Cyber Round-up

Cyber Round-up for 1st March

Welcome to the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.

In this week’s round-up:

  • How Password Guidelines Have Changed
  • Mayflex Targeted in Financial Fraud Attack
  • Coinhive to Close its Doors in March ‘19
  • Critical Flaw in Cisco Small Office Router– Update Now!
  • Magecart Groups are Raising Their Game

How Password Guidelines Have Changed

Over the past few years, we have seen a shift in how we should be approaching Password Security, and with the death of the password still years away, we must focus on educating users with good practice guidance, while delivering technical controls that simplify the whole process for our users.

The Challenge

Overall the industry felt that with the average business user now having close to 200 passwords, there was a real need to look at simplifying both the guidance provided, and how we enforce the use of passwords.

Barely a few days go by where we are not hearing about the latest high-profile data breach, and unfortunately a large portion of these events are caused by bad password security.

In the past we have tried to tackle this problem purely from a technical standpoint, and by implementing increasingly complex restrictions, us techies have made life more difficult for our users and ourselves.

Combining these password complexities, with an ever-increasing number of online services that need an account, has led to users trying to simplify things themselves. Users have resorted to using bad practice such as writing passwords down, using weaker more memorable passwords, and reusing the same passwords for multiple accounts.

The guidance provided here is not meant to be the silver bullet that solves all your password problems, but through continued education and practice, we can make significant improvements and reduce the risk to our business and personal accounts.


Mayflex Targeted in Financial Fraud Attack

Mayflex, a West Midlands based leading supplier of converged IP solutions including infrastructure, networking and electronic security, have been notifying their customers this week, after receiving reports that several customers had been contacted with a request to change the bank details used for making payments to Mayflex.

An initial email titled ‘Bank Email Security’ was sent out by Mayflex on the 26th February, warning of fraudulent phone calls that had been received by a number of customers, asking them to change the Mayflex Bank account details they had on record.

In their notification email, Mayflex stated:

“We have recently been notified of some fraudulent activity and we would like to take this opportunity to encourage you to be vigilant about the communications you receive from Mayflex.”

Mayflex have advised to ignore any such calls and if in doubt, customers should refer to the bank account details contained in their invoice.


Coinhive to Close its Doors in March ‘19

The notorious Monero crypto-miner Coinhive is shutting down all its operational services on the 8th March 2019.

Coinhive is a browser-based cryptocurrency miner which has achieved infamy due to being regularly abused by malicious actors. The miners code can be easily installed on web sites, where it can use all or a portion of a devices compute resources to mine for crypto coin, for as long as a user is browsing the site.

Cybercriminals have taken advantage of Coinhive’s ease of use, by hacking websites and installing the small piece of java script, that when left in place continues to mine Monero coin and adds it to the criminal’s accounts. This malicious practice became known as ‘cryptojacking’ or ‘drive-by mining’.

Coinhive have blamed the shutdown on a huge depreciation in market value which has hit them hard and resulted in a reduction in both mining traffic and profits.

Read more on ZDNet ….

Critical Flaw in Cisco Small Office Router– Update Now!

Cisco have released a security advisory for the Small Office Home Office RV router range, after a critical vulnerability was discovered in the routers Web Management interface.

This vuln has received a CVSS rating of 9.8 (10 being the highest level of criticality) and is due to improper input validation, when a user enters data on the web management interface.

An attacker that succeeds in exploiting this flaw, can gain higher level privileges (e.g. admin / root) that allows them to execute code on the underlying operating system of the device.

The following devices in the range are impacted by this flaw:

  • RV110W Wireless-N VPN Firewall
  • RV130W Wireless-N Multifunction VPN Router
  • RV215W Wireless-N VPN Router

Cisco have provided updates to address this vuln, which are available via the Software Center on, and as there are no known workarounds it is advised to update your devices as soon as you can.

Vulnerabilities such as these give us further evidence and support why web management interfaces for your network devices should not be reachable from the internet.

Always ensure that you only manage your devices from a trusted machine on the internal network, and of course keep your devices updated with the latest software from the vendor.

For further information on this vuln please see the link below.

Read more on ….

Magecart Groups Are Raising Their Game

Cybercrime groups continue to fill their pockets and steal personal information of unsuspecting users, through the use of Magecart, a malicious piece of code used to skim personal info and credit card details from infected websites.

Magecart has been in use for a while now, but really gained notoriety in mid-2018, with numerous large high-profile breaches such as Ticketmaster, British Airways and NewEgg.

What makes Magecart special is that the hackers do not need to compromise the site or infrastructure. By simply adding small lines of skimming code into existing javascript, or scripts that are called from a third-party site, user data can be captured and sent to the attackers for criminal gain.

RiskIQ, a cyber-security company that follows and classifies Magecart groups, has issued a report that shows the activity of a certain group they call ‘Group 4’ and how they have had to advance and evolve their operation to a professional level, in order to stay under the radar.

Group 4 are now using a consolidated infrastructure of domains and IP address, condensed code, stealth techniques to hide code in known safe libraries and constant updates that includes testing to ensure code is operating as required.

Read more on Bleeping Computer ….

And that’s it for this week, please don’t forget to tune in for our next instalment.

Why not follow us on social media using the links provided on the right.

Ironshare – Security Simplified

Edition #31 – 1st March 2019