Cyber Round-up for 18th December

Christmas Round-up

Welcome to the Christmas edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.

In this week’s round-up:

Security News

The FireEye SolarWinds Nation State Attack

To start things off, we want to talk about the recent FireEye SolarWinds incident and point you towards some important notices. We have written a post about the incident here, which contains links to announcements, advisories and recommendations over the last two weeks.

Hackney Council Hit by Cyber Attack

A ransomware attack targeting Hackney Council had a massive impact on home buyers, with many property purchases being significantly disrupted. The attack came at the start of October and reportedly impacted IT systems, including the “processing of land search requests”. The east London council recently announced that the National Cyber Security Centre and National Crime agency are working to protect user data and restore the affected systems. It was also confirmed that essential services, such as coronavirus response, were unaffected by the attack. There has been no confirmation of the ransom payment, but the time it has taken to restore the council systems suggests that no payment was made.


2020 Incidents Encourage Security Awareness

It has been a busy year in the cybersecurity world and as 2020 comes to an end, we’re trying to focus on the positives. There have been a lot of high-profile security incidents this year, but not all the attention has been bad, and with the massive increase in remote workers, Infosec teams worldwide have had to step up and adapt quickly. With more people working from home, cybercriminals have switched up their tactics, focusing on videoconferencing software such as Zoom, which they know is being used by almost everyone. As well as new attack avenues, old methods are evolving too. Ransomware attacks are becoming more targeted, which in turn makes them harder to detect. Although the increase in cyberattacks has been difficult to manage, the exposure is not all bad. Security has had its time in the spotlight this year which has definitely increased general awareness of the situation.


Hurtigruten Cruise Line Operator Hit by Ransomware

Norwegian shipping and cruise line firm, Hurtigruten, has been hit hard by a ransomware attack that has crippled their IT systems all around the world. Their website is currently down while they resolve the issue, which has been described as a “serious attack against its global IT infrastructure”. At this time, we do not know which strain of ransomware hit the company and there has been no confirmation as to whether or not the ransom has been paid. Hurtigruten are working hard to restore their systems as quickly as possible and will likely release more details once they are operational.

Twitter Fined $550,000 Over Data Breach

Ireland’s Data Protection Commission have issued Twitter with a fine after failing to comply with Europe’s GDPR rules. Twitter received a fine of $550,000 when they did not properly document or disclose details of a recent data breach. This was the first major GDPR decision made by Ireland’s DPC and they are facing criticism for the time it has taken them to make a decision. In the case of this twitter incident, “some half a year extra was added to the decision timeline”.


AMP Graphic 2809


New 5G Network Flaw Allows Attackers to Steal Data and Track User Locations

As 5G networks are slowly introduced around the world, it is important to assess the weaknesses that may be exploited during the rollout. Multiple exploitable flaws have been discovered that could lead to a potential denial-of-service attack. Researchers have also found bugs in the subscriber authentication that could allow an attacker to steal authentication information. Despite these vulnerabilities, there are key security benefits to using 5g including the encryption of Mobile Subscriber Identity numbers.

More details on the flaws affecting 5G networks can be found here.

SkyKick Banner

Vulnerabilities & Updates

Firefox Patches Critical Bug Affecting Itself and Google Chrome

A patch has been released for the Firefox web browser, addressing one critical vulnerability and some high-severity flaws. The critical flaw exists in a JavaScript component called BigInt and has the potential to expose uninitialized memory. This flaw was originally found affecting the Chrome web browser and was patched by Google earlier this month. We advise updating your browsers as soon as possible to ensure you are protected.


And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.

Merry Christmas / Happy Holidays to all.

Stay Safe, Secure and Healthy!

Edition #122 – 18th December 2020

Why not follow us on social media:

Ironshare – Security Simplified