Cyber Round-up for 24th May
Welcome to the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
Security News
Data on millions of Instagram accounts spills onto the internet
Researcher Anureg Sen, has discovered an unprotected database containing the details for millions of Instagram users. The data was found in a publicly accessibly Amazon Web Services S3 storage bucket, managed by marketing company Chtrbox, which could be accessed without needing a username or password. Users profiles and contact information was included in the leak.
By Tripwire.
Legal Threats Make Powerful Phishing Lures
We have seen a huge increase in phishing scams over the past couple of years and they are not looking like slowing down. Brian Krebs has reported on a recent scam campaign that hit more that 100,000 business emails with legal threats. A fake document is delivered to the victim and includes trojan malware that can deliver additional malicious content such as ransomware. As per our usual guidance never open email attachments or click on links if they are untrusted or you are not expecting them.
By KrebsonSecurity
GozNym Cybercrime gang bought down by US and EU law enforcement
The infamous GozNym gang, who were responsible for stealing approximately 100Million Euros from its victims, have been taken down in a joint effort by US and EU law enforcement agencies. The group of cyber specialists used advanced banking malware, sourced from a mix of the Gozi banking trojan and the Nymaim ransomware variant to capture banking credentials and steal funds, before laundering the money through its financial network.
By SCMagazine UK.
Threats
BlackWater campaign associated with MuddyWater Threat Actor
Cisco Talos have identified a recent campaign they have dubbed “BlackWater”, which is suspected of being associated with the known threat actor MuddyWater. New samples discovered use the same method of delivery as previous variants of MuddyWater malware, in the form of macro infected Office documents. They deliver a PowerShell backdoor and bundle new techniques that evade detection. Head over to the Talos blog for another excellent technical write up.
By Cisco Talos Intelligence.
Magecart’s Payment Card Data-Skimming Code Found on Forbes Magazine’s Website
The Magecart threat just keeps rolling on, this time hitting the subscription page on the Forbes Magazine website. Magecart uses malicious javascript to collect credit card and personal information from online checkout pages. But this attack on the Forbes sites show that the Magecart group are not just focused on ecommerce sites.
By Trend Micro
Vulnerabilities & Updates
Mozilla Tackles Two Critical Flaws with Firefox 67 Release
Mozilla have this week released their latest version of the Firefox browser, which aims to provide better speed and greater privacy. Version 67 includes updates for two critical memory corruption vulns, that allow code execution and could result in a bad actor taking control of the target system. If you are running Firefox its time for an update.
By Threatpost.
Talos releases coverage for ‘wormable’ Microsoft vulnerability
On the back of the critical RDP vulnerability, disclosed by Microsoft in last week’s patch Tuesday, Cisco Talos have released Snort IDS / IPS rule coverage for CVE-2019-0708. Users of Snort can now get access to the update for rules set 2019-05-20 which includes rule 50137 for this vuln.
By Cisco Talos Intelligence.
And that’s it for this week round-up, please don’t forget to tune in for our next instalment.
Why not follow us on social media using the links provided on the right.
Edition #42 – 24th May 2019
Ironshare – Security Simplified
