Cyber Round-up for 16th October
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
An electronic document-signing service called Docsketch recently announced they had suffered a security breach in which a three-week old copy of their database was accessed. This breach occurred back in August, and the company has since revealed that the stolen information included names, signatures, personal data and, in some cases, payment card and login details. They also confirmed that some passwords were included; even though they were clear that the password strings were salted and hashed, the complexity of the hashing was not stated. Docsketch have begun sending alerts to customers they believe were affected; however, we recommend all users of this service update their passwords as soon as possible.
Carnival Corporation, the world’s largest cruise line operator, recently confirmed that they had suffered a ransomware attack. The attack occurred back in August 2020, and reportedly included “unauthorised access to personal data of guests and employees”. The security team is currently investigating the attack and has so far found no indication that the stolen data has been misused. It is not currently known if the ransom has been paid, as investigation is still ongoing; details on the attack and initial compromise can be found here.
Microsoft’s cyber security researchers have discovered a new type of ransomware designed to infect Android devices. This new malware uses entirely new techniques and capabilities, including open-source machine learning and the ability to evade detection from security solutions. This variant also uses social engineering and disguises itself as popular applications, however it does not encrypt data or lock users out of their device. Instead, it displays a ransom note message over every window that the user tries to open; the note threatens the user and urges them to pay a ransom. To ensure that you do not become a victim of this attack, we advise that you only download applications from trusted app stores and avoid third party stores which are notorious for distributing malicious apps.
With ransomware attacks being so present lately, everything else has really been pushed out of the spotlight. However, Cisco Talos recently discovered a new campaign that uses a multi-modular botnet in combination with a cryptocurrency mining payload. The threat has been named ‘Lemon Duck’, and it has seen an increase in activity over the last few months, despite previously being inactive since December 2018. Talos advises that everyone “monitors the behaviour of systems within their network to spot new resource-stealing threats such as cryptominers”, and with Lemon Duck’s increasing presence, we strongly recommend you follow this advice.
Vulnerabilities & Updates
Microsoft’s October Patch Tuesday is finally here, and it addresses 87 total vulnerabilities. These include 21 RCE flaws, the most dangerous of which is a remote code execution that exists in the Windows TCP/IP stack; it allows a remote attacker to take over the target system by sending malicious ICMPv6 Router Advertisement packets. If you want to see a list of all the addressed vulnerabilities, it can be found here; and please remember to apply the latest patches as soon as possible.
A team of security researchers has discovered 55 new vulnerabilities affecting Apple software and services, 11 of which are considered critical. The group disclosed their findings to Apple, who began patching immediately; as part of Apple’s bug bounty program, the team of researchers have been awarded a $288,500 payout. 28 of the 55 were patched within 1-2 days, and the rest are currently in progress. The critical flaws included remote code execution, authentication bypass, command injection and memory leak vulnerabilities. We recommend updating your apple devices regularly, or preferably, set your devices to update automatically as soon as future patches become available.
And that’s it for this week’s round-up, please don’t forget to tune in for new instalments every week.
We hope this makes for light reading during these times of uncertainty.
Stay Safe, Secure and Healthy!
Edition #113 – 16th October 2020
Why not follow us on social media:
Ironshare – Security Simplified