Cyber Round-up for 17th December
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
Located in the Cabinet Office building a secret data centre accessing a flood of data is helping the way the UK handles anything from food shortage to national relations. The situation centre has been called SitCen and is helping to inform the UK government with better, more accurate and up to date analytics. SitCen is designed to collect data from numerous sources and produce actionable data in a crisis event. Recently SitCen has been used in the fuel shortages to understand where fuel is most needed across the country to allow for fuel tankers to be directed effectively across the country. SitCen & its data analytics capability is expected to play a big role in the UK’s cyber strategy and response, specifically in the event of significant cyber attacks.
Vulnerabilities & Updates
This week has seen a huge amount of focus on product vulnerabilities, no more so than the critical Apache Log4j (aka Log Forge) flaws. This has already had a huge impact on businesses and product vendors around the globe with millions of devices thought to be vulnerable. Here you can find our round-up of the recent Apache Log4j vulnerability, including advisories, recommendations, resources and other information.
We are already half way through December which means Microsoft’s December Patch Tuesday updates are now available. Please click here for our Patch Tuesday post, including 7 critical vulnerabilities in Microsoft Defender, Office & more.
The most recent update to Apple’s IOS has been released and is fixing a slew of security problems. One of the problems has been a Remote Code Execution vulnerability allowing a jailbreak exploit chain. Safari could be exploited allowing arbitrary code to run on the device with kernel permissions. Hacker group Kunlun Lab was able to jailbreak an iPhone 13 in just 15 seconds at the International Cyber Security Contest Tianfu Cup in China. Updating to the latest version is highly recommended due to the severity and ease of the exploitation.
A recent vulnerability was found in System-on-Chip Wi-Fi devices prepared by Broadcom, Cypress, and Silicon Labs. The vulnerabilities were found after a series of attacks were detected using previously unknown exploit methods. The attack allowed hackers to read and alter network traffic including passwords and other private credentials. The vulnerabilities found were:
• CVE-2020-10368: Wi-Fi unencrypted data leak
• CVE-2020-10367: Wi-Fi code execution
• CVE- 2019-15063: Wi-Fi denial of service
• CVE-2020-10370: Bluetooth denial of service
• CVE-2020-10369: Bluetooth data leak
• CVE-2020-29531: Wi-Fi denial of service
• CVE-2020-29533: Wi-Fi data leak
• CVE-2020-29532: Bluetooth denial of service
• CVE-2020-29530: Bluetooth data leak
The security teams analysing the exploit have notified chip vendors which are pushing security updates. It is advised to update your devices as they become available, in case you are affected by these serious vulnerabilities.
“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” Google added.
Google has since released a security patch to protect against the vulnerability but its expected to take a while before it is rolled out and available to all its users.
And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #171 – 17th December 2021
Why not follow us on social media:
Ironshare – Security Simplified