Cyber Round-up for 4th December
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
Delaware County, Pennsylvania was recently hit by the DoppelPaymer ransomware. The attack took their computer systems offline and compromised a lot of their network; this was addressed in a public statement that was made at the start of the week. The county also announced they had been working tirelessly to “restore the functionality of our systems”; however, it seems this has not gone to plan, as recent reports suggest they are in the process of paying the $500K ransom. So far this is all we know; once Delaware county release more information, we will provide an update on the situation.
Royalty-free image website, 123RF.com, recently suffered a data breach which led to more than 8.5 million user records being leaked on a Russian hacker forum. The stolen data included full names, email addresses, IP addresses, locations, and password hashes. Those involved in the breach are advised to enable two factor authentication and change their passwords for 123RF.com, PayPal and Facebook as soon as possible.
You can check if your data has been compromised here.
A new type of malware was recently discovered, and hacker groups have been seen utilising it in campaigns targeting MacOS users. Security researchers believe the activity is linked to the OceanLotus group, who have been associated with nation-state-backed hacking operations for the Vietnamese government. This updated malware provides a backdoor for attackers and makes its way onto the target device through email phishing attempts; this attack, much like its predecessors, aims to install malicious software and steal system information. We advise all users to be cautious when it comes to links/attachments in emails. Ensure that the email is from a trusted source before clicking anything.
A new phishing attack has emerged that is impersonating the popular videoconferencing service, Zoom. Its not a surprise that a scheme like this is in circulation; with the increase in remote workers, it is the perfect target for scammers. The attack begins with an email that features a link to a fake Zoom login page, where the victim’s credentials are then stolen. As always, keep your eye out for these scams, and avoid clicking links and attachments unless you are certain they are trustworthy.
Vulnerabilities & Updates
Security Researchers have discovered a new flaw that exists in the Apple Wireless Direct Link. This uses WiFi to allow users to AirDrop photos and files to nearby devices. This flaw could be used steal emails, photos, and access the camera and microphone. Although this has not been exploited in the wild, Google Project Zero researcher Ian Beer was able to pull off the attack after 6 months of investigating. This is a dangerous bug, as it does not require any user interaction and can be executed without the owner doing anything. The bug was patched by Apple back in May, so any updated devices are secure, however it is rare to see a smartphone hack that doesn’t rely on user interaction; it will be interesting to see if these kind of flaws continue to emerge in the near future.
Multiple botnets have been seen taking advantage of thousands of unpatched Oracle WebLogic servers. Many of these servers have been infected with cryptominers that are actively stealing sensitive information, despite a patch already being released. We are urging all users to update their systems as soon as possible to prevent an attack like this happening; unpatched systems are always a massive target for hackers, so you are at risk until you apply the fix.
The US Cybersecurity and Infrastructure Security Agency has issued a warning about a password leak that could lead to further exploitation of vulnerable Fortinet VPNs. Following this, Fortinet has released a security advisory to “highlight mitigation of this vulnerability”, which CISA advises users to follow. We advise all users to apply the necessary updates as soon as possible to ensure you are protected against exploitation.
And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #120 – 4th December 2020
Why not follow us on social media:
Ironshare – Security Simplified