Cyber Round-up

Cyber Round-up for 22nd October

Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.

In this week’s round-up:

Security News

NCSC Update Their Device Security Guidance

The National Cyber Security Centre (NCSC) have recently revised their Device Security Guidance after the release of Microsoft’s new Windows 11 operating system. This guidance includes good practice configurations, settings, and general recommendations for Microsoft Windows devices up to the latest version. Organisations should review this updated information and look to apply a secure configuration that meets the balanced requirements of the business.


Free Decryptor for Victims of BlackByte Ransomware

The cybersecurity experts at Trustwave recently released a free decryption tool on GitHub, that allows any victims of the BlackByte ransomware to recover their data. The firm reportedly discovered a “design flaw in the ransomware’s encryption routine”. The group responsible for the attacks responded to this and said:

“We would not recommend you to use that. because we do not use only 1 key. if you will use the wrong decryption for your system you may break everything, and you wont be able to restore your system again.we just want to warn you, if you do decide to use that, its at your own risk.”

This is entirely true, and the decryption tool could potentially corrupt your files; however, victims can find the decryption tool here should they choose to use it.


Cybercriminals Targeting Linux and Solaris Systems

An unknown group of cybercriminals has been seen targeting companies in the telecommunications sector for some time now, and recently they have been heavily focused on Linux and Solaris systems, which they believe “aren’t being watched by infosec teams”. The mysterious group has been named LightBasin by security researchers but has also been referred to as UNC1945. LightBasin have reportedly attacked 13 telecoms companies so far, and CrowdStrike have made recommendations on how to protect against their attacks.

More details can be found here.


Scam Calls Affect 45 Million in Just 3 Months

Over the summer scammers have targeted almost 45 million people in the UK according to Ofcom with half reporting at least one call a week. Text scams are most common among 16 to 34-year-olds with two thirds receiving at least one this summer. Call scams occur among the elderly with 61% of over 75’s receiving a scam phone call. If you believe you have received a scam text message you can report it by forward it to 7726. With scams on the rise over lockdown make sure to question unknown or suspicious phone calls and text messages.


Russian Cyber Gangs Prey on Finance Firms

A new phishing campaign labelled as MirrorBlast is distributing threatening excel documents through email. These documents use macros to run malicious scripts on the target’s computer, bypassing any firewalls and antivirus in place. The most dangerous part about these campaigns is that malicious code has gone under considerable obfuscation to hide from antivirus software and bespoke emails to make the excel attachment seem legitimate. To protect yourself from these attacks always check the send email for small changes such as “” and never click “enable macro” when opening a excel document unless you can be sure that it’s a trustworthy excel document.


Quickfox VPN Leaks 1 million Users Data

The VPN service Quickfox allows users to connect to Chinese websites usually inaccessible from outside the county. Quickfox had set up access restriction to Kibana but not to their Elasticsearch server allowing skilled criminals to extract sensitive information on Quickfox & its users. This put more than 1 million users personally identifiable information at risk of being leaked.


Phishing Campaign targets YouTube creators

Details given out by Googles threat analytic group has revealed that it has been combating a phishing campaign since 2019. The financially motivated campaign is targeting YouTube creators account access in order to take control of them. This is done by advertising a collaboration opportunity and directs them to a software download disguising cookie and password stealing malware. Some hijacked accounts have been recorded on account training markets for prices from $3 to $4000.


And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.

Stay Safe, Secure and Healthy!

Edition #163 – 22nd October 2021

Why not follow us on social media:

Ironshare – Security Simplified