Cyber Round-up for 30th April
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
A Coca Cola engineer has been accused of insider theft after allegedly stealing trade secrets worth $119 million dollars. The thief reportedly planned to use the stolen secrets to set up their own company in China but was found in possession of an external hard drive containing the sensitive data a year after leaving the company. A great read on insider threats that is largely ignored by most. It is important that only a limited number of employees have access to sensitive files, and those with access should be closely monitored to ensure the safety of the data and limit the risk of insider theft.
The DC Police Department confirmed earlier this week that attackers had gained unauthorised access to their servers and the FBI had been called to investigate. We now know that the Babuk ransomware gang has claimed responsibility for the attack and posted screenshots on their website as proof. They revealed that 250 GB of data was stolen from the department, including information about police informants. Although nothing has been confirmed, there is a good chance that the DCPD paid the ransom, as their data has since been removed from the Babuk website.
Kaspersky have announced the discovery of a “collection of malware samples” that was found by their security analysts. These samples contain techniques and patterns that have been used in CIA hacking operations known as Lamberts. It appears that the malware acts as a backdoor trojan that can be used on an infected to host to listen to network traffic, however Kaspersky believe that these samples have not been exploited in the wild.
More details on this discovery can be found in Kaspersky’s APT report.
A new flaw has been discovered in Apple AirDrop, that could expose your contact information to nearby users. The bug exists in how Apple hashes contact identifiers and can be exploited by anyone in proximity of the target device to steal information such as email addresses and phone numbers. This flaw is currently unpatched, and the only way to protect against it is to disable AirDrop on your device.
Vulnerabilities & Updates
Popular file-sharing service, FileZen, is currently affected by two vulnerabilities, both of which could allow an attacker to execute arbitrary OS commands. Although these flaws were addressed in Soliton’s most recent firmware update, it was confirmed that attacks begun before the fixes were released, meaning many organisations may already be compromised. We recommend that all users install the latest updates, change their system administrator account, and reset all access to ensure you are protected.
A SharePoint vulnerability that was found and patched back in 2019 is still being actively exploited and used by the Hello ransomware group. Despite being patched almost two years ago, many businesses have still not applied the fix and are vulnerable to attack. Those still vulnerable are likely missing other key updates from the last two years, so this is not the only threat they are facing unnecessarily. We advise all SharePoint users to update their systems as soon as they can to reduce the possibility of an attack.
Apples latest update for macOS Big Sur addresses a zero-day vulnerability that allows an attacker to craft malicious payloads that evade the operating system’s security checks. Gatekeeper is supposed to block untrusted software from executing, but this flaw bypasses this feature. This update also provides patches for a number of other vulnerabilities; we advise updating as soon as possible.
And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #139 – 30th April 2021
Why not follow us on social media:
Ironshare – Security Simplified