Cyber Round-up

Cyber Round-up for 8th October

Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.

In this week’s round-up:

Security News

150 Million Google Accounts to Auto-Enroll into MFA

Google made an announcement this week regarding the auto-enrolment of multi factor authentication. The firm plans to automatically enable MFA on more than 150 million user accounts by the end of 2021. Many users are not aware of MFA, or simply do not care, and so it is going largely unused on most Google accounts. Multi Factor Authentication is one of the best possible ways to protect your user accounts, as it ensures protection even if your username and passwords are compromised. Google believe they “know the best way to keep our users safe” and are eagerly looking to “automatically configure our users’ accounts into a more secure state”.


100GB of Data Exposed in Twitch Data Breach

This week, 100GB worth of data was stolen from Twitch and posted online. The streaming service, owned by Amazon, confirmed the existence of the breach, and urged that they were working hard to “understand the extent of it”. The data reportedly includes the salaries and earnings of Twitch’s top streamers; one streamer reported that the “earnings list got my figure 100% correct”. Creators such as xQC and Summit1g, who are some of the biggest names on Twitch, were involved in the leak; The company are now “working with urgency” and will likely provide updates once the breach has been cleared.


4.6 Million Affected by Neiman Marcus Data Breach

Luxury Department Store, Neiman Marcus, recently discovered that they were hit by a data breach that saw the personal information of more than 4.6 million customers leaked online. The breach included names, contact information, payment card details, usernames, passwords, and recovery questions & answers. Neiman Marcus confirmed that only their online shop was affected by the breach; Bergdorf Goodman and Horchow were left completely unaffected.


Sandhills Global Crippled by Ransomware Attack

US-based trade publication and hosting firm, Sandhills Global, were recently hit by a ransomware attack that cripple their operations; this attack has forced them to suspend a number of business services and temporarily shut down their website.  Users attempting to reach Sandhill’s hosting platform are met with a Cloudflare error page, which states that the service is currently unavailable. The company is working hard to restore operations as soon as possible and will “provide updates regarding this matter and the status of our services as soon as possible.”.


Vulnerabilities & Updates

2 Zero-Day Vulnerabilities Discovered in Google Chrome

Google has urgently released 4 new security patches for its chrome browser this week. The zero-day vulnerabilities took advantage of the Use-After-Free flaw in V8 that could allow an attacker to execute arbitrary code or crash chrome browser. The exploits labelled by the tech giant as CVE-2021-37975 and CVE-2021-37976 come as the fourth and fifth zero-day exploits in just a month with 14 totalled since the start of the year. Users of chrome are advised to update to version 94.0.4606.71 or later to avoid being at risk.


Severe Vulnerability Access Demo Importer Patched

The Access Demo Importer plugin for WordPress has recently been under attack, due to a vulnerability allowing authenticated users (subscribers) to install a zip file containing malicious php code as a plugin from an external source. This could allow remote code execution once extracted and take over a site. This was due to the fact the plugin didn’t analyse the imported file for malware or compatibility. The vulnerability was discovered on August 10th and a full patch has been available since September 21st. We recommend updating your plugins ASAP.

More information can be found here.


Apache Patch gets Exploited

Apache HTTP Server version 2.4.49 fixed a host of security flaws, however it has also introduced a severe vulnerability. The patch allowed attackers to utilise a path traversal vulnerability, to map and leak files located on the server. Labelled as CVE-2021-41773, the security flaw allows attackers to map URLs to files outside the expected document root, with the potential to perform enumeration of local usernames and passwords.


And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.

Stay Safe, Secure and Healthy!

Edition #161 – 8th October 2021

Why not follow us on social media:

Ironshare – Security Simplified