Cyber Round-up for 27th September
Welcome to the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
The McAfee team has announced its views on the ongoing issues surrounding data leaks. Data leaks are becoming more common by the day, with the majority going unnoticed. McAfee believe that lack of visibility is to blame for the problem; their recent report revealed that enterprises are unaware of 99% of the exposed instances they are running. These instances are typically databases and storage buckets that were left accessible to the public on the internet, which makes up a large portion of the data leaks in recent years. A recent study proved that just 26% of organisations have tools to audit their cloud configurations, meaning the majority of companies have no idea what is happening within their cloud instances. By simply introducing cloud auditing to an organization, they can know exactly what needs changing to keep their data secure.
Notorious hacker group GandCrab, who were originally known for building ransomware for other criminals, have reappeared after retiring from their activities earlier this year. Researchers have been analyzing a new strain of viruses that show signs of GandCrab’s involvement. Their customized ransomware that they sell to others, has reportedly hit over 1.5 million machines, including devices located in hospitals. This code that appears to have surfaced shares many similarities with GandCrab’s old work, including their mistakes. Researchers are not surprised of the group’s return and remain on the lookout for any further activity.
A massive surge of account hijacks has hit YouTube creators over the last few days; the scheme has mainly targeted those in the car review and auto-tuning community, although others have reported issues. The attack was part of a coordinated campaign that involved a phishing scheme to lure users into giving up their account credentials. A user who managed to recover their account provided insight into the attack chain that led to the hijack. It appears that the hackers use phishing emails to gain credentials and use them to access their google accounts; from there they can re-assign channels to new owners and change the channel’s custom URL, so it appears the account has been deleted. As SMS based 2FA was also compromised during these account takeovers its recommended to move your accounts to 2FA using hardware keys or authentication apps.
Game developers Blizzard, who created World of Warcraft, have made an announcement following a recent DDoS attack targeting their game service. They revealed that shortly after the attack, the developers began working with law enforcement to find the person responsible; it was confirmed that law enforcement have arrested the individual they suspect was behind the attack. Although the hacker’s identity was not disclosed, a twitter account by the name of ‘UKDrillas’ claimed responsibility shortly before the attack took place; upon analysis of the twitter account it appears that the hacker is based in the United Kingdom. Another Blizzard title, Overwatch, was also reportedly affected by the DDoS, however the suspect has since been arrested and the game services should return to normal.
Vulnerabilities & Updates
Adobe has released updates for the 2016 and 2018 versions of ColdFusion after identifying that they are affected by three new vulnerabilities; 1 rated important & 2 rated critical. ColdFusion is Adobe’s commercial rapid web-application development platform. The first critical vulnerability is a command injection flaw that allows an attacker to execute arbitrary code; the second is a path traversal exploit that allows attackers to bypass access controls. The two vulnerabilities were addressed in a recent unscheduled update; Adobe recommend updating to the latest version of ColdFusion to minimize the risk of an attack. More details on the flaws are included in the original post.
Its been a rough few weeks for Microsoft and Windows users due to the overwhelming amount of severe security issues. As well as the problems that recent Windows updates have presented, including breaking Windows Defender, warnings have been issued for exploits such as weaponized worms and device driver flaws. Among the mass of issues is a critical zero-day vulnerability in the scripting engine memory of Internet Explorer 9, 10 and 11. This remote code execution flaw allows an attacker to corrupt memory and execute arbitrary code in the context of the logged in user. Most of the issues have been patched, including the flaw mentioned above; however, the update does have to be installed manually, so we recommend seeking out updates from the official Microsoft website.
And that’s it for this week round-up, please don’t forget to tune in for our next instalment.
Why not follow us on social media using the links provided on the right.
Edition #60 – 27th September 2019
Ironshare – Security Simplified