Cyber Round-up for 26th February
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
Following on from last week’s NurseryCam post, more information has come to light. Parents have now been informed of a confirmed breach of security and the company have shut down their server as a “precautionary measure”. Their services, which were being used by more than 40 nurseries across the UK, have been suspended until a fix is found. NurseryCam confirmed that usernames, passwords, names, and email addresses may have been leaked in the breach.
Bombardier, a Canadian airplane manufacturer, has announced they fell victim to a recent security breach. The attack, which is likely related to the recent Accellion FTA flaw, was carried out by the Clop ransomware gang, who published the firm’s sensitive data on a dark web portal; this was made possible by a 0-day vulnerability existing in a third-party file-transfer application running on isolated servers in the Bombardier network.
More details on this breach can be found here.
More details on this malware, including technical analysis and a list of indicators of compromise, can be found here.
Many Microsoft email users have reportedly received phishing emails from individuals pretending to be couriers for FedEx and DHL Express. The aim of these phishing attacks was to steal email account credentials by hosting their scam page on a legitimate domain to bypass email security measures. This is a common technique used in phishing attacks recently, with many hosting their phishing pages on services such as Google Sites and Box.
New social media site Clubhouse, which is known for its audio chatrooms, has suffered a data leak in which an unauthorised user was able to stream audio feeds they should not have had access to. This violated the app’s terms and conditions, and so the individual responsible was permanently banned; Clubhouse state that additional security measures were implemented to ensure this does not happen again.
Vulnerabilities & Updates
Recently, firewall vendor SonicWall discovered and patched a zero-day vulnerability in their SMA-100 remote access devices. A week later, a second firmware update has been published to introduce “additional safeguards”. The latest update includes performance enhancement, code-hardening fixes, a number of customer issue fixes and previous SMA 100 series zero-day fixes. We recommend applying this latest patch as soon as possible if you use SMA appliances.
It was recently discovered that multiple flaws exist in the VMware ESXi and vSphere Client, including a remote code execution vulnerability with a CVSS score of 9.8. Updates have now been published for these flaws and we recommend that all VMware customers update their products to the latest version as soon as possible.
More details on these bugs can be found here.
And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #130 – 26th February 2021
Why not follow us on social media:
Ironshare – Security Simplified