Cyber Round-up for 17th July
Welcome to the 100th edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
It’s been a another crazy week in Security, where we have lost count of the number of flaws found in products such as Microsoft, SAP, Adobe, Cisco, Juniper, and a new record for vulnerabilities disclosed by Oracle.
In addition to this 100th Edition keep your eyes peeled for an upcoming special, where we take a look back at some of the highlights of our previous Cyber Round-ups.
In this week’s round-up:
Twitter have been the victim of a major system compromise that resulted in the twitter accounts of many high profile individuals, including Barack Obama, Elon Musk, and Bill Gates, being hacked to take part in a Bitcoin scam. Although details are not available Twitter confirmed that their internal employee tools were hacked to take access of these accounts. The Bitcoin scam was tweeted on all of the accounts, requesting bitcoin to be sent to an account so double the amount can be sent back. It is unclear if anyone fell victim to this scam, but Twitter confirmed that they have locked the compromised accounts while investigating. They also stated that access will not be returned to the owners until they are certain they are secure.
MGM Resorts was affected by a data breach back in 2019, and it was originally reported that 10.6 million hotel guests were affected by the incident. A recent sales listing on the dark web proved that the breach was a lot larger than we initially believed. A total of 142 million hotel guest records were found for sale, all for the price of $2,900. The stolen data included names, postal addresses, and email addresses; although it was confirmed that no financial information was compromised. There are still suspicions that the breach may be even larger than what was seen in this dark web sale, so we are waiting for more updates in the future.
The UK government has made the decision to ban the use of Huawei equipment in 5G networks, stating that all Huawei 5G kit must be removed from UK networks by 2027. This decision comes shortly after the sanctions issued by the US, affecting all future equipment; despite this, the US has no intention of removing 3G and 4G equipment. Please note that these bans do not affect Huawei’s smartphone sales, and their devices will still be sold in both the UK and US. The UK are not the first to implement this ban and have joined a long list of countries who are refusing to partner with ‘high-risk vendors’.
Following the recent security concerns with TikTok, US banking firm Wells Fargo has banned their employees from using the app on company devices. TikTok has been under fire recently over suspicions that it is spying on its users and collecting data for the Chinese government; although these suspicions have not been confirmed, many companies are taking precautions when it comes to using the app on corporate devices. Amazon also issued a similar ban, before releasing an email to its employees confirming that the ban was accidental, and users can continue using the application. TikTok are working hard to eradicate any concerns regarding its security but is not quite there yet.
On Saturday, security researchers discovered a security breach involving a LiveAuctioneers database. The database contained username and password combinations of 3 million customers that has been found for sale online. The seller apparently gave away a small amount of user records to prove to buyers that they are authentic. Any users of the auctioning site are advised to change their passwords on LiveAuctioneers, as well as any sites where they may have reused the same password.
Vulnerabilities & Updates
Microsoft has released its monthly batch of security updates, including more than 120 vulnerabilities, with 17 critical flaws being addressed.
The main critical flaw appears in the Windows DNS Server, in the form a remote code execution that has been tagged with a CVSS Score of 10 and classified as a wormable vulnerability, which means that malware can spread between vulnerable hosts with the need for user interaction. More details can be found here.
Other critical vulnerabilities this month are remote code execution flaws existing in the RemoteFX feature of Windows Hyper-V engine, GDI+, DirectWrite, Microsoft Graphics and Windows Font Library.
Most of the bugs addressed in these updates are important, and details for these flaws can be found here in Microsoft’s update page. As always, we recommend applying these new patches as soon as possible.
A vulnerability has been discovered in the LM Configuration Wizard component of NetWeaver Application Server Java platform. This flaw was marked as critical and could allow an unauthenticated user to take over SAP applications and execute arbitrary OS commands. This flaw has since been patched by SAP, and we recommend updating as soon as possible. The bug received a CVSS score of 10 and currently affects more than 40,000 SAP customers; follow this link for the associated US CISA security advisory.
And that’s it for this week’s round-up, please don’t forget to tune in for new instalments every week.
We hope this makes for light reading during these times of uncertainty.
Stay Safe, Secure and Healthy!
Edition #100 – 17th July 2020
Why not follow us on social media:
Ironshare – Security Simplified