Cyber Round-up for 3rd September
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
The well known Ragnarok ransomware has been active since 2019 and has been one of the biggest threats of the last couple of years, however they appear to have stopped all operations and retired. They have since released a universal decryption key that is available for anyone who may have fell victim to their past campaigns. Bleeping Computer were sceptical about this decryption key, but after investigating it, they were able to confirm it “will unscramble victim’s data”. The group left with little to no explanation, but we can be glad that one more threat group has stepped away from cybercrime.
Reports have come in from the first and second quarters of 2021, showing a 288% increase in ransomware when compared to 2020. This shows that organisations of all sizes are more at risk than ever before, especially in the US where 49% of all ransomware victims were during Q2. Christo Butcher of the NCC Group stated that “no organisation in any sector is safe from ransomware today”, this is something that is ignored by many who believe they are too insignificant to be targeted; we advise all businesses to be prepared for the event of a cyber attack or data breach.
DeFi platform, Cream Finance, has become the latest victim of cybercrime, with the attackers stealing almost $29 million before being detected. The firm recently announced that they have “stopped the exploit by pausing supply and borrow on AMP” and confirmed that no other markets were affected. It appears the attack exploited a reentrancy bug, allowing the hackers to continuously “re-borrow assets during transfer”.
More details on this can be found here.
The TP-Link router, which is very popular product sold by Amazon, is currently being shipped with vulnerable firmware and is “plagued by security problems”. ‘Amazon’s Choice’ router currently averages 150 million sales per year and features outdated firmware and potentially even pre-installed backdoors. Owners of the TP-Link AC1200 Archer C50 (v6) router are encouraged to install the latest firmware updates as soon as possible, as their devices are likely at risk.
Vulnerabilities & Updates
A new vulnerability has been discovered in the Azure Cosmos DB and allows any Azure user to gain full administrative access in another customer’s instance. This flaw is especially dangerous since it does not require authorisation and does not yet have a fix. Remediation steps have been released which we advise everyone follows; these include replacing your Cosmos DB’s primary keys and reducing network exposure of your accounts by limiting access.
Back in August, two vulnerabilities were discovered in the Gutenberg Template Library & Redux Framework plugin. The Wordfence team found that these flaws allow the installation of arbitrary plugins by a user with low privileges and access sensitive configuration information without authentication; it appears that these issues are affecting more than 1 million WordPress sites worldwide. Patches are available for the affected plugin, which we advise all users to apply as soon as possible.
A new high severity vulnerability in Microsoft Exchange Server was discovered recently, allowing attackers to bypass authentication and view employee emails. The flaw also allows the attacker to add forwarding rules to victim’s mailboxes, intercepting their incoming emails. This was patched by Microsoft pretty quickly and we advise applying the latest update to ensure you are protected.
And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #156 – 3rd September 2021
Why not follow us on social media:
Ironshare – Security Simplified