Cyber Round-up for 23rd July
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
A data leak containing more than 50,000 phone numbers was recently found, that revealed an “extensive misuse” of Israeli company NSO Group’s Pegasus spyware. The military grade spyware was being abused to survey journalists and lawyers all across the globe. Pegasus is now being investigated, and the Amnesty International Secretary-General has called it a “weapon of choice for repressive governments seeking to silence journalist”. This completely contradicts NSO’s statement that illegal use of the spyware is limited to rogue groups. The French President, Emmanuel Macron, was also identified as one of the targets of the Pegasus misuse.
More details on this can be found here.
Saudi Arabian Oil Giant, Saudi Aramco, were recently hit by a ransom / extortion attack, in which their data was leaked, and the culprits demanded $50 Million to have the data deleted. The data being held by the attackers (who are yet to be identified) were reportedly stolen from a third-party contractor that had access to a “limited amount of company data”. It was confirmed by Aramco that the breach did not affect their systems and had no impact on operations. They stated that “the company continues to maintain a robust cybersecurity posture”.
Instagram are in the process of rolling out a brand new security feature, designed to help users secure their compromised accounts. Usually, if a hacker finds their way into your account, you may not know how to get rid of them; that’s where the Security Checkup tool comes in. Security Checkup will deliver a prompt to your device whenever a suspicious login attempt is detected; this then leads to a step-by-step guide on securing your account. This is a big step forward for the app, and we are excited to see what else Instagram have planned to further improve account security.
On Friday, Microsoft received a court order, allowing them to seize control of 17 domains used in a West African Business Email Compromise (BEC) Campaign. This campaign was targeting Office 365 customers, which put them on Microsoft’s radar resulting in this successful takeover. This was Microsoft’s 24th legal action against cybercriminal activity, adding to their long list of contributions to the cybersecurity world.
Northern rail’s self-service ticket machines have been out of service for a week now, following a crippling ransomware attack that forced systems to be taken offline. Security Experts have begun investigating this incident and have confirmed that no data had been compromised due to their “swift action”. Customers have been advised to purchase tickets via the website or app, while the company works to restore operations.
Vulnerabilities & Updates
A newly discovered vulnerability in Windows 10, that appears to have existed for years, allows anyone to access and read the registry, including non-admins. This flaw could then lead to privilege escalation and unauthorised access to sensitive credentials. A security researcher has created an exploit in order to test this vulnerability; CERT have issued a notice on the exploit which can be found here, along with more information on the nature of this vulnerability.
Unit 42 have found that malware can evade sandbox attention by abusing a specific single bit in the Intel CPU register. By setting this single bit, the Trap Flag, Malware is able to monitor the CPU’s response to determine whether it is on a physical or virtual machine. More details on this sandbox evasion, as well as other common techniques, can be found here.
And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #151 – 23rd July 2021
Why not follow us on social media:
Ironshare – Security Simplified