Cyber Round-up for 27th March
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
Cybercriminals have been exploiting the spread of COVID-19 and are actively targeting healthcare services with their attacks. Due to how overwhelmed the healthcare industry is, cybersecurity is not a priority at the moment, because of this hackers are finding easy ways into their systems, which not only has an effect on patient data, but can also cost lives due to compromised equipment and incorrect logs. The critical threat that is being created by these criminals has sparked an uprising of volunteer cyber-protectors who are determined to defend vulnerable healthcare organisations. Cyber Volunteers (CV19) has been established by some veteran cyber pro’s, Lisa Forte, Daniel Card and Radslaw Gnat to provide cyber support in this time of global crisis. With several thousand volunteers offering assistance, the group is doing admirable work and we suggest following their efforts on social media.
A recent Netflix scam has been fooling its victims into believing they’re getting a free subscription due to the coronavirus isolation. It is unclear whether these scammers plan to download malicious code or steal credentials, but a number of people have followed the bait and shared the site on social media. If you come across this scam, be sure to not enter any details and definitely do not share it with your friends; much like the virus itself, you can prevent it from spreading by keeping it away from others.
US food container product company, Tupperware, has become a victim of payment card skimming; the malicious code was discovered by security firm, Malwarebytes, last week. Despite their warnings, Tupperware have not acknowledged the attack. The code reportedly works by impersonating the website’s payment form, collecting user data such as payment card credentials, usernames, emails and phone numbers. The fake payment form steals the data and shows a time-out error; however, by this time you’re already compromised. Attacks on online stores are expected to rapidly increase due to most people being confined to their homes; this means more people than ever will rely on online shopping. We suggest avoiding any sites that are known to be affected when shopping online to minimise the risk of an attack.
A database of more than 5 billion customer records from the last 8 years has been left publicly accessible without a password on the internet. The exposed data includes hashed and plaintext passwords, email addresses and source of the leak; what makes this so much worse is that it was leaked by a security firm. However, all data included in this breach are records from previous data breaches, so the victims were already at some risk; despite this, there is no excuse for a security company to put so many users at risk and these kind of incidents should not be happening as frequently as they are. Many admins ignore security features that are disabled by default, which means systems are left completely unprotected; securing databases of this size is essential.
Vulnerabilities & Updates
Microsoft have recently warned the public of a new targeted attack campaign affecting Windows 10 users. The attack involves the exploitation of a currently unpatched critical vulnerability. This flaw exists in all supported versions of Windows and allows an attacker to remotely execute arbitrary code on the target system. Microsoft have issued a serious warning due to there being no fix for this exploit; it has been a tough few weeks for them, with a number of serious vulnerabilities popping up, and they are doing their best to patch the flaws as soon as possible. As of now, there are some preventative measures you can take to mitigate the risk; we suggest looking into these, which can be found in the security advisory.
Cisco Talos’ most recent vulnerability spotlight has highlighted two denial-of-service flaws in Intel RAID Web Console 3. The flaw exits in the application’s web API functionality and can be exploited by sending malicious POST requests to the API. Talos worked closely with Intel to patch the bug as soon as possible, and an update is now available to those affected. We advise applying the necessary patch as soon as you get the chance, and if you want to read more about these vulnerabilities, details are included in Talos’ vulnerability spotlight blog.
And that’s it for this week’s round-up, please don’t forget to tune in for new instalments every week.
We hope this makes for light reading during these times of uncertainty.
Stay Safe, Secure and Healthy!
Why not follow us on social media using the links provided on the right.
Edition #84 – 27th March 2020
Ironshare – Security Simplified