Cyber Round-up

Cyber Round-up for 18th September

Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.

In this week’s round-up:

Security News

NCSC Publishes Vulnerability Disclosure Toolkit

This week the UK National Cyber Security Centre released their Vulnerability Disclosure Toolkit to provide organisations with the necessary guidance to setup their own disclosure program. Vulnerabilities are a constant part of our cyber life, with new flaws discovered by researchers every day. Having a process for researchers to responsibly disclose flaws they find, helps to improve the security of your business and its systems. This new toolkit provides the essential information you need to get started. Why not check it out.


Video Game Hackers Charged by US

Seven Men have been charged by the US Dept of Justice for targeted attacks against the video game industry. Five men from China and two from Malaysia have been accused of attacking video game companies in the US, France, Japan, Singapore and South Korea. The attackers focused on compromising company networks to obtain in game items and currencies, the attackers would then fraudulently sell these items on for real money. At least nine firms have been listed as victims but none of them have been publicly identified yet.


Dunkin Donuts Settles Data Breach Lawsuit

Dunkin’ Donuts settled a lawsuit this week, after it was accused of not informing its customers that  hackers siphoned their personal information from its systems in 2015. The bad guys gained access to customer accounts, downloaded their details, including loyalty card info, and then sold the information on underground forums. Hackers apparently used credential stuffing to compromise DD’s customer accounts. Folks affected by the leak will now at least be informed and have fraudulent charges reversed. If you are a DD customer, or belong to any other online loyalty program, the best way to protect your account is to always use strong unique passwords, never reuse existing passwords, and enable 2FA where available.


Cisco Umbrella Trial


New Phishing Threat uses O365 API to Validate Accounts

Researchers have uncovered a phishing attack using a new technique where attackers make use of authentication APIs to validate victims’ Office 365 credentials as they enter them into the phishing page. This adds a level of advancement above that of the normal, run of the mill phishing threat. Using this technique attackers can immediately confirm the credentials are valid and compromise the account. As with a large amount of phishing threats, this started with an email that contained an attachment and link, which redirects the victim to a fake Office 365 sign on page. Your main defence against this threat is enabling MFA for your 365 accounts and exercising caution when opening emails, clicking on links or opening attachments.


New USPS Smishing Campaign

A new SMS-based phishing (“smishing”) campaign is using the United States Postal Service (USPS) as a disguise to target mobile users. Using the lure of an important package, they sent two SMS messages that attempted to trick the recipient into clicking on a link containing a malicious domain. Smishing is just one of the ways that malicious actors seek to steal users’ credentials or infect their machines with malware. SMS Phishing is not specific to the US, so be aware of the threat and if you receive a message containing links, which you are not expecting or demands urgency, please delete and do not click.


SkyKick Banner

Vulnerabilities & Updates

Facebook Systems Accessed using Apache Vuln in MobileIron MDM

A security researcher gained access to internal Facebook systems by exploiting a vulnerability in a popular Mobile Device Management (MDM) product, MobileIron. While hunting for vulnerabilities, the researcher concluded that MobileIron was vulnerable to the Breaking Parser Logic attack (dating back to 2018), which leverages the inconsistency between the Apache and Tomcat to bypass the access control and authentication, and leads to remote code execution. In light of this developers should keep an eye on outdated dependencies that could leave an application open to exploit.


And that’s it for this week’s round-up, please don’t forget to tune in for new instalments every week.

We hope this makes for light reading during these times of uncertainty.

Stay Safe, Secure and Healthy!

Edition #109 – 18th September 2020

Why not follow us on social media:

Ironshare – Security Simplified