Cyber Round-up for 20th August
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
T-Mobile announced this week that they had suffered a data breach, exposing the personal details of more than 40 million current and former customers. The leaked data included social security numbers, dates of birth, driver’s licenses, and ID information; it was also confirmed that around 850,000 phone numbers and account PINs were exposed. As a precaution, T-Mobile are recommending that all customers change their account PINs online.
A recent survey from My1Login found that almost two thirds of their employees have been reusing passwords for both personal and work accounts, despite receiving security awareness training. Reports suggest that this issue is inflated specifically in the healthcare and education sectors, where password reuse rates were as high as 94 and 91%. We encourage all people to use unique passwords for their accounts and if you have difficulty remembering them, password managers such as LastPass or Dashlane are worth looking into.
Last week, we spoke about the crypto-thief that stole $600m worth of cryptocurrency from Poly Network. Since then, the hacker has grown a conscience and come forward to start refunding the stolen currency out of the blue. Poly Network recognised this as “white hat behaviour” and has offered the individual $500k as a bug bounty. It appears though the hacker “won’t accept the bounty, and may instead send back the rest of the digital dosh”.
A security researcher recently discovered a flaw affecting Valve, which would allow users to add unlimited funds to their Steam wallets. This bug was very easy to exploit, with users only having to change their account’s email address to work it. This was patched very quickly with the assistance of the researcher.
More details on this exploit can be found here.
Vulnerabilities & Updates
A newly discovered botnet named HolesWarm appears to have been growing since June, targeting Windows and Linux servers. More than 20 known vulnerabilities are being exploited to infect the target machines and deploy cryptomining software. This has primarily been seen operating in China but reports from Tencent suggest that the botnet will soon “expand its reach, and target systems across the globe.”.
A new critical vulnerability has been found in FortiWeb’s management interface, that may allow a remote authenticated attacker to execute arbitrary code. This command injection flaw was given a CVSS score of 8.7 and is reportedly related to CVE-2021-22123. A fix is expected to be released by the end of august; until then, you can find remediation techniques here.
And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #155 – 20th August 2021
Why not follow us on social media:
Ironshare – Security Simplified