Cyber Round-up

Cyber Round-up for 17th August

Welcome to this week’s Ironshare’s Cyber Round-up, where we take a look back at the events of the last week and handpick some of the news, posts, views, and highlights from the world of Security.

TLS 1.3 approved as internet security standard

Great news on the Internet Security front, with TLS 1.3 being approved as the new standard for Internet Security. TLS or Transport Layer Security is the mainstream protocol that is used to securely access websites and web services that use HTTPS. You may know this as its commonly referred to name of SSL; although SSL (Secure Sockets Layer), also a protocol in its own right, is no longer in use, the term is still widely adopted.

TLS 1.3 has been in development for approximately 4 years, with many individuals having contributed in their efforts to improve on the flaws and performance related issues of its predecessor TLS 1.2.

We can expect a number of significant changes in TLS 1.3, that will result in increased privacy, encryption that is available earlier in the connection, a reduction in connection setup time (by halving the handshake round-trips), and with the use of modern crypto, secure connections will be faster and more efficient than ever.

TLS 1.3 is set to provide the underlying foundations for securing the internet for years to come, using modern methods that will improve security, performance and efficiency.

The IETF TLS 1.3 update: https://www.ietf.org/blog/tls13/

Cloudflare have published a great blog post that provides a detailed look at TLS 1.3, how the protocol has evolved and a breakdown of its improved security benefits.

https://blog.cloudflare.com/rfc-8446-aka-tls-1-3/

If you are still running standard insecure HTTP on your web enabled services, it’s time to start thinking about a change. In the journey to achieve a more secure internet, global security efforts are now focused on the recommendation that ALL internet-based servers should be moved to HTTPS for secure communication, using a minimum of TLS 1.2.

Instagram accounts Hacked!

The last week or so has seen numerous reports of a widescale hack against Instagram accounts, that is rapidly spreading. Many users are finding that they no longer have access to their accounts, and that their personal details and profile pictures are being changed by a malicious third party.

When users try and login to their accounts they are being told that their email / username does not exist, and there is no option to perform password resets as the email used to carry out the reset has been replaced with a Russian email domain ending ‘.ru’. Even users that have enabled Two Factor Authentication are finding emails to say that it has been disabled, and the account is no longer accessible. This is the second instance in two weeks where SMS based 2FA has experienced a compromise (see the Reddit breach) .

Instagram’s response to these events has been mixed with some users hitting a brick wall and having to create new accounts while they wait for a response or for Instagram’s investigation to continue.

What’s key in this is that there are no signs that the actors have made use of the captured accounts to this point. Which leads to the question why hack the accounts? This is something we have seen before and it’s possible that such events can lead to the creation of new botnets, that can be used to spread propaganda and of course Fake News!

Typical methods of compromise in these scenarios include email phishing attacks and poor password security. The best course of action is to never use the same password twice and ensure it is complex (contains a mix of phrases, numbers, letters (including capitals) and special characters); and always be vigilant when using email. It’s getting more difficult to detect phishing attempts these days, but only open attachments or click on links if you are sure they come from a trusted source, if in doubt delete!

Initial report by Mashable: https://mashable.com/2018/08/13/instagram-hack-locked-out-of-account/?europe=true#HCHmpA_QYqqp

Cortana opens Windows while Alexa goes all 007

Cortana and Alexa, the AI smart assistants from Microsoft and Amazon have both been in the news this week for the wrong reasons. Microsoft released a fix during this week’s Patch Tuesday for a vulnerability in Cortana, that could allow hackers to access a locked Windows 10 device where it is possible to retrieve confidential information, perform malicious command execution from the locked screen and an elevation of privilege attack.

We recommended that you ensure that your systems are updated to run the latest security patches from Microsoft. If this is not possible then Cortana should be disabled to protect against this vulnerability.

https://thehackernews.com/2018/06/cortana-hack-windows-password.html

Microsoft Security Advisory for CVE-2018-8140

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8140

On the flip side Amazon’s Echo also known as Alexa, has been found to include a series of flaws that can allow hackers to turn Alexa into a spy-like listening device.

During the recent DefCon security conference in Las Vegas, researchers from Tencent, Wu Huiyu and Qian Wenxiang, presented how they could successfully turn the Echo into a silent listening device. This was achieved using a modified Echo connected to the same network as other Echo’s and the complex chaining of exploits against multiple vulnerabilities in the product.

The good news is that the researchers have disclosed the vulnerabilities to Amazon and they have since been patched to prevent further exploitation.

This is not the first time there have been concerns over these Smart speakers and certainly won’t be the last.

https://www.theregister.co.uk/2018/08/14/amazon_echo_hacking/ 

Microsoft announces retirement of Hybrid MDM

On 14th August Microsoft issued an announcement via the Office Message Center to inform customers of their decision to retire the Hybrid MDM service offering on 1st September 2019.

As customer numbers on the Hybrid MDM service continue to decrease Microsoft feel that this is a good time to move the remaining customers using the service over to the cloud. Migrating customers will be moved over to the cloud-based Intune service that is hosted on Azure. Intune provides an all-round better experience and integrated approach for managing your organisations mobile devices.

This notice does not apply to any on-premise deployments that use SCCM (System Center Configuration Manager).

In short if you are using Hybrid MDM you need to start making plans to migrate to Intune. For more information see:

https://blogs.technet.microsoft.com/intunesupport/2018/08/14/move-from-hybrid-mobile-device-management-to-intune-on-azure/

That’s it for this edition but please stayed tuned for our next instalment.

Sign Up

To keep up to date with our news and posts why not join our mailing list by using the link to subscribe: http://bit.ly/IronMailList

You can also follow us using the social media links provided.

If your business needs to improve its security, kick-start your Cyber plans with our Free Cyber Assessment: http://bit.ly/IronFreeCyberReview

 

Ironshare – Security Simplified

 

Edition #4 – 17th August 2018