Cyber Round-up

Cyber Round-up for 7th February

Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.

In this week’s round-up:

Security News

Cyber Experts Meet in Berlin to Discuss Smart Grid & the Changing Threat Landscape

The everchanging threat landscape is a massive challenge that cyber security experts have to deal with constantly, because if prevention methods don’t advance with it attacks will become more frequent and more dangerous. To tackle the problem, the Smart Grid Forum’s Smart Grid Cybersecurity 2020 conference has been created; this is where Europe’s top CISO’s and cyber experts meet to discuss ways of fighting new threats which are emerging every day, enhancing the protection of the energy sector’s smart grid platforms.


Russia Testing New Weapons in Cyber Attack Testing Ground

The Russian Cyber Threat Group, known as Gameredon, is using Ukraine as a cyber attack testing ground for releasing new weapons. Researchers have reported that their attacks on Ukraine are simply preparation for their latest technology before replicating the attacks on countries targeted by the Russian government. Their recent cyber campaign features newly crafted malware designed to gather information, this is expected to be the ‘preparatory stage’ of a larger scale cyber-attack.


Cisco Umbrella Trial


Twitter Exploit Allows Hackers to Find Users Linked Phone Numbers

Twitter have issued a warning to all users regarding a recently discovered exploit that could allow an attacker to find the phone numbers associated with millions of user accounts. This is reportedly due to a vulnerability in one of the API’s designed to help user’s finding people they know, which is achieved through their phone contacts. This flaw was discovered when a security researcher unethically exploited it to discover the phone numbers of almost 17 million users; Twitter have since taken care of the issue and announced that no user action is required. If any users are still worried about this lack of privacy, the discoverability setting can be disabled in twitter to prevent contacts finding you through your phone number.


WhatsApp Vulnerability Allows Unauthorised Access to Files

A new vulnerability has been discovered that exists in the desktop version of WhatsApp. This flaw, which affects Macs and Windows, allows an attacker to send JavaScript in a WhatsApp message, which triggers the client to start reading the files they have stored locally. Reportedly, this was possible due to the software using an outdated version of the Google Chromium engine, which had many known vulnerabilities. This flaw was addressed in last month’s patch, which we recommend applying as soon as possible; it was confirmed that version 0.3.9309 and earlier are all affected.


AMP Free Trial

Vulnerabilities & Updates

Cisco Releases Patches for Critical Vulnerabilities

Cisco have released patches addressing five critical vulnerabilities that exist in the Cisco Discovery Protocol; the info-sharing layer present on all Cisco equipment. These flaws can reportedly allow an attacker to break network segmentation and remotely take over millions of devices; this collection of vulnerabilities have been named CDPwn. These remote code execution flaws were addressed in Cisco’s most recent updates, which we advise applying as soon as possible.


Microsoft Fixes Search Bar Issue in Windows 10

Many Windows 10 users have taken to social media reporting issues with the main search bar feature of the operating system. Users have all been sharing the same problem with the start menu showing as a blank box, rather than showing search results. This can be very inconvenient as it is quite time consuming to scroll through the list of applications, rather than search for it. Shortly after user reports were posted on social media, Microsoft issued a fix for the issue, which has now been released; apparently the bug was due to Bing integration in the Windows 10 start menu.


And that’s it for this week’s round-up, please don’t forget to tune in for new instalments every week.

Why not follow us on social media using the links provided on the right.

Edition #77 –7th February 2020

Ironshare – Security Simplified