Cyber Round-up for 20th November

Cyber Round-up

Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.

In this week’s round-up:

Security News

Capcom Suffer Ransomware Attack

Last week, we briefly mentioned that Capcom had suffered a ransomware attack at the hands of the Ragnar Locker team, however we did not go into detail. More information has since been released by the video game developers, giving us a better understanding of the incident. Capcom developers originally stated that there was “no indication that any customer information was breached”; however it has since been confirmed that the attackers gained access to the sensitive data of 350,000 people, including names, addresses, HR information, sales reports and financial information. Capcom have not confirmed whether they will pay the ransom, however their actions indicate that they have no plans to negotiate with the attackers.


How Active Has Emotet Been in 2020?

Emotet is one of the biggest malware families being distributed today; despite their extended breaks, they always come back to cause trouble. At the start of 2020, Emotet was being heavily distributed and was active until February, at which point they paused their operations once again. This didn’t last long however, and things picked back up in June when incredible amounts of spam emails were seen in circulation. It was not a coincidence that operations resumed during the peak of the pandemic, as their newly crafted spam campaigns revolved around current events. The Emotet group were not the first to incorporate the COVID scare into their work, and they will not be the last. This detailed post by the team at Talos covers their activities with Emotet throughout this year.


What Are the Most Common Passwords Used in 2020?

NordPass have compiled a list of the most common passwords used in 2020. This list has been created based on the number of times that password has been exposed in a breach. It also includes the time it would take to crack. ‘123456’ tops the list, with 2.5 million users; this is followed by ‘123456789’, ‘picture1’ and ‘password’.

84% of breaches leverage weak passwords, which is why it is vital that you use strong passwords and do not reuse them. We advise taking a look at this list; and if you see your password somewhere, change it immediately. The article also includes some guidance on how to create stronger passwords, although the best option is to generate strong random passwords using a password manager.


SkyKick Banner


Hackers Seen Scanning for Vulnerabilities in WordPress Sites

The Epsilon framework, which serves as a theme builder platform within WordPress, has recently had multiple critical flaws patched, which allowed remote code-execution. Despite being patched, multiple versions of themes are still vulnerable. The Wordfence Threat Intelligence team have observed more than 7.5 million probes targeting these vulnerabilities, across 1.5 million websites. This data is from the last 4 days alone. We urge all website owners to update all themes to the latest versions to avoid becoming a victim of these attacks.


AMP Graphic 2809

Vulnerabilities & Updates

Cisco Patches Critical Flaw in Security Manager

Cisco have released an emergency patch for a critical path-traversal flaw, shortly after Proof-of-Concept exploit code was released. This vulnerability exists in the Cisco Security Manager, a security management application for enterprise admins, and allows an unauthenticated remote attacker to access sensitive data on the target system. It was confirmed that this flaw affects versions 4.21 and earlier of Cisco Security Manager; the issue is not present in release 4.22, so we recommend updating as soon as possible.

CVE details for this flaw can be found here.


Nibiru Ransomware Decryption Tool by Cisco Talos

The Cisco Talos team have been investigating the Nibiru ransomware variant, which is not as advanced as others we typically see. Talos label Nibiru as a “poorly executed ransomware variant”, with weak encryption, which they were able to leverage to create a decryptor program. They also state that the ransomware encrypts files with Rijndael-256, and target common file extensions such as .doc, .docx, .xlsx, and .ppt. A full list of targeted extensions, as well as other details can be found here.

You can also download the decryptor program here.


And that is it for this week’s round-up, please don’t forget to tune in for new instalments every week.

Stay Safe, Secure and Healthy!

Edition #118 – 20th November 2020

Why not follow us on social media:

Ironshare – Security Simplified