Cyber Round-up for 20th December
Welcome to the Christmas 2019 edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
Many small to medium businesses do not understand the importance of security and believe they are not at risk when it comes to cyber-attacks. Some of the main reasons they believe this is that they think they have nothing worth stealing and are too small to be of interest to attackers. At Ironshare we want to do our part to reduce the number of cyber-attacks on small to medium businesses which starts with our Cyber Assessments; our post here highlights some of the key findings, during the assessments we carried out throughout 2019.
The UK’s Ministry of Defence have recently announced the creation of a new strategic service called the Defence Digital Service (DDS). The DDS has been created to rapid delivery of Defence based user-centred products and services. The DDS aim to bring tactical and strategic advantage by responding rapidly to user needs, both in the office and in the battlespace. This is a small team with big goals, so will be good to watch their progress, in this critical area.
By UK Ministry of Defence – defencedigital.blog.gov.uk
This time of the year is a treat for cyber criminals, as shoppers are rushing to bag last minute bargains, and employees are already mentally clocking out for the holidays. Check out the SW RCCU’s cyber briefing for great advice on staying safe online during the holidays.
By South West Regional Cyber Crime Unit
The City of New Orleans has suffered a cybersecurity attack serious enough for Mayor LaToya Cantrell to declare a state of emergency. During a press conference, Mayor Cantrell confirmed that this was a ransomware attack. Unfortunately, this is just another ransomware based cyber attack that is plaguing the US government in the last months. Last month we saw Louisiana targeted and back in August we saw 23 Texas based agencies taken down due to the same threat.
By Forbes – Davey Winder
This year saw a number of big-name malware families come onto the scene, including Sea Turtle, one of the most high-profile DNS hijacking attempts in recent memory. BlueKeep also stirred up controversy when the RDP vulnerability was first discovered, but researchers are still holding their breath, waiting for the first major exploits to happen. This latest blog from Talos gives a month by month view on the major malware and news that came out of Talos in 2019.
By Cisco Talos – talosintelligence.com
Approximately 38,000 German students have had to queue in person to regain access to their accounts after the Justus Liebig University was hit by a cyber-attack. The attack that occurred on the 8th December took the University offline and for legal reasons each student then had to collect their account password personally. Details of the attack are limited at this time, but staff are being given USB sticks to scan devices for virus infections.
Vulnerabilities & Updates
Google is changing the way that it grants third-party apps access to G Suite accounts as it tries to improve security. It is weeding out what it calls ‘less secure apps’ (LSAs) by denying them access to its services. In summary Google want to move people away from using simple username and passwords for allowing apps access to G Suite, to using OAuth. This will allow more granular access to be defined for the requesting application, making it more secure and more convenient for the users.
By Naked Security
A firmware vulnerability in TP-Link Archer C5 v4 routers which are used in enterprise and home networks, have been found to allow unauthorized remote access to the device with administrative privileges. If using one of these vulnerable devices, it can become an entry point for an attacker to gain access to the network, before moving laterally to compromise other devices. Firmware updates have been made available by TP-Link, so we recommend getting these devices patched ASAP.
And that’s it for this week’s round-up, we hope you all have a fantastic Christmas / Holiday season and get all the family downtime you deserve. Please don’t forget to tune in for our next instalment coming your way in the New Year.
Merry Christmas and a Happy New Year!
Why not follow us on social media using the links provided on the right.
Edition #72 – 20th December 2019
Ironshare – Security Simplified