Cyber Round-up for 17th January
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
The UK and US are still in disagreement over the decision they face regarding Huawei. The Chinese company want to build a 5G telecoms infrastructure, but the US government have said they are not willing to take the risk following recent espionage rumours. The UK government have disclosed that they may be open to allowing Huawei to operate in certain parts of the 5G network that are deemed ‘non-sensitive’, however the US are not in agreement. The decision is one of the biggest this government may face, and the company are facing security assessments from the government to help them come to a conclusion.
After a short three-week break over the holidays, Emotet is back to its malicious ways, targeting more than eighty countries with its spam campaigns. The campaign consists of crafted emails disguised as invoices, party invites and reports; the newest addition to their email templates is an invite to Greta Thunberg’s climate change demonstration. The Emotet trojan is more advanced than ever and can be a massive threat to your organisation, including a potential ransomware attack. With Emotet back active, it is vitally important that you and your employees understand the dangers of opening email attachments; educating users and spreading awareness is the best way to protect against this kind of threat.
Citrix technology, which is used by thousands of companies worldwide, has been targeted by hackers over the last few days who are attempting to exploit a critical vulnerability. This vulnerability exists in the Citrix Application Delivery Controller and Gateway Servers, and potentially allows an unauthenticated attacker to execute arbitrary code on the affected machine. There are currently no patches addressing this flaw, but Citrix has released a number of steps that may help mitigate the risk of an exploit until a permanent fix is available. We highly recommend following these steps to best defend against an attack until a future update.
Vulnerabilities & Updates
A serious vulnerability has been discovered that affects all versions of Windows. This flaw exists in a core cryptographic component of Windows and presents many security risks, from authentication to spoofing a digital signature and appearing to be a legitimate company. Microsoft have reportedly released a patch for their high-value customers, including the U.S. Military; sources suspect that these organisations have signed agreements to not disclose the details of this vulnerability until Patch Tuesday hits. Despite this, Microsoft responded to the speculations saying that they refuse to discuss details of vulnerabilities before updates are available to the public, and do not release updates ahead of the regular schedule.
Microsoft have released the first Patch Tuesday of 2020, and it’s a big one. This month’s update covers 8 critical vulnerabilities as well as 41 Important. It is important to note that this is the last patch that offers updates for Windows 7 and Windows Server 2008/2008 R2, as they are no longer supported. Among the critical vulnerabilities are 7 remote code execution flaws residing in the .NET and ASP.NET core software, Windows RDP Client and Gateway Server. The other is a memory corruption flaw affecting Internet Explorer, which could allow an attacker to execute arbitrary code. We recommend looking through the details of this month’s patch and applying the updates as soon as possible.
And that’s it for this week’s round-up, please don’t forget to tune in for new instalments every week.
Why not follow us on social media using the links provided on the right.
Edition #74 – 17th January 2020
Ironshare – Security Simplified