Cyber Round-up for 29th May
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
The twitter account for the UK Civil Service published a tweet during the Prime Minister’s controversial statement regarding the Dominic Cummings incident. The employee in control of the account tweeted “Arrogant and offensive. Can you imagine having to work with these truth twisters?” The comment received 30,000 retweets within 10 minutes, with the UK Cabinet Office confirming that the tweet was unauthorised just moments later. It is likely that this employee lost his job following the tweet, but there is not much you can do to secure an account when the user in control of it ‘goes rogue’. Another real world example of an Insider Threat.
The research team at Chinese security firm, Qihoo 360 Netlab, has been working closely with Baidu to disrupt a malware botnet that has reportedly infected over 100 thousand hosts. The botnet reportedly belongs to a hacker group known as ShuangQiang, who was been actively compromising systems since 2017. The group has been infecting hosts using steganography, which involves hiding malicious code within another piece of data, in this case it was images uploaded to Baidu Tieba, the biggest Chinese search engine. The security team has been blocking downloads from involved URLs to prevent the botnet from spreading.
A Russian blogging service known as LiveJournal was hacked back in 2017; the hackers stole 26 million user accounts, including usernames email addresses and passwords. This attack was not discovered until this week when the stolen credentials were published online to various hacker forums. The breach was reported this week by Troy Hunt’s well known ‘Have I Been Pwned?’ service, which notifies users if their email address has been compromised in a data breach. The details of the situation are unclear, but we strongly advise updating your password for LiveJournal, as well as any other accounts using the same credentials.
Ransomware attacks have been growing in popularity among the cybercriminal community, and they are getting braver every day. In the last 12 months, their ransom demands have increased by 14 times and more groups are gravitating to this profitable approach of attack. One of the biggest ransomware groups, GandCrab, retired their operations last year, and since then their Ransomware-As-A-Service model has become the preferred way of doing things. This time last year, the average ransom price demanded by the biggest ransomware groups was around $6,000; this has since increased to almost $84,000. If you would like to learn more about how ransomware works and the tactics used by criminals, we suggest looking at this article by BleepingComputer.
A hacker group has emerged with a new jailbreak method that even works on the latest iOS version 13.5. The method uses an unpatched zero-day exploit to seize control of the devices for the first time since iOS 8. Reports suggest that even once the flaw is patched, users will be able to remain on the exploitable version to keep their devices jailbroken. This new tool allows you to have complete control while retaining security features from the OS; security was always a big problem with jailbreaking in the past, but this new feature is something the developers have bragged about. This, however, increases the risk associated with downloading rogue applications that may harm your device.
Vulnerabilities & Updates
The latest update for macOS Catalina, 10.15.5, addresses 44 security flaws affecting AirDrop, Bluetooth, Calendar and much more. Some of these vulnerabilities could lead to denial of service, arbitrary code execution, privilege escalation and memory leaks. This rollout also featured patches for multiple Safari bugs. As always, we recommend applying these updates as soon as possible to ensure you are protected from associated exploits.
And that’s it for this week’s round-up, please don’t forget to tune in for new instalments every week.
We hope this makes for light reading during these times of uncertainty.
Stay Safe, Secure and Healthy!
Edition #93 – 29th May 2020
Why not follow us on social media:
Ironshare – Security Simplified