Cyber Round-up for 16th July
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
Last week we spoke about a supply chain attack on Kaseya VSA, which resulted in a widespread ransomware attack that affected many US companies. This week, Kaseya have released patches addressing the flaws that were exploited in the attacks. All users are advised to apply the latest patches as soon as possible; additional security recommendations have also been released, including “limiting access to the VSA Web GUI to local IP addresses by blocking port 443 inbound on your internet firewall.”
More details on these recommendations can be found here.
Amazon are now offering end-to-end encryption for the video footage captured by Ring doorbells. This implementation has been tested in the US and was hugely successful; following this test, encryption is being rolled out worldwide. This is a huge step forward in the security of these devices, despite UK law enforcement suggesting it may present some issues. Amazon’s plan to make “neighbourhoods safer with the utmost privacy, security and user control” appears to be moving in the right direction, following their purchase of the US firm, Ring.
Phishing simulation and training company, KnowBe4, recently released results of their latest study, showing that 1 in 3 untrained employees are likely to fall for phishing attacks. KnowBe4 suggest that security awareness training for your users is one of the most effective ways to protect your organisation. This was tested against 23,400 companies; those with no training were 16.4% likely to be affected by a phishing attack, while those with one year of continuous training were just 4.8% likely. We strongly advise all organisations to implement a formal plan to educate their users on the dangers of phishing and social engineering.
Vulnerabilities & Updates
Microsoft recently warned SolarWinds of a newly discovered vulnerability affecting Serv-U Managed File Transfer and Serv-U Secure FTP. If this flaw is successfully exploited, the attacker would be able to execute arbitrary code with elevated privileges. Customers have been given time to apply the necessary updates before more details are published, to ensure the protection of their environments.
Further details on this vulnerability can be found here.
Microsoft users are being warned of a new malware-protection bypass affecting MS Word and Excel. Legacy versions of this software are being targeted, since evading security tools has proved to be fairly easy for attackers looking to deliver the Zloader trojan. Zloader is a banking trojan intended to steal credentials and sensitive information from financial institutions. As you might expect the malware exploits the use of macros in these Office products, so the best option to prevent this threat is to ensure that macros are not enabled.
Is it finally time for Microsoft to remove this macro functionality from Office?
More details on the nature of this attack can be found here.
Microsoft’s Patch Tuesday for July is here, and it addresses some key vulnerabilities, including nine zero-day flaws, 4 of which are being actively exploited. This alone makes it vital that users update their devices as soon as possible. The patch also features fixes for 13 critical flaws and 103 important flaws. Affected products include Windows, Bing, Dynamics, Exchange Server, Office, Scripting Engine, Windows DNS and Visual Studio Code.
SonicWall released information yesterday morning on a critical vulnerability found in unpatched end-of-life SRA & SMA 8.X Remote Access Devices. Everyone still using legacy SRA appliances have been warned that “continued use may result in exploitation”, as SonicWall claims that ransomware campaign are known to be exploiting these flaws. They have also released separate recommendations for each appliance, which can be found here.
And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #150 – 16th July 2021
Why not follow us on social media:
Ironshare – Security Simplified