Cyber Round-up for 30th July
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
The UK police’s national fraud reporting service has been in use for many years, but recently thousands of victims have filed complaints about the system. These complaints, along with an investigation by The Times, has led to the reporting service being scrapped, with an “improved national fraud and cybercrime reporting system” said to be replacing it.
More details on the failure of the Action Fraud service can be found here.
Over the last few years, ransomware has grown into an “international crisis”, with large business, and even entire healthcare systems being crippled by attacks. One of the biggest problems surrounding ransomware is that the victims that pay ransoms are simply funding future attacks, while the threat actors suffer little consequence. Many security experts have criticised the payment of ransoms, with some even calling for it to be banned; it is unclear whether this is the right decision or not, although it would certainly limit funding to cybercriminals, it wont resolve the ransomware problem.
Tarah Wheeler and Ciaran Martin (the ex-head of the NCSC) discuss these point in the linked article.
A new Android malware has been discovered that appears to abuse device accessibility services to steal user credentials. This basic credential stealing malware has since grown into an entire botnet known as UBEL, which appears to be the return of the SMS delivered malware, Oscorp. The goal of this malware is to install itself onto a device, disguise itself as a service, recruit the device into a botnet and use it to distribute malicious SMS messages.
More details on this can be found here.
President Biden recently spoke out about the growing issue of severe cyberattacks, specifically those that cause “disruption to the real world”, suggesting that “if we end up in a war, a real shooting war with a major power, it’s going to be as a consequence of a cyber breach of great consequence”. Biden is also calling Russia and China the ‘USA’s Partners’, as he calls for them to work in partnership on tackling existing threats.
Vulnerabilities & Updates
Proof-of-Concept code was recently published for a Windows OS security flaw, labelled PetitPotam, that could allow a remote attacker to force authentication and takeover the target system. This is done by sending “SMB requests to a remote system’s MS-EFSRPC interface”, thus forcing the machine into the authentication procedure; the details shared in this procedure allow the attacker to gain remote access. It is believed that this flaw mostly affects supported versions of Windows Server; mitigation techniques can be found here.
Biometric Authentication Vendor, IDEMIA, recently published fixes for a number of security flaws, one of which allowed remote attackers to hijack biometric devices and open doors. This vulnerability affects the VisionPass facial recognition device, and SIGMA fingerprint terminal, as well as the Morphowave and MorphoAccess fingerprint devices. Users of these authentication systems are advised to update their devices as soon as possible, to ensure they are protected against this major security flaw.
Owners of iPhones, iPads and Apple Macs are being urged to update their devices as soon as possible, after the emergence of a zero-day vulnerability that is being actively exploited in the wild. This zero-day could allow an attacker to remotely execute arbitrary code with kernel privileges. With attackers already actively abusing this exploit, your Apple devices are at risk of an attack; we strongly recommend patching immediately.
And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #152 – 30th July 2021
Why not follow us on social media:
Ironshare – Security Simplified