Cyber Round-up

Cyber Round-up for 16th April

Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.

In this week’s round-up:

Security News

Upstox Resets Passwords Following Data Breach

Indian Stock Traders, Upstox, have suffered a serious data breach in which cybercriminals were able to access millions of customer’s personal information. The compromised database included customer names, contact information, bank account information, as well as millions of KYC (Know Your Customer) details. KYC data includes scans of ID cards, photo ID and passports, making it a serious breach. The database was accessed by the ShinyHunters gang, who reportedly acquired the company’s Amazon AWS key. As a result of this incident, the Indian firm have reset all customer passwords and released a statement confirming that all funds are still safe and protected.


Justice Department Announces Court-Authorised Operation to Disrupt Exchange Server Exploits

The Justice Department has announced this week that their operation to remove malicious web shells from vulnerable Exchange Servers was authorised by the court. This comes as part of their response plan for the zero-day vulnerabilities that were discovered earlier this year; many systems are still affected, and the FBI have begun their work to expel the hackers from the victim’s networks.



Hacker Group Distributes Malware Through Website Contact Form

Microsoft have discovered a new cybercrime campaign that is using contact forms on benign websites to distribute malware. The group submits a contact form threatening legal action; for example, the actor poses as a photographer claiming their copyrighted photos are being used by the company. This form then includes a link to a fake copyright evidence document which contains malicious code and redirects to a third-party login page. Microsoft warn all system administrators to be aware of this threat and avoid clicking suspicious links such as these.


WhatsApp Flaw Allows Account Lockout

A newly discovered WhatsApp bug could allow an attacker to lock you out of your account using just your phone number. This is possible because of the setup process in which you are asked for your phone number and currently, there is no way to prevent a random user from using your phone number in their setup. This would send messages to your phone containing a verification code; if the attacker does this multiple times you can be locked out of your account for 12 hours. This can lead to your account being suspended if the attacker chooses to contact WhatsApp support.


Vulnerabilities & Updates

Microsoft Patch Tuesday for April 2021

This edition of Microsoft’s Patch Tuesday contains fixes for 108 vulnerabilities. This includes 20 critical flaws, four of which are remote code execution vulnerabilities in Microsoft Exchange Server; these were given a CVSS severity score of 9.8 out of 10. Twelve of the remaining critical flaws exist in the remote procedure call runtime and require no user interaction. There are also fixes for Microsoft Office, the Windows Kernel and Visual Studio. As always, we advise applying the latest patches as soon as possible.


Wordfence Team Patches Vulnerabilities in Elementor Plugins

The Wordfence Threat Intelligence team have been working hard to disclose a number of vulnerabilities present in over 15 popular Elementor plugins. The plugins are used on more than 3.5 million sites, with 100 endpoints confirmed to be vulnerable. Similar to the vulnerability that was found in the main Elementor plugin, these cross-site scripting flaws add JavaScript to posts and execute it when the post is either viewed or edited. If the viewer happens to be an administrator, then the whole site can be taken over.

A list of affected plugins and versions can be found here.

We recommend applying the latest updates as soon as possible.


Patch Available Chrome Browser Zero-Day Exploits

Google have released an update for the Chrome Browser, addressing two zero-day vulnerabilities that were being actively exploited in the wild. Exploits for these flaws were posted online, and it was confirmed that both can lead to remote code execution. We advise updating your browser to the latest version as soon as possible to ensure you are not at risk of exploitation.


And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.

Stay Safe, Secure and Healthy!

Edition #137 – 16th April 2021

Why not follow us on social media:

Ironshare – Security Simplified