Welcome to Ironshare’s Cyber Round-up, where we look back at the events of that last week to cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
The National Cyber Security Centre and other agencies from the US, Canada, Australia, and New Zealand have issued a joint advisory about the technical details of Snake malware and its variants. Snake malware has been used for over two decades by Russia’s Federal Security Services and is capable of collecting sensitive information from specific targets, such as government networks, research facilities, and journalists. The joint advisory has suggested mitigation measures to help defend against the threat. Paul Chichester, NCSC Director of Operations, said: “The advisory lifts the lid on a highly sophisticated espionage tool used by Russian cyber actors, helping to expose the tactics and techniques being used against specific targets around the world. We strongly encourage organisations to read the technical information about Snake malware and implement the mitigations to help detect and defend against this advanced threat.”
By ncsc.gov.uk
Microsoft has warned that Iran nation-state groups have been seen exploiting a vulnerability in PaperCut MF and NG. Mango Sandstrom, linked to Iran’s Ministry of Intelligence and Security, and Mint Sandstorm, part of the Islamic Revolutionary Guard Corps, have joined in with other groups such as Lace Tempest in using this vulnerability for financial gain. The vulnerability is classified as CVE-2023-27350 with a CVSS of 9.8 and if exploited would allow an unauthenticated attacker to execute arbitrary code with SYSTEM privileges. A patch has since been released to protect vulnerable servers, all organisations are advised to update immediately to versions 20.1.7, 21.2.11, and 22.0.9 and later to be protected from these attacks.
By thehackernews.com
Capita, an international business process outsourcing and professional services company based in London, was the victim of a cyber attack in late March when a Russian ransomware gang gained access to its internal infrastructure for over a week and accessed 4% of its servers. Capita has reported that there is evidence to support that information was stolen during the attack and is currently working with security experts and the NCSC to understand and recover from the attack. "Capita expects to incur exceptional costs of approximately £15m to £20m associated with the cyber incident, comprising specialist professional fees, recovery and remediation costs, and investment to reinforce Capita's cyber security environment," the company said.
By theregister.com
The Korean National Police Agency recently announced that the Seoul National University Hospital has suffered an attack at the hands of North Korean hackers. The attack occurred in May 2021, but was not publicised until this month. The KNPA has released a lot of information on the incident and while law enforcement has not accused a specific group, local media believe the Kimsuky hacking group are responsible. Personal information of around 831,000 individuals was stolen by the attackers; approximately 17,000 of these records belonged to current and former employees, with the rest being linked to hospital patients.
As a result of this attack, the KNPA have expressed their desire to “actively respond to organised cyber-attacks backed by national governments”, and plan to do this by “mobilising all our security capabilities” and “collaboration with related agencies.”
By bleepingcomputer.com
For the last 12 months, the ‘Greatness’ phishing-as-a-service has been widely used in phishing campaigns, specifically to target Microsoft 365 customers and accounts. Greatness is known to exclusively use M365 phishing pages to scam its victims, and possesses capabilities such as IP filtering, MFA bypass, and the ability to integrate with Telegram bots. These campaigns have primarily affected the US, but attacks have also been reported in the UK, Australia, Canada, and South Africa.
All Microsoft 365 users are advised to keep an eye open for suspicious emails and login pages; it is important to note that Greatness’ landing pages have been reported as using the victim’s organisation logo / background images. It is vital that users do not mistake this branding for legitimacy, and to proceed with caution when signing into their accounts.
By securityweek.com
Welcome to our round-up of the Microsoft Patch Tuesday for May 2023!
This batch of updates is the smallest of the year so far, with 38 total vulnerabilities being patched. In this, 6 vulnerabilities classed as critical have been patched along with 3 publicly disclosed and 3 exploited in the wild.
We urge all users to apply the latest updates as soon as possible. For more details, please see our round-up of this month’s Patch Tuesday here.
And that’s it for this week’s round-up, please do check in next week for our new batch of security news and posts.
Stay Safe, Secure and Healthy!
Edition #234 – 12th May 2023
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
