Welcome to the news roundup for 28 June 2019. As the world prepares for another mass worm invasion in the form of BlueKeep, we see more zero days, breaches of privacy and epic fails.
A New Phishing Scam States ‘Encrypted Message Received’ To Trick The Victim:
Phishing scams are among the most diversified and dynamic cyber attacks that depict the creativity of scammers. Since most phishing scams are seemingly easy to detect, the perpetrators utilise ever changing tactics to trick users. Once again, a new phishing scam has surfaced online that lures users by generating an ‘encrypted message received’ alert.
EA Games Login Flaw Exposed Accounts of 300 Million Gamers:
Researchers have discovered a chain of flaws in EA Games’ login process that could allow an attacker to take over the accounts of any or multiple EA games, and there are 300 million of these around the globe. Stolen gaming credentials are valuable and frequently sold on the internet but more importantly, around 1 in 10 gamer ID’s are the same as a users work network password.
Firefox Zero Day:
Several zero day vulnerabilities were found in Mozilla’s Firefox this month, and were publicly disclosed with CVEs this week. Updating to the current version of the browser will keep your machine from being exploited, but chances are minimal unless you worked at a cryptocurrency organization, as those were the main targets.
Amazon filed a patent for drones that offer surveillance as a service. Their patent was granted this month. This should have anyone who is concerned with privacy pretty concerned, even though Amazon claim the technology will only be used for folks that opt-in.
Linux vulnerabilities are rarely exploited but are still important to patch. If you run any of the affected distros or servers, make sure to patch.
WiFi Extenders Vulnerable:
Attacking WiFi Extenders is one of my favorite ways to breaking into networks during penetration tests. They are almost never patched. Quick hit! TP-Link has been proven to be have vulnerable WiFi range extenders, which can be taken over by an attacker. Update the firmware to stay protected.
Patch Those Dells:
Dell are one of the most common hardware providers I come across in Europe on engagements. And with SupportAssist being prepackaged on many Dell PCs and OEM devices owning an enterprise has gotten even easier. SupportAssist has a DLL Hijacking vulnerability which can under certain circumstances allow an attacker, or a pentester, to take control of the system.
Samsung just told people to manually scan for viruses on their smart TVs? Yes, it is true. Samsung uses a built in virus-scanner called McAfee Security for TV.
MongoDB Medical Prescription database left open:
Over 390,000 Vascepa prescriptions and 78,000 patients had data left publicly accessible over the internet. It seems like everyone leaves databases open without any kind of protection, whether they’re MongoDB or Amazon AWS. The leaked data included full names and addresses, phone numbers, email addresses, and prescription information.
Leaks of Military Vet Medical Data
X Social Media is an ad agency out of Florida who does legal advertising on instagram and facebook for medical malpractice lawsuits, lawyers, and class action injury related lawsuits. This was yet another story of an exposed database, this one containing responses from target customers of ads, such as people in medical malpractice cases or even US military veterans with combat injuries.
Cellebrite can unlock any iphone:
According to Cellebrite, any iPhone from iOS7 up to iOS 12.3 can be unlocked with their software. Yikes!
Tor browser issues:
Quick Hit! Tor Browser updated to 8.5.2 to fix a critical security flaw that could allow full system takeovers. This related to the Firefox vulnerability talked about in the show this week.
IoT devices flawed:
I talked about 2 million IoT devices being vulnerable to botnets or other attacks way back in April. Manufa
cturers still haven’t patched their firmware for the devices (including baby monitors, security cameras and more), so the researcher who disclosed the flaw is sounding the alarms.
Bluekeep is dangerous:
Yes, Bluekeep is dangerous. Yes, you should patch because the DHS says so.
Peter has been in the Information Security world since 1999 and in IT in general since 1996. His work history contains a unique blended balance between the development of exceptional technical capabilities and business knowledge. Peter is a proud father of twins and enjoys GT endurance racing on the weekends.
Last week saw SB Tech Breached by the hacking group Maze. It seems that every week the group are announcing more victims. GameOn asked our CEO Peter Bassill, to give us some insight into the attack. The GameOn article is here.
In our “How to securely” series we asked our followers what tools they would like a simple guide on to help them stay secure online. There seemed to be a lot of confusion as to what a VPN is and why you should or should not use one. So we asked Peter to help.
WhatsApp is among the fastest-growing instant messengers out there, and almost a social network in its own way. But if you are using it, there are some steps you should take to protect your security and privacy.
The UK’s highest court ruled that Morrisons can not be liable for a criminal act of a person seeking to harm their business. On April 1st, 2020, a panel of five justices unanimously ruled that Morrisons was not “vicariously liable”.
With the current pandemic situation, we all need to be taking remote working considerations. While adjusting the work paradym, it is vital to keep a mind’s eye on the security and safety of the businesses information assets
In this guide we are looking at how to go about securing zoom. Since the onset of the global pandemic, we have seen surge in “zoom bombing”. This is where people with malicious intent look for in-progress zoom meetings to join and cause trouble.
A critical vulnerabiltiy has been identified in Dell EMC iDRAC7, iDRAC8 and iDRAC9. Some unknown processing is affected by this issue. Manipulation with an unknown input can lead to stack based memory corruption.
On March 27th, Hiscox Insurance Company Inc. filed a complaint against law firm Warden Grier for concealing a data breach that occurred back in 2016.
A critical vulnerability has been identified in Nginx Controller up to 3.1.x (web server,) affecting an unknown code block of the component Controller API.