Cyber Round-up for 2nd July
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
An analyst for G Data recently discovered a malicious driver that had been signed by Microsoft. The driver, known as “Netfilter”, was signed due to a flaw in Microsoft’s code-signing process, and has been seen communicating with Command & Control IPs based in China. Microsoft are currently investigating the incident and have confirmed that the actors behind it are primarily targeting gaming environments; the account responsible has been suspended and is being checked for other malicious signings.
The Ministry of Defence are currently investigating an incident in which classified documents were left at a bus stop in Kent. The documents contain information on UK military in Afghanistan and the HMS Defender’s passage through Ukraine; they were found by a member of the public who contacted the BBC when he realised that the documents contained more than 50 pages of classified information.
A recent report by the FBI found that the elderly are at a higher risk of falling for online fraud attempts. The report states that over-60s make up more than 28% of all successful fraudulent activity. The study also shows that not only were over 60s targeted the most, but their reported losses were also the greatest, with almost 1 billion USD being stolen in 2020. This could partially be due to many elderly people joining social media, in order to stay in contact with family during the pandemic; this kind of opportunity is something that attackers are always looking out for, especially since older people are generally more trusting and unaware of cybercrime.
A Dutch cybersecurity firm known as Tesorion has recently announced that they are releasing a free application to help victims of the Lorenz ransomware recover their encrypted data. The decrypter was announced last week and has since been added to the nomoreransom website. This site contains decryption tools for a number of different ransomware variants.
The tool for the Lorenz ransomware can be found here.
Many people have reportedly been receiving WhatsApp verification codes that they did not request, and it appears to be part of a recent wave of attempted account thefts. The attacker uses your phone number during the WhatsApp setup, which subsequently sends you a verification code. They are then messaging the owner of the phone number posing as customer support and requesting the victim to forward them the code. This allows them to completely take over your account and attach it to their own mobile device. If you receive a code that you did not request, ensure that you do not share it with anyone.
Eight apps containing the Joker malware have been found targeting Android devices; however, unlike other malicious apps, these come directly from the Google Play Store. This shows that it is no longer safe to simply avoid third-party app stores, since the supposed ‘trusted’ app store is also plagued with malware. We strongly advise all Android users to take care when downloading applications, specifically those on the list show here.
Vulnerabilities & Updates
A cross-site scripting flaw was recently discovered in Cisco Adaptive Security Appliance and researchers have now released a proof-of-concept exploit. This bug is now being actively exploited; despite being patched last October. We advise all organisations to apply the latest patches to their appliances as soon as possible to avoid the possibility of a successful attack.
And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #148 – 2nd July 2021
Why not follow us on social media:
Ironshare – Security Simplified