Welcome to Ironshare’s Cyber Round-up, where we look back at the events of that last week to cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
The latest feature update for Windows 11, 23H2, has arrived. This update contains some exciting new features but is also accompanied by some currently unfixed bugs.
Firstly, the biggest talking point for 23H2 is the introduction of Windows Copilot. Copilot is Windows’ new AI assistant that is designed to help you with your daily operations; this AI can rewrite content from documents in a summarised format, execute actions, interact with your applications and more. While this new feature has generated a lot of hype and excitement, it has reportedly missed the mark upon arrival. Despite its promising capabilities, Copilot is often misinterpreting the requests of users, and not producing the desired responses in its current state. There has also been a bug reported by many users in which desktop icons will randomly move and jitter when two or more monitors are being used at once. We expect this to be an incredibly powerful tool once these issues have been ironed out.
Accompanying Copilot in this new feature update is an overhaul to File Explorer, with some new components that will help users to organise and manage their File Explorer windows.
With passkey management, and a shift towards a passwordless experience too, this feature update is one to be excited about. With Microsoft already working on bug fixes for 23H2, we hope to see the features introduced in this update really flourish soon.
Popular skincare brand, Clinique, revealed this week that their Spanish branch had suffered a data breach, exposing the personal information of more than 700K customers. Responsibility for this attack was claimed by an individual on a data leak forum, who claims the stolen data includes the full names, addresses, emails, phone numbers, and more, for around 200,000 users. The attacker also claims to have accessed a dataset of more than 600,000 email addresses, although this number has not yet been verified.
Fortunately, no passwords seem to have been leaked, but the scale of this breach is still a concern.
The attacker was supposedly able to access the data through a flaw in Clinique’s loyalty program, more details on this are not currently known. We will await a statement from Clinique and provide more information on this attack when it becomes available.
Scarred Manticore, an Iranian hacking group with ties to Iran's Ministry of Intelligence and Security (MOIS), has been found running a sophisticated cyber espionage campaign targeting financial, government, military, and telecommunications sectors in the Middle East for at least a year. This discovery was made by Israeli cybersecurity firm Check Point, who stated:
"Scarred Manticore has been pursuing high-value targets for years, utilizing a variety of IIS-based backdoors to attack Windows servers,"
Scarred Manticore has been seen using a previously unknown malware framework called LIONTAIL and a web forwarder tool called LIONHEAD as part of these attacks.
The Russian-linked ransomware group LockBit has reported they have infected Boeing’s Systems on their data leak site. The group stated they have a vast amount of Boeing’s data that will be publicised should the company refuse to comply with its ransom request by November 2nd at 1:23 pm UTC.
“For now, we will not send lists or samples to protect the company BUT we will not keep it like that until the deadline […] All available data will be published!" LockBit posted.
Technical details surrounding how the attack took place and the amount of data exfiltrated have been kept quiet by both parties with Boeing spokesperson stating, “we are assessing this claim” and LockBit posting “For now, we will not send lists or samples to protect the company BUT we will not keep it like that until the deadline.” More information surrounding the attack will likely be released in the future.
Cisco has addressed a total of 27 vulnerabilities in their latest patched for their Adaptive Security Appliance (ASA), Firepower Management Center (FMC), and Firepower Threat Defence (FTD) products.
Cisco’s semi-annual bundled publication reported on 22 of these vulnerabilities with 8 critical vulnerabilities: 5 related to denial-of-service and 3 related to command injection. The most severe vulnerability to be patched, tracked as CVE-2023-20048, could allow command injection in FMC due to “insufficient authorization of configuration commands that are sent through the web service interface” stated Cisco.
Global IT company, Accenture, has acquired Innotec Security, a Spain-based cybersecurity company with a focus on cybersecurity-as-a-service. This venture will add “500 cybersecurity professionals to Accenture Security’s workforce of 20,000 professionals globally.”. With an influx of demand for security services in Europe, Accenture believes the acquisition of Innotec will drastically improve their capabilities to provide managed security services within the region.
And that’s it for this week’s round-up, please do check in next week for our new batch of security news and posts.
Stay Safe, Secure and Healthy!
Edition #257 – 3rd November 2023
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Ironshare is a provider of Information and Cyber Security services.