Welcome to Ironshare’s Cyber Round-up, where we look back at the events of that last week to cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
Earlier this week, Google announced the release of the first quantum resilient FIDO2 security key implementation; This is set to become part of OpenSK and is Google’s latest release that works towards deploying quantum resistant cryptography.
Standard public key cryptography will not be able to withstand attacks from quantum computers and, while quantum attacks are not a threat we currently face, it is only a matter of time until it becomes a reality.
Google’s announcement states that:
“While quantum attacks are still in the distant future, deploying cryptography at Internet scale is a massive undertaking which is why doing it as early as possible is vital.”
It is great to see this kind of proactive approach to security; as we get closer and closer to the practical usage of quantum computers, it is vital that we are prepared to face the certain threats that come with it.
On Monday, Clorox publicly disclosed that their networks had been accessed by unauthorised actors and, while clean up is in progress, some of their IT systems remain offline. Specific details of this breach have not been disclosed, but it was revealed that the firm has employed the services of third-party cybersecurity teams to assist in investigation and recovery.
Clorox’s latest statement confirmed that:
“systems will remain offline out of an abundance of caution, as we work to add additional protections and hardening measures to further secure them. As a result, some operations are temporarily impaired.”
It is not clear when operations will return to normal, but we expect to learn more information on this incident as the investigation progresses.
Discord.io has been propelled into the spotlight, following the exposure of more than 760,000 user records. The leaked data included:
- Discord IDs
- Email Addresses
- Billing Addresses
- Salted and Hashed Passwords
Following the discovery of this breach, Discord.io posted a statement to their website, which stated the following:
“We have decided to take down our site until further notice. We will continue to investigate the possible causes of the breach, and we will take steps to ensure that this does not happen again. This will include a complete rewrite of our website's code, as well as a complete overhaul of our security practices.”
This statement also includes guidance for Discord.io users, as well as details on the cancellation of memberships.
Discord.io is a third-party service that integrates with Discord, allowing users to create custom invitations for their channels and servers.
This service has no official affiliation with Discord and is managed by an independent third-party.
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding a significant security vulnerability in Citrix ShareFile that is currently being exploited by malicious actors. Citrix ShareFile is a managed file transfer cloud storage solution that allows users to upload and download files securely but also offers a “Storage zones controller” solution that allows enterprise users to configure their private data storage to host files, whether on-premises or cloud. The critical flaw, tracked as CVE-2023-24489 "has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller," Citrix explains. CISA urges organizations using Citrix ShareFile to take immediate action to mitigate the risk by applying the available security patches. The agency's advisory emphasizes the urgency of addressing this issue, as attackers are actively taking advantage of the vulnerability.
A sophisticated phishing campaign has sent over 1,000 emails containing malicious QR codes with the aim of stealing Microsoft credentials. The campaign, discovered in May, used PNG image attachments of QR codes and redirect links associated with Bing, Salesforce, Cloudflare, and others. The emails contained messages of urgency by spoofing Microsoft security alerts and claiming that the user needed to update either their account’s MFA or another setting. The links associated with the email or QR code led victims to a phishing site to harvest their Microsoft credentials. Of the over 1,000 emails sent the top US energy company received over 29% of the total after being sent to its employees. the next top 4 affected industries were manufacturing (15%), insurance (9%), technology (7%), and financial services (6%). Unfortunately, the campaign is still ongoing with the volume increased by more than 2,400% since May. Readers are advised to always check the source of emails and not to scan QR codes or click on links from untrusted sources.
Cumbria Police have admitted that the names and salaries of all its staff was published on their website. The breach involved the pay and allowances of every police officer and staff member up until March 31st, 2022, but did not include dates of birth and addresses. The breach was brought to the attention of Cumbria Police on 6th March 2023, and was a result of “human error”; The sensitive information was removed from the website on the day it was discovered. This incident was labelled as “low” impact by Cumbria Police, however it is unclear how long the information was accessible for before being removed.
And that’s it for this week’s round-up, please do check in next week for our new batch of security news and posts.
Stay Safe, Secure and Healthy!
Edition #247 – 18th August 2023
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Ironshare is a provider of Information and Cyber Security services.