Cyber Round-up

Cyber Round-up for 3rd  July

Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.

In this week’s round-up:

Security News

Most Businesses in Need of Ransomware Recovery Plan

Recent studies have shown that more than 30% of businesses do not have an emergency recovery plan in the event of a ransomware attack. Ransomware has become increasingly popular recently, and the chances of your organisation being hit are greater than ever. Data recovery firm, Ontrack, conducted research that proved 26% of organisations could not access their backups after an attack; most people do not consider the need for security until after they have suffered an attack, implementing a plan before you get hit will greatly reduce the damage done. This post contains some mitigation steps to help deal with your security.


Hackers Steal $1.14M From University of California

Cybercriminal group, Netwalker, has attacked the University of California, San Francisco, extorting more than $1 million dollars in a ransomware scheme. The university is a leading medical-research institution and is currently working on a cure for Covid-19; a recent statement confirmed that they had paid the hackers ransom. The Netwalker group has been associated with multiple other ransomware attacks in the last two months, specifically targeting universities. The above article discusses the importance of an emergency recovery plan for ransomware attacks; these recent campaigns prove its significance.


New TLS Certificates Will Be Ignored if Valid For Over 398 Days

On September 1, Apple will be rejecting any new HTTPS certificates that are valid for more than 398 days, they have confirmed that any connections to TLS servers that do not meet their requirements will fail. This new policy will force website owners to update their certificates annually so that they meet certain standards; this will crack down on long-term phishing campaigns and other malicious activity. Google Chrome and Firefox have agreed to follow in Apple’s footsteps and pursue these same goals in the near future.


Meraki Banner


New EvilQuest Mac Ransomware Contains Keylogger & Wallet-Stealing Capabilities

A new ransomware strain has emerged that appears to exclusively target macOS users. The strain, which has been called EvilQuest, exceeds our usual expectations of ransomware, possessing a number of features that are quite uncommon; these features include a deployable keylogger and the ability to steal cryptocurrency wallets stored on the target system. Other than these additional features, the ransomware is not overly advanced, it uses a very basic method of infection that is common among other macOS variants; despite its lack of sophistication, EvilQuest has seen some success. As always, stay safe and make sure you take care when downloading software and avoid pirated content.


Cisco Umbrella Trial

Vulnerabilities & Updates

Authentication Bypass in PAN-OS SAML Authentication

Palo Alto have disclosed a critical vulnerability in PAN-OS. Enabling Security Assertion Markup Language (SAML) authentication without also enabling the ‘Validate Identity Provider Certificate’ option allows an unauthenticated user to bypass verification with an improper signature; this allows the attacker to access protected resources. Please note that the attacker needs network access to the target server in order to exploit this flaw. This vulnerability currently affects a large number of PAN-OS versions that can be found in the description of this post. This issue has since been patched, and we recommend updating as soon as possible.


Microsoft Emergency Patch Addresses Two Critical Flaws

Microsoft has released software updates to address two critical security vulnerabilities affecting Windows 10 and Server users. This out-of-band patch comes two weeks before their scheduled ‘patch Tuesday’ due to the severity of the flaws; both of which reside in the Windows Codecs Library which is a remarkably easy avenue of attack that involves social engineering. This enables attackers to manipulate users into running malicious files. The Codecs Library contains support for Windows operating system’s audio and video file extensions; the vulnerabilities present in this feature could lead to the remote execution of arbitrary code on the compromised machine. A list of affected OS versions as well as CVE details are included here; as always, update your systems as soon as possible.


And that’s it for this week’s round-up, please don’t forget to tune in for new instalments every week.

We hope this makes for light reading during these times of uncertainty.

Stay Safe, Secure and Healthy!

Edition #98 – 3rd July 2020

Why not follow us on social media:

Ironshare – Security Simplified