Cyber Round-up for 26th July
Welcome to the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
Deliveroo users have recently had their accounts hacked and sold by dark web dealers for prices as small as £5. Hackers are using login details from previous mega-hacks and various phishing techniques to obtain a user’s credentials to sell online. Victims have been reporting unusual amounts of food being ordered from their accounts, with one order coming to £450. A significant number of account thefts have been reported recently, mostly in London. Many users have complained about the slow response from Deliveroo and are unhappy that they are simply deleting the compromised accounts. They disclosed that they were working hard to address the issue, using fraud prevention software, but no solution has been presented yet.
TV giant Sky has sent a notification to its customers warning them that their passwords had been reset following an incident that happened last week. After customers reacted with confusion to the email, Sky responded saying that they occasionally reset passwords to keep accounts safe. The incident they referred to appears to be a potential breach of Sky email accounts, which indicated that unauthorised access had been identified. However, information regarding the nature of the incident has not yet been fully disclosed. This has not affected all of Sky’s customers, but a researcher has confirmed that the customers contacted did not have their accounts breached. Sky responded with what they were they consider best practice account management and reset those accounts they believed were affected.
Lancaster University is working to secure its systems following a recent data breach. Stolen data included phone numbers, ID documents and records of a small number of students. The data stolen was reportedly linked to those who applied in 2019 and 2020. Officials announced that the stolen data was being used to send fake invoices to victims and described the attack as sophisticated and malicious. The university announced that those who were affected will be contacted with advice.
Phishers have a new method of infiltrating people’s Office 365 accounts, and it all starts with a fake email that appears to be from Microsoft. The email contains a link to a fake Office login site, where the victim can enter their credentials; if login credentials are entered correctly, they are captured by the attacker before redirecting the victim to the official Office 365 dashboard, to avoid any suspicion regarding the breach. However, if credentials are entered incorrectly, a seemingly real error page is shown asking to login again. This method is unlike anything previously seen, as it focuses on masking the truth from the victim, even after compromising their account. Microsoft recommends enabling Multi Factor Authentication to mitigate this threat.
American Express card holders are being targeted by a new phishing campaign, in which attackers send a fake email to a victim, posing as an account update. The hyperlink then redirects to a malicious site. What makes this method seem legitimate is its use of an embedded “base href” URL; this also hides its intent from security tools and anti-virus. The attack does not just target consumers however, actual credit cards, membership reward accounts, merchant accounts and American Express @Work accounts are all at risk. The attackers behind this campaign are taking many precautions to disguise the malicious site, these methods are discussed in more detail in the original post.
Vulnerabilities & Updates
A recent malicious advertising campaign has been actively exploiting WordPress plugin vulnerabilities to launch attacks. The most recent target was the ‘Coming Soon Page and Maintenance Mode’ plugin, which is present on over 7,000 sites. The flaw allows an attacker to inject code into the target website, giving them the ability to display popup ads and even redirect visitors to malicious sites disguised as tech support. The biggest flaw targeted by this campaign is the Yellow Pencil Visual CSS Style Editor plugin, which has over 30,000 installs. These vulnerabilities were recently disclosed by WordPress and, although patches have been released, those using versions older than 1.7.8 are still at risk.
Apple’s latest patch addresses recent vulnerabilities in iOS, MacOS, Safari, watchOS and tvOS. The update includes a total of 37 fixes, including patching for a few high severity vulnerabilities. One major flaw allowed an attacker to authorise purchases without unlocking the phone using the wallet app. The patch also resolved a bug that allowed a Walkie-Talkie connection to be active during a call without the user’s knowledge. More details on this patch are included in the original post. If your devices are not set to automatically update then we encourage you to update the latest patches as soon as you can.
And that’s it for this week round-up, please don’t forget to tune in for our next instalment.
Why not follow us on social media using the links provided on the right.
Edition #51 – 26th July 2019
Ironshare – Security Simplified