Cyber Round-up for 17th May
Welcome to the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
Amazon.com have revealed that over the last six months, they were hit by an extensive fraud attack that allowed hackers to siphon funds from compromised merchant accounts. Phishing attacks were likely used to gain access to account credentials, but its unsure how much was actually stolen by attackers.
By E Hacking News.
The WhatsApp messaging app has been hit by a flaw that allows bad actors to install silent spyware to a victim’s smartphone, by simply making a single phone call. Although the spyware was targeting a small percentage of the 1.5Billion users, all IOS, Android and Windows mobile device platforms appear to vulnerable. Get updating your WhatsApp now!
By Naked Security
The Huawei saga keeps rolling on, with a former MI6 chief urging the UK Government to reconsider their decision to use Huawei in the new 5G mobile network. Although Huawei state they have never participated in Chinese state espionage, the former MI6 leader states they are ‘unable to operate free of the control of the Chinese Government’.
By The Guardian.
This months Microsoft Patch Tuesday has disclosed a critical vulnerability in the Remote Desktop Services Feature that can be exploited without the need for valid login details. Older operating systems such as Windows 7, 2008 are vulnerable. Microsoft must be concerned about this threat as they even provided updates for the no longer supported Windows XP and 2003. Get patching your servers now and if you have internet accessible RDP servers, we suggest you get these secured ASAP.
By Microsoft Technet.
A new Spectre-like set of side channel attacks have been identified in Intel CPUs, that has the potential to leak sensitive data. Four separate attack vectors (ZombieLoad, Fallout, RIDL and Store-to-Leak) are associated with this threat, with the possibility of leaking information such as user keys, disk encryption keys and passwords from CPU buffers. Intel is releasing CPU updates, in conjunction with vendors updates from Red Hat, Oracle and Microsoft, to mitigate the threat.
By Threat Post
Vulnerabilities & Updates
Microsoft has released its regular monthly security updates, which includes a total of 79 vulnerabilities. 22 updates have been rated Critical, 55 Important, 2 vulns have been publicly disclosed and 1 has been detected as already being exploited in the wild. Includes a critical vuln in Remote Desktop Services that needs immediate attention.
Apple have released their latest set of product security updates. iOS and tvOS are updated to v12.3, macOS updates are available for Sierra, High Sierra and Mojave, while watchOS is updated to v5.2.1. iOS alone covers a total of 42 vulnerabilities, half of these existing in WebKit which can lead to code execution. Check all your devices and get updating.
By Apple Support
And that’s it for this week round-up, please don’t forget to tune in for our next instalment.
Why not follow us on social media using the links provided on the right.
Edition #41 – 17th May 2019
Ironshare – Security Simplified