Cyber Round-up for 19th July
Welcome to the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
After the recent surge of phishing attempts using MS Forms, Microsoft is introducing a new automatic phishing detection feature aimed at suppressing the growing issue. The feature which is expected to be released this month, works by detecting any dodgy redirections to landing pages, password boxes and more. This allows Microsoft to detect a phishing attempt, regardless of how convincing the content seems. In the unlikely event that a phishing attempt is not detected, users can now manually report a form or survey that they believe to be malicious. The introduction of these security measures is Microsoft’s first step towards making all of Office 365 much safer.
A recent cyber-attack on the Bulgarian tax agency has compromised the personal data of nearly all adults in the country. Following the breach, one of the hackers sent an email to the media containing an offer of access to the stolen data; the email also mocked the Bulgarian government’s cyber-security standards. Authorities have arrested a 20-year-old man for suspected involvement but are still investigating the possibility of others being involved. The government has warned that anyone attempting to exploit the stolen data “would fall under the impact of Bulgarian law”.
A security researcher has discovered a severe vulnerability that could allow your Instagram account to be taken over by an attacker. The researcher discovered that Instagram requests a six-digit code when you get locked out of your account, which can be sent to either your phone number or your email. If a hacker could somehow gain access to a user’s email address, they would be able to recover the code. However, a much more effective method was discovered that could allow an attacker to gain access without email access. Instagram’s rate limiting mechanism can be bypassed by sending requests from different IP addresses. This would allow an attacker to brute force someone’s account. The researcher chose to disclose information of this flaw to Instagram privately, to avoid people publicly exploiting it.
A recent bug has been reported that could allow someone to eavesdrop on you using the Apple Watch’s Walkie-Talkie app. Apple has not provided details on how the bug works and have disabled the application until a fix is available. The bug was reported to Apple through the ‘report a vulnerability’ portal. Apple has apologised for any inconvenience, since this is the second snooping bug Apple has suffered this year, the last one being in FaceTime. There is currently no fix for this vulnerability, and no timeline has been released as to when it will be patched.
A new attack has been discovered that allows a bad actor to capture loudspeaker data by taking advantage of the Android Accelerometer. The accelerometer is a hardware-based motion sensor in most Android devices, that can be accessed from any application with no permissions. Since the loudspeaker is on the same surface as the motion sensors, an attacker can intercept its data whenever the victim starts a phone or video call using speaker mode, allowing them to eavesdrop on their calls. This exploit has been named Spearphone by researchers. The original post includes full details on the attack, and also details some mitigation techniques, however no official patch has been released yet.
Vulnerabilities & Updates
A remote attacker could potentially bypass authentication of an affected system by exploiting a new vulnerability that exists in the REST API interface of Cisco Vision Dynamic Signage Director. By sending a specially crafted HTTP request to an affected system, the attacker can execute actions with administrative privileges through the REST API. This is due to insufficient validation of HTTP requests. Unfortunately, the REST API is enabled by default and cannot be disabled, however Cisco have released a free patch for the vulnerable software that can be found in the original post. It is also important to note that this vulnerability only affects Cisco Vision Dynamic Signage Director.
A critical vulnerability has been disclosed in the popular CMS, Drupal v8.7.4 which allows an access bypass condition to be created when the experimental workspaces module is enabled. Disabling the Workspaces module prevents this flaw from being exploited, however Drupal advise updating to 8.7.5 if you are using the vulnerable version of this product. Please note that 8.7.4 is the only version affected by this vulnerability, and older versions are still safe. Further details on updating this product are included in the original post.
And that’s it for this week round-up, please don’t forget to tune in for our next instalment.
Why not follow us on social media using the links provided on the right.
Edition #50 – 19th July 2019
Ironshare – Security Simplified