Cyber Round-up for 7th February
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
The everchanging threat landscape is a massive challenge that cyber security experts have to deal with constantly, because if prevention methods don’t advance with it attacks will become more frequent and more dangerous. To tackle the problem, the Smart Grid Forum’s Smart Grid Cybersecurity 2020 conference has been created; this is where Europe’s top CISO’s and cyber experts meet to discuss ways of fighting new threats which are emerging every day, enhancing the protection of the energy sector’s smart grid platforms.
The Russian Cyber Threat Group, known as Gameredon, is using Ukraine as a cyber attack testing ground for releasing new weapons. Researchers have reported that their attacks on Ukraine are simply preparation for their latest technology before replicating the attacks on countries targeted by the Russian government. Their recent cyber campaign features newly crafted malware designed to gather information, this is expected to be the ‘preparatory stage’ of a larger scale cyber-attack.
Twitter have issued a warning to all users regarding a recently discovered exploit that could allow an attacker to find the phone numbers associated with millions of user accounts. This is reportedly due to a vulnerability in one of the API’s designed to help user’s finding people they know, which is achieved through their phone contacts. This flaw was discovered when a security researcher unethically exploited it to discover the phone numbers of almost 17 million users; Twitter have since taken care of the issue and announced that no user action is required. If any users are still worried about this lack of privacy, the discoverability setting can be disabled in twitter to prevent contacts finding you through your phone number.
Vulnerabilities & Updates
Cisco have released patches addressing five critical vulnerabilities that exist in the Cisco Discovery Protocol; the info-sharing layer present on all Cisco equipment. These flaws can reportedly allow an attacker to break network segmentation and remotely take over millions of devices; this collection of vulnerabilities have been named CDPwn. These remote code execution flaws were addressed in Cisco’s most recent updates, which we advise applying as soon as possible.
Many Windows 10 users have taken to social media reporting issues with the main search bar feature of the operating system. Users have all been sharing the same problem with the start menu showing as a blank box, rather than showing search results. This can be very inconvenient as it is quite time consuming to scroll through the list of applications, rather than search for it. Shortly after user reports were posted on social media, Microsoft issued a fix for the issue, which has now been released; apparently the bug was due to Bing integration in the Windows 10 start menu.
And that’s it for this week’s round-up, please don’t forget to tune in for new instalments every week.
Why not follow us on social media using the links provided on the right.
Edition #77 –7th February 2020
Ironshare – Security Simplified