Cyber Round-up for 8th January
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
The UK government has announced a new scheme designed to aid the education of disadvantaged children. The last year has been exceedingly difficult for a lot of children who cannot go to school and cannot access remote education; because of these struggles, there are plans to increase data allowances for mobile devices. This is expected to support children in their online learning while schools are closed. Schools, trusts and local authorities can request mobile data increases if children do not have fixed broadband at home, cannot afford mobile data, or if they cannot continue face-to-face education.
More details, including a list of networks that may be able to request these data increases, can be found here.
Everyone knows that WhatsApp is the best messenger when it comes to security. It has always been well known for its encrypted messaging and privacy settings, but where it fails is in securing your metadata. This is essentially information about your data, such as mobile numbers, device type, mobile network, and contacts. Apple’s latest update for iMessage is a “game-changer” when it comes to privacy and the collection of metadata. They have announced that they are massively cutting down on the collection of this information; while WhatsApp state that “We must collect some information to provide a reliable global communications service”, Apple are ensuring that any data collected is not linked to your identity . This is a huge step forward in secure messaging, and we are intrigued to see what Apple do next.
A joint statement was issued this week by four US cyber agencies, officially pinning the recent SolarWinds attack on the Russian government. This accusation was supported by findings linking the attack to APT29, which is an industry-wide codename for hackers associated with the Russian Foreign Intelligence Service.
Here is the official CISA statement.
You can learn more about the recent SolarWinds incident in this article on our website.
T-Mobile recently disclosed news of yet another security incident. They have stated that hackers were able to access information related to T-Mobile accounts, including customer proprietary network information (CPNI). This involves phone numbers and the number of lines subscribed to on your account. The firm have apologised for the inconvenience of the attack and once again iterated that they take “the security of customer information seriously”, this is the fourth time they have stated this in the last three years. Law enforcement and impacted customers have all been notified and T-Mobile continue to follow up on the incident.
Following the Microsoft DNS vulnerability that was found back in July, a new attack method known as Side channel AttackeD DNS, or SAD, has been reinventing DNS cache poisoning. SAD has been reported as the “first weaponizable network side channel attack that has serious security impacts” and researchers have found that around 35% of open resolvers are vulnerable to the method; it was also stated that “11 of 14 public resolvers are susceptible”. If you want to know whether you are at risk of this attack, the Q&A and tool is available on this SAD DNS website.
More details by the NVD can be found here.
There has been reports of fraudulent text messages circulating, containing a link to an “extremely convincing” fake NHS website. Users who click the link are asked to input their bank details to register for the vaccine. We advise everyone to take caution when it comes to links and attachments in messages, and please note that the vaccine is free. Any site that requests payment is most likely a scam. Stay safe, and if you would like to learn more about this scam message, see here.
Vulnerabilities & Updates
Zyxel’s latest patch addresses a critical vulnerability that allowed attackers to compromise networks with administrative privileges; this was due to a secret, undocumented account that was present in a number of Zyxel devices, including Unified Security Gateway, USG FLEX, ATP and VPN firewall products. Around 10% of 1000 devices in the Netherlands are affected by this flaw, and researchers have warned users how easy it is to exploit. We strongly advise updating your devices as soon as possible.
You can learn more from the official Zyxel security advisory here.
And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.
Stay Safe, Secure, Healthy, & a Happy New year to all!
Edition #123 – 8th January 2021
Why not follow us on social media:
Ironshare – Security Simplified