Cyber Round-up for 5th February
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
Many companies in the UK have reported a dramatic increase in cyber attacks since their employees have been working from home. Remote working opens up new avenues of attack for the bad guys, especially with the lack of control over remote users. Reports have suggested that many firms are not taking security seriously enough; we urge all businesses to focus on security, specifically user awareness, as uneducated users can become a significant business risk, especially when working remotely.
The Cisco Talos team recently interviewed one of the operators responsible for the Lockbit Ransomware, which provided some interesting insight into their infrastructure and thought process. The team has published a report on the interview, which includes details such as the operator’s professional background, motivations, and theories.
The report can be found here.
Mensa, a club for people with High IQs, has been criticised by its members for poorly managing their passwords. Following the departure of multiple members, it was found that there was an attack, and an “extensive investigation” was launched. The club reported their findings to their members via email, stating that no data had been lost; however, Mensa’s former technology officer confirmed that data had been being stored insecurely for years.
Security researchers have discovered a new a new version of the Agent Tesla RAT, which is capable of disrupting Microsoft’s anti-malware interface and evading detection. The changes to this version of the trojan make endpoint protection and sandboxing incredibly difficult, making it an even bigger threat. A list of some of its new features can be found here.
Vulnerabilities & Updates
A security firm known as the NCC group has found that a dangerous SonicWall zero-day is being actively exploited in the wild. This vulnerability is currently affecting Secure Mobile Access (SMA) gateways; however, details have not been published as a safety precaution.
SonicWall have now released an emergency patch for this flaw, as well as an advisory which can be found here. We advise updating your SonicWall devices as soon as possible to ensure you are protected.
On Wednesday, security researchers discovered three new security vulnerabilities affecting SolarWinds products. Two of these flaws exist in the solar winds Orion Platform, while the third is affecting the company’s Serv-U FTP server for Windows. The researchers claim that these flaws can be exploited to remotely execute code with elevated privileges. Patches are available for all three vulnerabilities and we strongly advise updating your products as soon as possible.
And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #127 – 5th February 2021
Why not follow us on social media:
Ironshare – Security Simplified