Cyber Round-up

Cyber Round-up for 23rd April

Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.

In this week’s round-up:

Security News

UK Government Introduce New Cyber Security Laws

The UK government has announced the introduction of new cyber security laws, designed to protect smart devices from online threats. In the future, most smart devices will ban the use of easy to guess passwords, forcing users to have some form of complexity. In addition to this, Apple, Google and Samsung have revealed that they plan to alert users when their devices are reaching end-of-life; this gives everyone plenty of time to upgrade to a device that will receive regular security updates. These changes will be accompanied by new features that make it easier for users to report software flaws that may be being exploited.

More details on these changes can be found here.


MCB Shut Down IT Systems Following Security Incident

UK drinks distributor, Matthew Clark Bibendum (MCB), were recently affected by a serious security incident, which forced them to shut down their IT systems. MCB’s recent statement revealed that they are “in the process of informing its customers and suppliers of the incident”. It was confirmed that parent company, C&C Group, were unaffected and continue to operate, while MCB continue to respond to the situation and carry out the steps of their incident response plan. The reports suggest ransomware but this is yet to be confirmed.


Member of Notorious FIN7 Cybercrime Gang Sentenced to Jail

The Notorious FIN7 cybercrime gang are known for posing as sysadmins of a fake security company, in order to scam their victims. They have been seen operating in over 40 countries, with more than 20 million customer card records stolen. One of their key members was recently arrested and is now serving a 10-year jail sentence; during their time with the group, they reportedly caused more than one billion dollars’ worth of damage.



Spies Using Fake LinkedIn Profiles to Steal Data

The MI5’s Security Chief, Ken McCallum, has warned LinkedIn users to be aware of fake “malicious profiles” that are seeking connections in order to steal information. The hackers controlling the fake profiles have been seen manipulating individuals in key industries, as well as multiple government departments, which is why the MI5 have responded so quickly. Their new campaign revolves around “the four Rs”: recognise the profiles, realise the threat, report suspicious activity, and remove the profiles. We advise all LinkedIn users to avoid disclosing information to suspicious users, as the likelihood of an attack has dramatically increased since the start of the pandemic.


Vulnerabilities & Updates

The Plus Addons in Elementor Pro Still Being Exploited

Last week, we spoke about the vulnerabilities affecting Elementor plugins, which are installed on more than 30,000 WordPress sites worldwide. Although 60% of these sites are now running a patched version of the plugins, there are still many attacks being carried out that are targeting these vulnerabilities. We advise all site admins who have not yet applied the latest patches to update as soon as possible, as these sever flaws are still being actively exploited.

A list of indicators of compromise for these exploits can be found here.


US Defence Contractors Breached Using Pulse Secure VPN Zero-Day

A new zero-day vulnerability has been discovered in the Pulse Secure VPN, and it is being actively exploited by Chinese hackers. In their latest attack, the hacker group used the zero-day to breach an unnamed US defence contractor. These exploits reportedly started back in August 2020, and have since been addressed by Ivanti, the company responsible for Pulse Secure VPN. A security advisory has been released for the discovered vulnerabilities, which includes mitigation techniques to protect users until the final patch in May.

Ivanti’s security advisory can be found here.


SonicWall Enterprise Email Security Affected by 3 Zero-Days

SonicWall have announced that their email security product is currently affected by three zero-day exploits. The first of these exploits allows an attacker to create an admin account by sending a crafted HTTP request to the remote host. The second allows the attacker to upload arbitrary files to the host once they are authenticated, and the third is a directory traversal flaw. These flaws were addressed in the latest patch; we advise all SonicWall customers to apply the latest updates as soon as possible.


And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.

Stay Safe, Secure and Healthy!

Edition #138 – 23rd April 2021

Why not follow us on social media:

Ironshare – Security Simplified