Cyber Round-up for 9th August
Welcome to the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
The US government has extradited a man following a criminal scheme targeting AT&T. Until September 2017, the attacker had been paying large sums of money to AT&T employees to unlock cellphones, remove them from the network and install malware onto the network. The staff were found and bribed using Facebook and telephone, one of which received $428,500 over a 5 year period to carry out the criminal acts. It is believed that the company lost more than US $9.5 million over the course of the malicious campaign. This is a strong reminder of the damage that can be caused by insider threats / rogue employees.
A malicious WordPress plugin called WP Security has been recently been discovered; it has been spotted targeting blog posts and encrypting them, making the content unreadable. This is the first time a plugin has been seen targeting specific posts. Security researchers have said that encrypted blog posts can be recovered from a database backup. WordPress website owners are advised to update all plugins and reset their database passwords to mitigate the risk of these threats. In addition, ensure your WP site is secure and always do a thorough review of any plugin before installing.
A new ransomware threat has hit Android devices and could become a serious problem. The ransomware spreads through malicious links dropped in forum posts and SMS messages; once the device is affected, the attacker can then use the victim’s contact list to spread the malware further. Once the ransomware app has been downloaded from the link and the files are encrypted, deleting the app will result in your stolen files being encrypted indefinitely. Security researchers have said that the ransom for files have only been around $100-200, however if the attackers were to target bigger groups, the threat could become very serious. Android users are advised to download applications exclusively from the Google Play store, and avoid random links in forums and SMS messages.
Vulnerabilities & Updates
A path-traversal vulnerability in Microsoft’s Remote Desktop Protocol has been discovered that that leaves Azure users vulnerable to attacks. The flaw has been marked as a medium-level vulnerability that impacts Microsoft’s Hyper-V tool. The flaw was found in February and affects all versions of Windows from Windows 7 to 10. The exploit could potentially allow an attacker to install programs as well as change or delete data. A patch for this vulnerability was released in Microsoft’s July Patch Tuesday update. More details included in the original post.
Cisco has released several updates for their 220 small business series switches after 3 critical vulnerabilities were found in the products. The first is CVE-2019-1912 allows authentication bypass, the second is CVE-2019-1913, allows remote code execution and the third is CVE-2019-1914, a command injection flaw. The vulns exist in the web-based management interface of the 220 switch and can be used to completely take over a vulnerable device, while also replacing firmware or installing malware. If you are running Cisco 220 switches, please get updating, but if updating quickly is difficult, this can be easily worked around by temporarily disabling the HTTP/S server.
Millions of android devices have been exposed to hacking following the discovery of a series of critical vulnerabilities. The vulnerabilities are currently known as QualPwn and exist in the WLAN and modern firmware of Qualcomm chipsets that are used in many android devices. These flaws are present in both smartphones and tablets and can be chained with the recently discovered Linux kernel driver flaw to completely take over the target device. Google released patches for these vulnerabilities in the August edition of its Android Security Bulletin. It is highly recommended that Android users update their devices, as soon as possible.
And that’s it for this week round-up, please don’t forget to tune in for our next instalment.
If you have any recommendations for additional content, or things you would like to see covered then please let us know.
Why not follow us on social media using the links provided on the right.
Edition #53 – 9th Aug 2019
Ironshare – Security Simplified