Cyber Round-up

Cyber Round-up for 28th January

Welcome to Ironshare’s Cyber Round-up, where we look back at the events of that last week to cover some of the news, posts, views, and highlights from the world of Security. 

In this week’s round-up:

Security News

Cyber Security Strategy To Level Up Britain’s Cyber Defence

The UK’s first cyber security strategy has just been launched, the strategy is aimed at protecting the public services from hostile attacks. A new Government Cyber Coordination Centre (GCCC) will be established to provide coordination across the public sector as well as identify, investigate and respond to attacks. A reporting service will be created to allow the public and cyber security professionals to report vulnerabilities to the government allowing them to be patched in a lively manner. £37.8 million is expected to be dished out to local authorities to aid them in protecting vital local public services such as housing benefit, voter registration, electoral management, school grants and the provision of social care.


Smart Devices Security Law Generates Movement

A newly proposed law is set to be debated by MP’s. The new law is aimed at securing smart devices such as phones, laptops, speakers, tv and any other devices capable of connecting to the internet. Within this law, default easy to guess passwords, provided by manufacturers on new devices are expected to be banned in favour of unique strong passwords for each device. Manufacturers are also expected to be clearer on how long devices will be receiving security updates, as well as developing a system for the public to report security vulnerabilities found on such devices. This will be a welcome change, on the path to securing personal devices and the Internet of Things.


Brata Malware Factory Resets Android Phones

An Android banking malware has been updated with a new feature, the ability to factory reset the device. The malware, called BRATA, has been active since 2018, however researchers have recently reported a new strain of this malware wiping devices. BRATA steals the victims banking details using a fake login screen, where the credentials are sent to a hacker, however this recent strain also wipes device so that the user is unaware of any suspicious activity or bank transfers being made. This also aids in removing the malware and limiting forensic evidence.


Segway Online Store Victim Of A Magecart Attack

Researchers have reported that the official Segway online store has been skimming the credit card details of purchasers after suffering a Magecart attack. It is unknown how hackers managed to inject the site with malicious JavaScript, however the hackers cleverly disguised the code by labelling the loader as “copyright”. The skimmer itself impersonated a favicon.ico file, but was in face JavaScript code that stole banking credentials and sent them to a server owned by hackers. Details can be found in the MalwareBytes blog post.


DeadBolt Ransomware Encrypting Network Storage

A new ransomware called DeadBolt has been found to be targeting Network Attached Storage (NAS) devices. The ransomware is mostly found to be attacking NAS’s that are connected to the internet without any protection, and once detected they are encrypting its content. This poses a serious threat to organisations that uses these systems for day-to-day file-sharing or on-site backups. QNAP has advised users to disable the port forwarding function on routers as well as disabling the UPnP function of a QNAP NAS. It is never recommended to have NAS devices accessible from the internet but if you must, please ensure that they are secured properly; access is limited to authorised parties, default credentials are replaced with strong hard to guess passwords and multifactor authentication is enabled where available.


Vulnerabilities & Updates

Mass WordPress Themes And Plugin Vulnerability

Dozens of WordPress Themes and Plugins have been found to contain malicious code. The code generated a backdoor into sites that it was installed on allowing the attacker full administrative control over the websites. The 40 themes and 53 plugins found infected belonged to AccessPress Themes, present on over 360,000 sites. Researchers said the same themes and plugins are safe if installed through the directory. Any sites running themes or plugins directly installed from AccessPress Themes website are urged to upgrade to safer versions ASAP.


Apple Patch Secures Zero-Day Vulnerability

An actively exploited Zero-Day vulnerability has been patched by apple to help protect its users. The patch hitting both iOS and macOS has not been publicly released but is labelled CVE-2022-22587, a memory corruption bug referencing IOMoblineFrameBuffer content which could be used to execute arbitrary code. All Apple users are advised to update their device to patch this vulnerability particularly since it has been reported to be exploited in the wild.


And that is it for this year’s round-up, please do not forget to tune in for new instalments every week.

Stay Safe, Secure and Healthy!

Edition #176 – 28th January 2022

Why not follow us on social media:

Ironshare – Security Simplified