Cyber Round-up

Cyber Round-up for 31st May

Welcome to the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.

In this week’s round-up:

Security News

Flipboard Confirms It Was Hacked Twice: 150M Users At Risk As Passwords Stolen

Flipboard, the popular news app, has this week confirmed that it has been hacked twice in the last 12 months. Unauthorised access to it databases has resulted in the hacker gaining access to potentially 150 million user account details, which included names, emails and encrypted passwords. Users of Flipboard will still be able to access the app, but they will be requested to replace their password the next time Flipboard is used, and connections to social media accounts will need to be reset.

By Forbes.

We ain’t afraid of no ‘ghost user’

GCHQ, the British intelligence arm of the UK government are in the crosshairs of tech companies over their proposal for a ‘Ghost User’ back door into encrypted messaging services. A host of tech giants that include Microsoft and WhatsApp are against the proposal, stating concerns around how this would lead to a serious threat to cyber security, privacy and human rights. Dr Ian Levy of the NCSC, states this is the starting point for the discussion of a hypothetical proposal which will assist in the fight against global terrorism.

By The Register.

Baltimore ransomware attack

The local Government in Baltimore have been suffering for several weeks now after being hit by a crippling ransomware attack. Thousands of computers have been infected by the malware, which is reportedly using the NSA’s EternalBlue exploit (previously used in the WannaCry ransomware) that was leaked by the ShadowBrokers group in 2017. There are mixed reports across the industry though, with some experts suggesting EternalBlue is not involved, and that RobbinHood ransomware is to blame. If EternalBlue is involved, then it’s highly likely that Baltimore’s computers systems had not been patched for some time.



Phishing Emails Pretend to be Office 365 ‘File Deletion’ Alerts

A new phishing threat has been discovered that pretends to be an alert from Office 365. The alert email warns the victim that an unusual number of files in their account have been deleted and tricks the user into clicking a link to verify the details. A fake Microsoft login page then aims to steal the victims Office 365 credentials. The fake page is hosted on MS Azure and uses valid MS certificates which makes the threat far more convincing.

By Bleeping Computer.

10 years of virtual dynamite: A high-level retrospective of ATM malware

The latest blog from Cisco Talos provides a look into the increase of ATM cash machine malware over the last 10 years. It gives an overview on the evolution of the malware, explains the differences between Skimmer and cash dispenser types, and covers the numerous families of ATM malware seen in the wild. It concludes with good security practices to secure your ATM devices.

By Cisco Talos Intelligence.

Vulnerabilities & Updates

Convert Plus Plugin Flaw Lets Attackers Become a WordPress Admin

A critical vulnerability has been found in the Convert Plus WordPress plugin, that allows malicious actors to create new WordPress admin users through the use of a hidden field. By intercepting a form request, the actor can modify the “cp_set_user” field to administrator and submit the form to create a new privileged admin account, with full control of the WordPress instance. If you are running the Convert Plus plugin please get updating to version 3.4.3, to fix this flaw.

By Bleeping Computer.

And that’s it for this week round-up, please don’t forget to tune in for our next instalment.

Why not follow us on social media using the links provided on the right.

Edition #43 – 31st May 2019

Ironshare – Security Simplified