Cyber Round-up for 19th February
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
The US Department of Justice and FBI has charged the North Korean hackers suspected to be part of the Lazarus Group. The group was responsible for a series of malicious attacks, including ATM cash-out attacks, spear phishing campaigns and ransomware creation. The director of the NCSC has expressed the UK’s full support of the charges issued against the cyber actors and will continue to work with the US to combat this kind of malicious activity.
Here is the DoJ’s official statement on the incident.
So far 2021 has seen a successful start to the year for law enforcement against cyber criminals. A few weeks ago Europol coordinated an effort to takedown the Emotet botnet and this week we see that trend continue, with French & Ukrainian police working together to arrest the operators of the Egregor Ransomware-as-a-Service. Egregor has followed a recent ransomware model that first steals the companies data, to try and force the victim to pay. If they refuse to pay they leak the stolen data on the internet as punishment. This is good news for defenders, as Egregor stood as one of 2020’s most active ransomware operations.
An unnamed company in Westport, Connecticut has reported a serious incident in which a former employee accessed their computer systems the day before ransomware was planted on the company’s network. The ex-employee is being investigated but has not yet been proven guilty. This serves as a warning for all companies to remove the user accounts of former employees and ensure that all access to systems is removed when they leave; leaving the user accounts of former employees activated poses unnecessary risk to your organisation.
A NurseryCam is a device that allows parents to remotely watch their children while they are at nursery, however, there have recently been some security issues that may worry parents. The flaw that was found allows unauthorised users to access the camera feed; this includes past parents as well as anyone on the internet. Reports suggest that NurseryCam were aware of this issue back in 2015, and the bug is still present now. We agree with the researchers position, and any Nurseries using these systems are advised to unplug the device as soon as possible and contact the vendor to seek a resolution.
More details and guidance can be found here.
A new variant of the Masslogger trojan has emerged and it is targeting Windows users. This malware is a form of spyware designed to steal victim’s credentials, specifically for Microsoft Outlook, Google Chrome, and multiple instant-messenger applications. As this attack typically begins with a spear-phishing attempt, we advise all users to be cautious when receiving emails, even if it appears to come from someone you know.
A list of affected applications and more details can be found here.
Vulnerabilities & Updates
Four severe vulnerabilities have been discovered in the Ninja Forms WordPress plugin, which is currently used in more than one million sites. The first of these flaws allows an attacker to redirect administrators to arbitrary locations, while others allow mail traffic interception, central management access and the disconnection of a site’s OAuth Connection. These vulnerabilities are extremely dangerous and were all addressed in patch 18.104.22.168; we advise all users to upgrade to this version as soon as possible to ensure their site is protected.
An Android app known as SHAREit was found to contain multiple vulnerabilities allowing attackers to execute malicious code, launch man-in-the-middle attacks and spy on activity. Despite being found and disclosed 3 months ago, these flaws remain unpatched; this is a serious issue, especially considering the application has more than 1 billion downloads. There is currently no patch for these flaws, and so all users who have downloaded this app are at risk.
And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #129 – 19th February 2021
Why not follow us on social media:
Ironshare – Security Simplified