Cyber Round-up

Cyber Round-up for 24th September

Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.

In this week’s round-up:

Security News

Alaskan Health Service Suffers Cyberattack

The Alaska Department of Health and Social Service has suffered an attack at the hands of a nation-state group of cybercriminals. The attackers were able to access IT systems and compromised the personal information of a large number of individuals; this data included names, dates of birth, social security numbers, addresses, and health and finance information. The DHSS are now working hard to investigate the incident and will soon be notifying everyone who was affected by the breach. Systems are yet to be restored and we will provide more details when we learn more.


European Police Catch Mafia Fraud Ring

The European police announced recently that they had taken down a group of criminals responsible for £10M worth of online fraud, drug trafficking and property crimes. The group in question supposedly had ties with the Italian mafia, with 106 members being arrested in the police operation. This band of criminals were far more organised than typical cybercriminals and was run by experienced experts who specialised in cyber fraud and money laundering; this is just one of the steps taken towards making the internet safer for individuals and businesses, and it is exciting to see how law enforcement continues to crack down on cybercrime.


Autodiscover Bug is Leaking Windows Passwords

A flaw in the Microsoft Exchange feature, Autodiscover, is leaking the email addresses and passwords of Windows users. Autodiscover allows an organisation to set up apps, such as email or calendar, through a configuration file that requires an email address and password. This was designed for ease of use but is currently causing a major security issue. This leak is not easily visible to those who do not know where to look, but more than 372,000 unique credentials have been discovered so far.

More details on this can be found here.


Facebook Ray-Ban Story Smart Glasses

After the backlash received from the Google Glass eyewear, you would not expect Facebook to announce the release of their ‘Ray-Ban Stories’. These branded Facebook smart glasses are following in the footsteps of the failed Google Glass, which was found to be uploading footage to Google servers without permission. Even with the little information we have, it is clear that the Ray-Ban Stories will already face trouble with privacy regulators; Facebook’s latest project is current under investigation to determine whether “Facebook’s smart spectacles are doing enough to warn people that they are being recorded by the wearer.”.



Go Malware Targets WordPress & Linux

A new malware strain has been discovered that appears to be written in Go. It has reportedly been seen targeting WordPress and Linux systems, exploiting known vulnerabilities, such as the WordPress plugin Download-monitor, to break in. The strain has been named Capoae and is capable of executing arbitrary code once installed.

More details on this can be found here, as well as guidance on how to spot/prevent it.


Vulnerabilities & Updates

macOS Zero-Day Could Lead to Remote Code Execution

Researchers have discovered a zero-day flaw in Apple’s macOS Finder, that could allow an attacker to remotely execute arbitrary commands on the victim’s system. This works because of an issue with .inetloc file extensions; files with this extension are able to execute commands, as seen in the researcher’s proof-of-concept. Apple appeared to address this vulnerability in their latest patch, but it seems the fix was unsuccessful. Attackers are able to bypass the fix, which Apple have been notified of. We will provide updates when a new patch is released.


IT Infrastructure at Risk from Nagios Software Bugs

The Nagios network management systems are currently plagued by 11 security vulnerabilities that allow attackers to gain the highest system privileges and execute remote code without authenticating. This opens the door for phishing attacks and credential theft, which demands an immediate fix. Nagios is akin to the Solarwinds and Kaseya network management products, and we all know the impact that can be caused by exploiting these types of products.

More details on the severity of these flaws, as well as the CVEs, can be found here.


And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.

Stay Safe, Secure and Healthy!

Edition #159 – 24th September 2021

Why not follow us on social media:

Ironshare – Security Simplified