Cyber Round-up for 7th May
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
One of the world’s biggest child abuse image websites was recently shut down by the police. The site had more than 400,000 members and has featured images of abuse since June 2019. Some of the site’s active members were found with more than 3,500 uploaded images and have since been investigated and arrested; this investigation reportedly led to the discovery of the site owners. Fortunately, the website is no longer active, but further investigation is still ongoing to catch more members and abusers.
Switzerland-based web hosting provider, Swiss Cloud, have been hit by ransomware this week, which has rippled their IT systems. Swiss Cloud is one of the largest hosting providers in Switzerland, and they have announced that they are working hard to restore their systems from backups rather than paying the ransom. Microsoft and HPE have also come forward to help the company, while the group behind the attack is still unknown. We will provide updates on the situation when we learn more.
A hacker group, that is being tracked as UNC2447, have been actively exploiting a new zero-day flaw in SonicWall VPN appliances to help in their ransomware attacks. The group are using the flaw to execute code remotely and deploy the ransomware; fortunately, there is a patch available for this zero-day that we recommend applying immediately.
More details including affected versions can be found here.
Peloton are well known for making exercise bikes and offer a service in which customers can attend live classes from home using their exercise bike or treadmill. A recently discovered flaw in Peloton’s API could allow an unauthenticated user to view private user information. The exposed information includes User IDs, Instructor IDs, Group Memberships, Location, Workout Stats, Gender, and Age. Unfortunately, this issue has not yet been resolved, and pen testers are still trying to get an update on the situation. We will provide updates on this once we learn more.
A new information stealer was discovered last month known as Panda Stealer, that is utilising spam emails to lure its victims into opening malicious Excel files. Panda Stealer is different to other information stealers, as it uses a fileless method to distribute the malware, which allows it to evade detection.
More details on this can be found here, including indicators of compromise,
Vulnerabilities & Updates
Apple have released a new batch of security updates for iOS, macOS and watchOS, including patches for three newly discovered zero-day vulnerabilities. These flaws all exist in Safari’s browser engine, WebKit, and allow an attacker to execute arbitrary code on the victim’s device. These zero-days are potentially being exploited in the wild already, making it essential that all Apple users update their devices as soon as possible.
Security researchers have found 21 vulnerabilities affecting the Exim mail server, including flaws that allow an attacker to gain root privileges and execute code remotely. Of the 21 flaws that were found, 10 can be exploited remotely, making them a big risk; especially considering that 60% of internet servers run on Exim. There are currently no available patches for these flaws, we will provide updates when they are made available.
And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #140 – 7th May 2021
Why not follow us on social media:
Ironshare – Security Simplified