Cyber Round-up

Cyber Round-up for 7th January

HAPPY NEW YEAR! Welcome to the first Ironshare Cyber Round-up of 2022,where we look back at the events of that last week and year to cover some of the news, posts, views, and highlights from the world of Security. 

In this week’s round-up:

Security News

MOD’s Defence Academy Cyber Attack Was Significant

The cyberattack on the Ministry of Defence’s Defence Academy in March 2021 was “sophisticated” and “significant”. The attack was thought to be from a foreign power and affected the network services of the academy. It is speculated that the attack was a way to access the ministry of defence’s core network, however no claims have been validated. Despite the significance of the attack, recovery was “manageable because your people work incredibly hard to keep things going and find backup methodologies.”

More details on the nature of the incident can be found here.


ZLoader Attack On The Rise

A new malware campaign has been spotted and is being run by a group of cybercriminals known as Malsmoke. This campaign appears to be using the popular Zloader banking trojan, but in a new way that we have not seen before. Historically, the trojan has been utilised in traditional phishing attacks, whereas Malsmoke are using a legitimate remote management application called Atera to gain initial access; this technique has not been seen in previous Zloader attacks making it a unique campaign. We advise all users to avoid installing programs from untrusted/unknown sources.


Companies Warned To Patch Log4j Vulnerability

The Federal Trade Commission has warned companies that they will need to patch the recent Log4j vulnerabilities or face legal action. The FTC seems to be taking the Log4j vulnerability seriously as it poses a threat to potentially millions of customers around the world. They example a previously exploited company Equifax, who failed to patch similar vulnerabilities, resulting in the compromise of their systems and exposing the data of 147 million customers. The company agreed to pay $700 million in settlement for the Federal Trade Commission, the Consumer Financial Protection Bureau and all fifty states. The FTC reported “The duty to take reasonable steps to mitigate known software vulnerabilities implicates laws including, among others, the Federal Trade Commission Act and the Gramm Leach Bliley Act. It is critical that companies and their vendors relying on Log4j act now, in order to reduce the likelihood of harm to consumers, and to avoid FTC legal action.”

You can read the official FTC statement here.


SlimPay 5 Year Banking Detail Disclosure

SlimPay, a payment service for businesses, has allowed the banking information of its 12 million customers to be publicly accessible for 5 years. In 2015 SlimPay was testing a new anti-fraud feature to join its service, testing of this feature used the data of real users which was within legal rights, however after the testing was complete the information of its users was found to be on a publicly facing server which could have allowed anyone access without any security in place. SlimPay have since received a €180,000 fine for failing to comply with GDPR regulations.


Sotheby’s luxury real estate sites compromised

More than 100 sites relating to the luxury real estate sellers, Sotheby’s, were found to be compromised with card stealing code embedded within its pages. The hackers modified JavaScript code via the Brightcove video player which was distributed to the compromised sites. The attack happened the end of last year, however the security firm Palo Alto has only just released the report of the attack. Malwarebytes are also currently looking into this to see if more Brightcove users are compromised with the same attack.


Vulnerabilities & Updates

Google Releases Big Chrome Patch

Chrome’s latest patch is set to include fixes for 37 vulnerabilities, 1 of which is considered critical. This critical flaw is a use-after-free bug that could allow actions such as executing malicious code or data corruption. Other vulnerabilities found are buffer overflows and type confusion vulnerabilities. All Chrome users are advised to update their browser as soon as possible to ensure they are protected from exploitation of these vulnerabilities.


And that is it for this year’s round-up, please do not forget to tune in for new instalments every week.

Stay Safe, Secure and Healthy!

Edition #173 – 7th January 2022

Why not follow us on social media:

Ironshare – Security Simplified