don’t thank me: thank all of those who never stopped fighting.”
Interestingly the ECHR ruled that the GCHQ had not violated any rights in relation to its intelligence sharing with foreign governments, although they did suggest abuse of the intelligence services power was evident.
GCHQ (Government Communications Headquarters) forms the centre of the UKs intelligence agencies and work alongside the more familiar MI5 and MI6 agencies. They provide intelligence to law enforcement and the armed forces to protect the UK and its citizens from malicious states and groups.
With the interests of national security at the top of most countries lists of priorities, and the constant threat of terror related activities in our modern world, citizens privacy in this area will continue to be a very divisive topic.
Microsoft Patch Tuesday – September 18
Patch Tuesday, Microsoft’s monthly release of product software updates came out on Tuesday 11th September and included fixes for over 60 known vulnerabilities, of which 15 were security updates classed as Critical.
As expected this patch update also included the fix for the Task scheduler zero-day vulnerability we covered in a previous post. The vulnerability allows attackers to escalate compromised local account privileges to SYSTEM level. This is welcome news on the back of reports highlighting that the attacker group known as PowerPool were already using this exploit in newly developed versions of their malware.
In addition, fixes for the 15 critical vulnerabilities are included, which if exploited, all result in a form of remote code execution, in products such as Windows 10, Microsoft’s Edge browser, .NET and Hyper-V.
We recommend reviewing these patches and updating as soon as possible.
Cisco Talos: MDM Application hiding
For several months now Talos have been tracking and analysing a targeted malware campaign that uses MDM (Mobile Device Management) services to compromise a victim’s mobile phone. The attack was specific to iOS devices, and by tricking the victim to enrol with their MDM server the attackers were able to deploy malicious versions of popular messaging apps such as WhatsApp and Telegram.
In their third blog instalment for this campaign Talos discuss the additional research carried out that has highlighted how the attackers used age related restrictions on the iOS operating system, to hide legitimate applications and only displaying their malicious apps.
Note that MDM is a legitimate solution for enterprises to manage their mobile devices. This threat comes from tricking the user to register with a malicious MDM using the valid registration process in iOS, and is not a bug or vulnerability in the product.
The post includes information and videos on what to look for, how to check your devices for compromise and how to remove it.
That’s it for this edition but please tune in for our next instalment.
To keep up to date with our news and posts why not join our mailing list by using the link to subscribe: http://bit.ly/IronMailList
You can also follow us using the social media links provided.
If your business needs to improve its security, kick-start your Cyber plans with our Free Cyber Assessment: http://bit.ly/IronFreeCyberReview
Ironshare – Security Simplified
Edition #8 – 14th September 2018