Cyber Round-up for 29th October

Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.

In this week’s round-up:

Security News

FBI and Homeland Security Raid Chinese Company PAX Technology

PAX Technology, a leading Point-Of-Sale provide, has their Florida offices raided by FBI. This is believed to be due to the fact that PAX’s systems have been involved in cyberattacks on US and EU organisations. In an official statement the Department of Homeland Security said that they were only executing a court authorised search at the warehouse as part of a federal investigation. The FBI has believed to have begun investigating unusual network packets originating from the company’s payment terminals after a US payment processor discovered this. A source said that the payment processor found that PAX terminals have been used as a malware dropper and a command-and-control location for staging attacks. Both the FBI and MI5 have believed to be conducting an intensive investigation into PAX Technology.


Ofcom Tells Phone Network Providers To Block Foreign Scam Calls

Ofcom, the UK’s communication regulator, has told UK phone network providers to start actively campaigning to block foreign scam calls. This comes after the worst summer for scam calls where almost 45 million people had been targeted by phone scams. Ofcom is expected to make this a priority however only TalkTalk has implemented new plans to tackle foreign scam calls currently, more are expected to tackle this complex and frequent scamming method.


Cream Finance Receives Its Third Cyber Attack Of The Year

Hackers have stolen around $130 million worth of cryptocurrency assets from Cream Finance. The incident was detected by PeckShield and SlowMist. The attackers have thought to found a vulnerability in the company’s platform lending system and used to it to steal tokens and assets running on Ethereum Blockchain. Six hours after the attack Cream Finance said the vulnerability has been patched however this leaves little hope to its customers security, or the state of the stolen assets.


UK Ransomware Attacks Doubled In A Year

The head of GCHQ, Jeremy Fleming, has said that the number of attacks associated with ransomware has doubled in the past year. This has believed to increase in popularity among criminals because it was “largely uncontested” and highly lucrative. Comments made at the Cipher Brief annual threat conference said that Russian and China are harbouring cyber criminals that are successfully targeting western organisations. The UK still seems to be an easy target for hackers as it lacks any radical cyber security developments.


REvil Ransomware Group Forced Offline

A multi-country law enforcement operation to stop REvil Ransomware group has proved successful. Multiple private sector cyber experts aided the US government in the operation. The operation resulted in the infrastructure of the group being hacked by governments and taken offline for a second time this week. This is the latest action in the effort to reduce ransomware prevalence in the UK.


Vulnerabilities & Updates

Optinmonster Vulnerabilities Puts 1 Million Sites At Risk

WordPress plugin OptinMonster was discovered to have multiple severe vulnerabilities which could allow a site visitor to export sensitive information and add malicious JavaScript to WordPress sites. Although WordFence plugin Premium users were protected from the attack from the 28th September, a fully patched new version (2.6.5) was released on the 7th October 2021. All users of this Optinmonster plugin are advised to update to at least v2.6.5 immediately to remove this vulnerability.


Abobe’s Security Update Full Of Critical Patches

Abobe has released security patches for 92 vulnerabilities found across its software with 66 rated critical. Most of the critical vulnerabilities found allow arbitrary code execution (ACE), privilege escalation, denial of service and memory leaks. The effected Adobe software is:

Adobe After Effects, Animate, Audition, Bridge, Character Animator, Illustrator, InDesign, Lightroom Classic, Media Encoder, Photoshop, Prelude, Premiere Pro, Premiere Elements and the XMP Toolkit SDK.

If you have any software listed it is highly recommended that you update to the newest patch to secure your device.


And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.

Stay Safe, Secure and Healthy!

Edition #164 – 29th October 2021

Why not follow us on social media:

Ironshare – Security Simplified