Cyber Round-up for 1st May
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
Sheffield City Councils ANPR (Automatic Number-Plate Recognition) system has been left password-less on the internet, leaking the road journeys of 8.6 million people. The management dashboard was accessible to anyone who found it, and allowed viewers to see find the number plates, times and journeys of certain vehicles with ease. South Yorkshire police are currently investigating the incident and have assured the public that a leak of this kind will not happen again.
The hacker group behind the Shade ransomware attack have stopped all operations and are no longer spreading their attacks; as well as this they issued a public statement announcing that they have released more than 750,000 decryption keys to help victims get their data back. Security researchers have confirmed that these keys work as promised and are not another scam. The group publicly apologised and also published their easy-to-use decryption tools to help more people. This is a shock to everyone, and we just hope that more groups step forward and do the same, especially those affecting the work of healthcare services.
WordPress users are being urged to update the Real-Time Find and Replace plugin as soon as possible because of a cross-site request forgery bug. This flaw could allow an attacker to create rogue admin accounts and inject malicious code onto the victim’s site. This issue was patched within hours of disclosure, but reports suggest that more than 70K sites are still vulnerable; all WordPress site owners are advised to apply the recent patch as soon as they can to prevent the risk of an attack.
A number of people have reportedly received an email regarding an ‘urgent Zoom meeting with your company’s HR team’. Upon clicking the link, the user is redirected to a login page, which asks for a email account credentials; there is no reason for Zoom to ask for this, so is an obvious attempt to gain unauthorised access to business systems. The number of Zoom oriented attacks has massively increased since so many people are in quarantine, and we advise all users to not click on any links unless you are 100% sure they are legitimate.
Vulnerabilities & Updates
Sophos and their customers recently suffered a coordinated attack which revealed the presence of an SQL injection flaw on some firewall products; this vulnerability allows an attacker to execute code remotely. The previously unknown vulnerability has since been patched by Sophos. This custom malware was created to target firewalls and steal sensitive information from them, through orchestrated chains of Linux scripts that allowed the attacker to download executable malware. The Sophos research team has investigated this attack for an extensive period to find out the nature of the attack and worked hard to remediate the discovered vulnerabilities.
Adobe were forced to release a batch of emergency updates for three of their most used products; Magento, Illustrator and Bridge. The patch includes fixes for a total of 35 flaws affecting these products, all of which are vulnerable to critical code execution flaws. There are 5 known critical exploits for Illustrator, 14 for Bridge and 6 for Magento platforms; the rest are marked as important and moderate, including a few information disclosure issues. We advise applying this emergency patch as soon as possible if you use any of the products mentioned above.
And that’s it for this week’s round-up, please don’t forget to tune in for new instalments every week.
We hope this makes for light reading during these times of uncertainty.
Stay Safe, Secure and Healthy!
Edition #89 – 1st May 2020
Why not follow us on social media:
Ironshare – Security Simplified