Cyber Round-up for 6th September
Welcome to the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
A recent phishing study has emerged highlighting 43% of small to medium businesses in the UK have been targets of phishing attacks. Attackers have been seen impersonating staff to trick users over the last year. What makes phishing so effective is the difficulty that security experts have defending against them; all it requires is a victim being fooled by an attacker’s disguised emails. Researchers have worryingly reported that 66% of these attacks were successful in carrying out a breach of data. Make sure your users are given awareness training, that helps them identify these threats and avoid opening emails, links or attachments unless you are certain they are safe.
On August 30, the Twitter CEO Jack Dorsey’s official account was hacked using the SMS-to-tweet feature; the technique allowed the hacker to post offensive tweets on his account. As a result, twitter has decided to disable the feature until the issue can be resolved. This technique has become increasingly popular over the last two years, but an attack on the CEO has finally sparked a response into resolving it.
Two critical vulnerabilities have emerged in the AK-EM 800 food-quality management product that could allow an attacker to compromise the system. Security researchers announced that one of the flaws is a backdoor debug tool that was made to help the vendor’s support team; because of this it offers high privileges which can be abused by an attacker. These issues have been patched this week and updates are included in the original post. We recommend updating as soon as possible, if you can’t update immediately look to restricted access to trusted users.
An ongoing hacking campaign has been affecting WordPress users since July and doesn’t seem to be slowing down. The campaign started out redirecting visitors to malicious sites but has since evolved into something much worse. Attackers appear to be taking advantage of compromised third-party plugins to gain access to their victim’s sites. This allows them to install backdoors and create administrator accounts from within to exploit the site. A list of all compromised plugins is included in the original post; if you are using any of them, please take the time to check for updates to mitigate the risk of an attack.
Popular Webcomic Platform, XKCD, has suffered a massive data breach, compromising the account details of 562,000 of its users. The breach included usernames, email addresses, IP addresses and hashed passwords. The leak was discovered by a security researcher and the forum has since been taken down until XKCD can ensure it is secure. Users of the online forum are strongly recommended to change the passwords of all accounts linked to their email address to mitigate the risk of an attack
Vulnerabilities & Updates
A new remote authentication-bypass vulnerability has been classified as the highest possible severity and given a 10 out of 10 on the CVSS scale. The bug resides in the REST API interface of multiple Cisco routers, all of which are included in the original post. The vulnerability allows a remote attacker to bypass authentication and take complete control of a target router. Fortunately, the REST API interface is not enabled by default, so only users that have manually enabled it are at risk. The bug was patched in the most recent Cisco software release which is included in the original post. Please be sure to update as soon as possible.
Microsoft has recently released more updates for critical Remote Desktop Protocol security flaws, which were classified as ‘wormable’, meaning it can spread between systems without user interaction. Microsoft strongly recommends that all organisations update their systems as soon as possible and apply the necessary patches to mitigate the risk of an attack. A list of all vulnerabilities is included in the original post. If you are a Cisco customer the post includes ways to defend against these threats using Firepower services.
And that’s it for this week round-up, please don’t forget to tune in for our next instalment.
Why not follow us on social media using the links provided on the right.
Edition #57 – 6th September 2019
Ironshare – Security Simplified