Cyber Round-up for 7th June
Welcome to the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
The RDP issue known as ‘BlueKeep’ that has been rolling in security news for the past 4 weeks, is now firmly on the radar of government security services, after the NSA has warned Microsoft Windows users to ensure their systems are updated. BlueKeep allows unauthenticated access to MS Remote Desktop Services, and there is significant concern that this could become the next WannaCry. Both Microsoft and the NSA are urging users to patch their systems as soon as possible to prevent cyber-attacks that could result in complete system compromise.
Radisson Rewards have contacted their members again, after inadvertently sending emails containing account information to the wrong members. Rewards members in Europe, the Middle East and Africa had their personal information exposed in the leak which included names, reward member numbers and balance info. Radisson’s investigation into the issue has confirmed that their network was not compromised, and they are asking members to delete any emails received inadvertently. Not the worst breach seen this year but another goof, nonetheless.
Not directly cyber security related, but this topical post from GCHQ provides a brief insight into the early years of security and intelligence. It describes the key role that was played by the people in Bletchley Park, and their activities that helped turn the tide of World War II.
The inaugural UEFA Nations League finals have started this week, and as fans without Sky subscriptions find ways to the watch the football for free, they are at increased risk of cyber-attack. Fake streaming sites that claim to offer a live stream of the football for free, are a popular method of cyber criminals, to either install malware or scare the user into thinking they have a virus, so they can compromise machines or steal personal and financial information. Be on the look out for fake sites, domains / URLs with incorrect spelling, and stick to legitimate means of watching the game, to stay safe online.
Cisco Talos have identified a string of documents that form a series of cyber attacks they have dubbed the Frankenstein campaign. This campaign uses a combination of different open source techniques to build the tools for these targeted attacks, with an aim to infect the victims with malware. Once infected the system would communicate with the attackers C2 infrastructure via an encrypted channel, allowing remote interaction with the compromised machine that could download further malware payloads, extract data and steal credentials.
Advanced malware protection such as Cisco AMP and secure internet gateways like Cisco Umbrella, are great tools to defend against these types of advanced malware.
By Cisco Talos Intelligence – talosintelligence.com.
Vulnerabilities & Updates
Another flaw in the MS Remote Desktop Protocol (RDP) has surfaced this week, that allows an attacker to bypass the lock screen. The flaw is triggered when a temporary disconnect occurs for a locked RDP session, and upon re-connection the session is restored unlocked allowing access to the system. Integrated Two factor authentication services are also bypassed by this vuln. The attacker does need physical access to the system that is running the locked RDP session. There is no current patch for this issue, and if reports are correct Microsoft are not in a hurry to deliver one.
A security researcher has discovered that security features in Apple MacOS can be bypassed using code validation issues that generates synthetic clicks. Security access prompts, that are generated by the operating system when an application wants to use items such as the camera, microphone, backups and remote-control services, can be bypassed using a synthetic click of the OK button, allowing malicious actors and applications access to system components. Apple are aware of the vuln, but it’s unclear if or when a fix will be available.
And that’s it for this week round-up, please don’t forget to tune in for our next instalment.
Why not follow us on social media using the links provided on the right.
Edition #44 – 7th June 2019
Ironshare – Security Simplified