Cyber Round-up

Cyber Round-up for 31st July

Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.

In this week’s round-up:

Security News

Vatican Infiltrated by Chinese Hackers

The Vatican has reported a breach in their computer systems, and it is believed that they were infiltrated by Chinese hackers. This came at an interesting time, not long after the Vatican had planned sensitive talks with Beijing over the state of religion in China. The Chinese state has faced many accusations over the years regarding cyber-espionage against religious groups; the recent Vatican incident appears to be another case of this. Investigations found that the intrusion could have revealed the Vatican’s negotiation plans ahead of their talks in September. The group behind the attack is believed to be RedDelta, who were also involved in several other incidents relating to organisations related to the Catholic Church.


Garmin Slowly Recovers from Ransomware Attack

Garmin have released a statement confirming they were recently a victim of a ransomware attack, which has affected them quite severely. They are returning to operation a week later, but it has been a slow process which they are staggering through. Garmin managed to restore their encrypted data, but they have not confirmed if they eventually paid the ransom. Rumours online suggest that the demand may have been in the region of $10 million. Garmin have contacted their customers stating there has been ‘no indication’ of personal data being accessed, which is reassuring for users of their tech.


Cisco Umbrella Trial


Digital Banking App Dave Suffers Security Breach

Dave, a popular digital banking app and tech unicorn has released a statement addressing a recent security breach, in which 7.5 million users were compromised. The breach occurred through an analytics platform known as Waydev, who were previously business partners of Dave; this allowed malicious actors to gain unauthorised access to the user data of 7,516,625 customers. The company began investigations as soon as they were made aware of the incident, and quickly patched their systems. Reports suggest that the hackers may have cracked some of the stolen passwords and are attempting to sell the credentials online. Dave are currently working with law enforcement to resolve this and have issued an app-wide password reset to compensate.


QNAP NAS Devices Targeted by Malware Strain

The NCSC and CISA have jointly reported on a new malware strain that appears to target NAS devices made by QNAP. This strain, which is known as QSnatch, first surfaced in late 2019, but has only recently come under investigation; it is believed that all versions are potentially vulnerable to this malware apart from the latest version. We highly advise applying the latest security fixes to ensure your devices do not join the thousands that have already been infected worldwide.


AMP Free Trial

Vulnerabilities & Updates

At Risk ASUS Routers Require Firmware Updates

If you own an ASUS RT-AC1900P home router, it is vital that you do a firmware update as soon as possible. The latest firmware for this device includes two security bugs that could be have severe impact if exploited. The first would allow firmware updates to be passed without checking the digital signature, meaning the router accepts forged certificates; this could result in a MITM attack once connected to a malicious network. The other flaw exists in the management web interface for the router’s firmware release notes; the vulnerability allows cross site scripting, allowing it to be used in coordination with the first flaw to execute malicious JavaScript. Versions and later are unaffected by these flaws; we recommend updating as soon as you can. Here is the security advisory from Trustwave if you are interested in learning more.


High Severity Vulnerabilities Found in Cisco Security Products

Cisco has issued a warning to their customers regarding a high severity flaw that is affecting its network security software. They made it clear that a remote, unauthenticated attacker could access sensitive data, and that this is already being actively exploited. This flaw exists in the web services interface of Firepower Threat Defense software and their Adaptive Security Appliance software. A patch for these vulnerabilities have been released, which we recommend applying as soon as possible. CVE details for this vulnerability have been released, with a CVSS score of 7.5 out of 10. More details on the advisories can be found here.


And that’s it for this week’s round-up, please don’t forget to tune in for new instalments every week.

We hope this makes for light reading during these times of uncertainty.

Stay Safe, Secure and Healthy!

Edition #102 – 31st July 2020

Why not follow us on social media:

Ironshare – Security Simplified