Cyber Round-up

Cyber Round-up for 24th June

Welcome to Ironshare’s Cyber Round-up, where we look back at the events of that last week and year to cover some of the news, posts, views, and highlights from the world of Security. 

In this week’s round-up:

Security News

Strava Fitness-Tracker Used to Spy on Israeli Military

The Strava fitness-tracking app has recently been used to spy on members of the Israeli military. This was discovered by an Israeli open-source intelligence operation, who believes the app was used to track movements between secret bases and observe overseas activity. This has the potential to be very dangerous, since undercover members may be discovered or identified.


RIG Exploit Kit Used to Deliver New Malware

In the past, the well-known RIG Exploit Kit has been primarily used to deliver the Raccoon Stealer, however recent activity has shown that the operators have chosen a new malware for their latest campaign. Since January 2022, RIG operators have been using the exploit kit to deliver the Dridex financial trojan; another campaign that began in April has also been spotted using the RedLine Stealer. Many different variants have been spotted in the first half of 2022 and we expect to see more in the near future. This latest switch has been triggered by the death of a key team member in the Russia-Ukraine war.


1.5 Million Customers Affected by Flagstar Bank Breach

Flagstar Bank recently disclosed news of a data breach that occurred back in December 2021. The announcement claims that the personal data of 1.5 million customers has been compromised, including full names and social security numbers. Affected users are being offered two years of identity monitoring and protection services for free. Not much more is known about the incident, but it appears that Flagstar’s response has been positive; despite this, there is still cause for concern since this is their second major security incident in the last year and they could of informed impacted customers earlier.


UK Deliveries Impacted by Yodel Cyber Incident

Yodel have announced they are experiencing service disruption due to a recent cyber incident. Their latest statement claims they are “working to restore our operations as quickly as possible”, but also stated that order tracking is currently unavailable, and deliveries may be delayed. While no payment information has been leaked, there is the possibility that other personal data may have been stolen; this is being investigated now.


ToddyCat APT Hits Microsoft Exchange Servers

ToddyCat, a new advanced persistent threat, has been identified as the culprit of a series of attacks hitting Microsoft Exchange Servers. The attacks are primarily targeting government and military installations in Asia and Europe and appear to “leverage two passive backdoors within the Exchange Server environment with malware called Samurai and Ninja”. This reportedly allows the attacker to completely take over the target hardware.

More details on the nature of these attacks can be found here.


Vulnerabilities & Updates

Vulnerabilities Found in Siemens Industrial Control System

New research conducting by Claroty has revealed fifteen vulnerabilities in Siemens SINEC network management system. If exploited correctly, these flaws could allow a remote attacker to execute code on the affected system. These vulnerabilities are especially dangerous since they affect devices primarily used in industrial automation; this means there is also a potential risk to human life. All versions prior to V1.0 SP2 Update 1 are affected; we recommend all Siemens users update their systems as soon as possible.


Cisco Warns of Flaws in Security Appliances

Cisco recently revealed four new vulnerabilities in their security products, one of which is high severity and exists in email and web security appliances. While there is no trace of this flaw being exploited in the wild, it could allow an attacker to steal sensitive information like user credentials from a LDAP external authentication server. This is accompanied by three medium severity vulnerabilities; some fixes have been released for earlier versions of affected products, however some will not be available until August and December.

More details on fix releases for the affected appliances can be found here.


And that’s it for this week’s round-up, please do check in next week for our new batch of security news and posts.

Stay Safe, Secure and Healthy!

Edition #194 – 24th June 2022       

Why not follow us on social media:

Ironshare – Security Simplified