Cyber Round-up for 17th April
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
Linksys, a company known for selling network hardware, recently forced a password reset for all customers using Smart WiFi. As a result of the recent COVID-19 malware attacks, many user accounts had been compromised and security firm Bitdefender confirmed that devices were being hit with credential stuffing attacks. Linksys were reportedly unclear as to why the password reset occurred, and the notice they sent to customers referenced the COVID-19 malware, but was very cryptic; all users of the Smart WiFi app must reset their password when they next log in.
We have spoke about this extensively over the last few weeks, but it doesn’t seem to be slowing down; COVID-19 themed phishing campaigns are still ongoing, causing even more unnecessary danger during the pandemic. Unit 42 has observed attacks against a Canadian Government Healthcare Organisation and a Medical Research University; the malware being utilised in these campaigns are information stealers and ransomware methods which are detailed in the blog. For safety purposes, the attacks used as examples in this post were not successful; more information on this crisis can be found here.
Over 500,000 Zoom accounts are currently listed for sale on the dark web and various hacker forums; this is the result of a credential stuffing attack, which is where leaked login credentials are used to try and gain access. Those that were successful are being sold for less than a penny each, and sometimes even free. This is to try and gain a reputation in the community. We strongly recommend not reusing passwords on multiple sites, and if you have, change them as soon as possible. We also advise using Have I Been Pwned to check if your email has been breached.
Cloud Misconfigurations occur when a cloud system/asset has not been set up properly, which could have negative impacts on the security of your data. Security Researchers found that 21% of data breaches were due to misconfigurations, making it one of the most common ways for an attacker to make their way into your cloud systems. McAfee have provided a list of common misconfigurations that affect Amazon Web Services, we strongly advise looking into this and remedying any issues you may not have previously known about.
Popular video conferencing software, Zoom, has been the victim of many hacking attempts since people have been forced to work from home, but the worst is yet to come. Reports state that a zero-day exploit for Zoom is being sold for $500,000 on the dark web. Those who trade these kinds of exploits have revealed that there are two exploits available, one for Windows and one for MacOS. Zoom are actively investigating this issue, and claim to take their user security extremely seriously; as of yet, no evidence has been found to support the claims of a zero-day being present.
Vulnerabilities & Updates
This month’s release of Microsoft’s Patch Tuesday just hit and it’s a big one, with a total of 115 vulnerabilities. 10 of these vulnerabilities were labelled critical and include various remote code execution and memory corruption flaws. Some of the affected engines include the Windows scripting engine in Internet Explorer, as well as Adobe Type Manager and Microsoft Edge. There are also 96 important vulnerabilities addressed in this patch; more details can be found here in the Talos blog. As always, we advise applying these patches as soon as they are available.
And that’s it for this week’s round-up, please don’t forget to tune in for new instalments every week.
We hope this makes for light reading during these times of uncertainty.
Stay Safe, Secure and Healthy!
Edition #87 – 17th April 2020
Why not follow us on social media:
Ironshare – Security Simplified