Cyber Round-up

Cyber Round-up for 15th March

Welcome to the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.

In this week’s round-up:

  • Microsoft Patch Tuesday – March 19
  • Rockstar Games Entices Users to Enable 2FA
  • TV Licensing Scams Cost the Public £830k
  • Cisco Talos – New PoS Malware for Sale
  • Intel Patch Windows Graphic Driver Flaws

Microsoft Patch Tuesday – March 19

The second Tuesday of the month is here which means its time for more monthly security updates from Microsoft. A total of 64 vulnerabilities have been addressed this month, which include 17 updates rated Critical, 45 Important, with 1 Medium and 1 rated Low.

These updates cover releases for Windows Operating Systems, Edge and Internet Explorer Browsers, Office, SharePoint, DHCP, Team Foundation server, Skype for Business and of course the ChakraCore scripting engine.

Microsoft’s Edge browser has updates that resolve 7 Critical CVE’s that are related to memory corruption vulns in the scripting engine, these have a regular appearance in patch Tuesday, and are caused by the way objects are handled in memory.


Rockstar Games Entices Users to Enable 2FA

I was pleased to see Rockstar Games actively trying to get its users to adopt two factor authentication on their accounts this week.

In the ‘Flight Week in GTA Online’ announcement which was posted to their website, Rockstar have generously offered a nice in-game bonus to any users that enable 2-step verification.

2-step verification is another name for 2FA and basically means you will need a code in addition to your username and password in order to access your account, providing an additional layer of security that protects accounts from unauthorised access.

Rockstar have stated that any user that adds 2FA to their social club account will be rewarded with:

  • $500,000 to their GTA Online account
  • 10 Gold Bars to their Red Dead Redemption Online account
  • And additional future benefits to both GTA and RDR Online

To enable 2-Step Verification on your Social Club account, go to the following link:

This is a great step by Rockstar Games to incentivise its users to increase their account security. Let’s hope that other companies follow in their footsteps.

See the post on Rockstar Games ….

TV Licensing Scams Cost the Public £830k

Action Fraud UK have reported that fraudsters are not letting up and they are still seeing a huge number of TV licensing phishing scams that we first witnessed in September 2018.

The phishing campaign is continuing to target the general public, sending fake TV licensing emails that are convincing victims to part with their personal and financial information.

Action Fraud have received over 900 fraud cases, totalling more than £830,000 in financial losses for the victims, since April 2018.

To protect yourself against these types of phishing attacks:

  • Look out for fake emails, that may contain spelling or grammatical errors.
  • Ensure received emails have been sent from a valid source, by checking the actual email address and not just the display name.
  • If you are unsure never click on a link, open any attachments or enter any personal or financial details.
  • Scam emails are getting very convincing and may even include personal details, so stay vigilant.
  • If in doubt delete!

If you have been a victim of fraud then you can report your case using the Action Fraud UK website.

Read more on Action Fraud ….

Cisco Talos – New PoS Malware for Sale

A new post from the Cisco Talos team this week, has identified and detailed a new Point of Sale malware called GlitchPoS, that infects sales websites and electronic retail sales machines (tills) with the goal of capturing credit card information.

Attackers can use this malware to increase their finances, and fund further criminal activities.

This new PoS malware has been found available for purchase on crimeware forums and Talos believe that this is not the first malware that has been developed by this actor.

GlitchPoS is controlled by its own C2 infrastructure that includes a GUI based Dashboard control panel. The dashboard reports the number of Bots available and online, as well as the amount of infected PoS devices.

Captured card data from the infected machines is sent to the C2 servers and is displayed in the dashboard console so they can be easily accessed by the attackers.

Although it is unclear at this stage how many purchases of GlitchPoS have been made, it is clear that Point of Sale malware remains a lucrative option for cyber criminals, and development of this type of malware continues.

Cisco AMP and Umbrella can be used as effective controls that prevent this threat.

Cisco AMP for Endpoints can be used to detect and block this type of malware from executing on your devices.

While Cisco Umbrella can be used to prevent infected devices from communicating with the Command & Control (C2) servers.

It is also strongly advised that Point of Sales terminals are updated along with other IT infrastructure and should be placed in their own network segment to ensure that they are isolated from your critical systems.

Read the full post on the Talos Blog ….

Intel Patch Windows Graphic Driver Flaws

Nineteen vulnerabilities have been patched by Intel for its Windows 10 graphics drivers, that including two flaws rated with a high severity.

These two vulnerabilities are covered by CVE-2018-12214 and CVE-2018-12216.

The first is a memory corruption issue that exists in the kernel mode driver and allows an attacker with local access privileges to execute code on the target system.

The second has a CVSS rating of 8.2, also existing in the Kernel mode driver, but this time it’s due to a lack of input validation that can allow an attacker to execute code with local privileges.

The remaining updates have a mix of of low & medium severities, and may result in Information Disclosure, Denial of Service or Privilege Escalation.

Intel recommends that users of Intel Graphics Driver for Windows update to versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and or later.

Updates can be found available in the Intel download center:

Read more on Threat Post ….

And that’s it for this week, please don’t forget to tune in for our next instalment.

Why not follow us on social media using the links provided on the right.

Edition #33 – 15th March 2019

Ironshare – Security Simplified