Cyber Round-up for 6th August
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
A recent cyberattack severely disrupted operations of the Iranian Train System, with their websites and railway system being heavily impacted. It is currently unknown which group was behind the attack, but it was confirmed that a newly discovered reusable wiper malware called Meteor was responsible. The principal threat researcher claims that they were “able to recover most of the attack components”, despite a lack of IoCs. The fingerprints found in the investigation did not link to any known threat actors. A new strain of wiper malware is not what any of us want to see.
A decryptor for the increasingly notorious ransomware, Prometheus, has finally arrived. CyCraft Technology Corp have been putting in the work recently to understand the malware and have found a way to recover their customer’s encrypted files.
This article contains a guide on how to use the decryption tool, as well as more information on how it works. CyCraft’s GitHub, as well as a direct download, can be found here.
A new phishing campaign has been seen circulating, that uses SharePoint File-share requests to lure their victims in. Typically, the victim will receive an email from what appears to be a colleague and will encourage them to click a fake SharePoint link that redirects to a phishing site. This is a widely used campaign in current times and is targeting many enterprise and business customers that use SharePoint.
Telltale signs for spotting this campaign can be found here, as well as some additional guidance.
The NSA and CISA have collaborated on a new 59-page report, which details the technical guidance for hardening Kubernetes clusters. Kubernetes was designed to allow administrators to deploy IT resources in an easy way, however, it has proven difficult for admins to execute this deployment in a secure way. This new hardening guide should help eliminate the confusion of configuring Kubernetes, allowing for increased security without compromising the easy deployment.
Vulnerabilities & Updates
The experts at Wiz recently published their research into a simple loophole in DNS, that allows anyone to intercept worldwide DNS traffic travelling through providers such as Amazon or Google. Presenting their findings at the Black Hat conference, they stated that there is “no way of knowing whether the loophole has already been exploited”, and that “Anyone could have collected data undetected for over a decade”. The research confirms that Amazon and Google have released fixes for this issue, but other DNS providers may still be at risk.
14 vulnerabilities were recently found in a common TCP/IP library used in Operation Technology devices; these OT devices are manufactured by more than 200 different vendors. This collection of 14 vulnerabilities is being referred to as INFRA:HALT and is said to be affecting more than 6,400 OT devices that are exposed online.
A list of all 14 flaws, as well as more details on the discovery, can be found here.
Cisco have released updates for the vulnerabilities existing in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers. These flaws could allow an attacker to remotely execute arbitrary code and commands, and also cause denial of service. We advise updating your devices as soon as possible to ensure that you are protected.
And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #153 – 6th August 2021
Why not follow us on social media:
Ironshare – Security Simplified