June 2019 was another very busy month for security update releases. Microsoft released updates to patch 22 critical rated vulnerabilities, Intel released 11 fixes, and there were also several critical security updates for Apple Airport, Adobe Flash Player, Cisco devices, Cisco Data Centre Network Manager, Dell SupportAssist, Google Chrome, Firefox and Apache. One further standout vulnerability was the "SACK Panic" TCP Linux and FreeBSD kernel vulnerability, uncovered by Netflix researchers, however, Microsoft released a security advisory in regards to TCP SACK Panic by the end of the month.
The National Security Agency (NSA) backed up UK National Cyber Security Centre (NCSC) and Microsoft’s continuing strong recommendations for everyone to apply the latest security updates to all versions of Microsoft Windows, including the unsupported XP, Vista and Windows 2003 Server, to protect against the supercritical CVE-2019-0708 “BlueKeep” vulnerability.
More Major Ransomware Attacks coming to the UK?
We all know the United States government famously takes a stand of no negotiation with terrorists and kidnappers, with the specific policy of never paying ransom demands. There is a good reason for this policy, as paying ransoms just serves to encourage further kidnapping and ransom demands. So it was interesting to learn this month, that US local government does not adhere to the same policy when dealing with ransomware demands. Rivera Beach (Florida) paid a whopping $600,000 ransom to hackers after its computers systems were taken over by ransomware after an employee clicked on a link within a phishing email. Phishing emails are the typical starting ingress of most mass ransomware outbreaks which cripple organisations. The Lake City (Florida) government officials said they had also paid a $460,000 ransom to cybercrooks following a ransomware attack on their municipality on 10th June. Meanwhile, Baltimore officials approved $10 million to cover ongoing expenses related to its ransomware attack.
Paying ransomware demands will fuel further ransomware attacks, so I expect ransomware attacks to further escalate. So the big question is, can we expect UK further local government authorities and large organisations to be hard hit by mass ransomware outbreaks? The answer to that will come down to how well their patch management is, and whether lessons have been truly learnt from the destructive 2017 WannaCry ransomware outbreaks, which took down a number of NHS services. Given the recent BlueKeep Microsoft Windows critical vulnerability is expected to spark new strains of ransomware in the coming months, ransomware very much like WannaCry with the devasting capability of rapidly infecting and propagating via unpatched Microsoft Windows systems connected to flat networks, we shall soon find out.
Data Breaches
No major UK data breaches were reported in June 2019, but on the other side of the pond, a misconfigured AWS S3 bucket managed by a data integration company led to confidential data from Netflix, TD Bank, Ford and other companies being exposed. And a misconfigured MongoDB database resulted in 5 million personal records left open to the public via a website. Data breaches caused by misconfigured cloud services operated by third parties is becoming a bit of regular theme.
APT10 Cloud Hopper Campaign further Exposed
An interesting article by Reuters revealed eight of the world’s biggest technology service providers were successfully hacked by APT10 aka 'StonePanda'. APT10, linked to China hackers, operated a sustained campaign over a number of years dubbed “Cloud Hopper”, which Reuters revealed affected Hewlett Packard Enterprise (HPE), IBM, Fujitsu, Tata Consultancy Services, NTT Data, Dimension Data, Computer Sciences Corporation, and DXC Technology. The ATP10 attackers searched for access points into networks an IT systems, when found, extracted confidential information and potential trade secrets. These reported hacks may well be the tip of the iceberg. The Register stated, having gained access to the major service providers, the APT10 group may have gained access to many of their customers. Those customers run into the millions, “dramatically increasing the pool of valuable industrial and aerospace data stolen.”
- How can UK Financial Services Organisations Combat the Cyber Threat?
- How organisations can effectively manage, detect and respond to a data breach?
- Blocking DDoS Attacks Using Automation
- UK Security BSides, Mark Your Calendar & Don't Miss Out
- Cyber Security Roundup for May 2019
- UK Police suspend use of Hacked Police Forensics Eurofins
- Riviera Beach, Florida pays $600,000 Ransomware Payment
- Second Florida City hit by Ransomware
- Baltimore approve $10 for Ransomware relief and expects $18 million in damages
- Six Arrested in European heist that netted £21M in Cryptocurrency
- Raspberry Pi used to Steal Data Nasa's Jet Propulsion Laboratory
- Deliveroo and Just Eat Customers Complain of Fraud
- Data Management Firm Exposed Client Info on Open Amazon S3 buckets
- 5M records exposed by misconfigured MedicareSupplement.com MongoDB
- Silex bricks 2,000 plus IoT devices, the 14-year-old author has bigger plans for botnet
VULNERABILITIES AND SECURITY UPDATES
- Microsoft Patches 91 Vulnerabilities, including 22 Critical for Windows, IE, Chakra and Flash Player
- NSA Urges Admins to Patch the BlueKeep Vulnerability on Legacy Versions of Windows
- Adobe Releases Critical Fix for Flash Player
- Intel Release 11 Security Updates
- Cisco announces 26 new vulnerabilities, three Critical
- Cisco Updates include fixes for ‘high’ rated RCE, DoS flaws
- Excel Vulnerable by default as a new flaw, Microsoft’s familiar refrain ‘Disable macros to avoid malware’
- Google Chrome 75 rolls out with 42 Security Fixes
- Firefox Updates address takeover Vulnerability
- Dell SupportAssist bug leaves millions of PCs Vulnerable
- Apache Advisory Addresses incomplete Tomcat Update
- Cisco release Security Updates for Data Center Network Manager
- Apple releases eight updates for AirPort BaseStation bugs
- Palo Alto’s Unit 42 discovered 10 ‘Important’ Microsoft bugs
- Netflix Patches Linux SACK Vulnerability
HUAWEI NEWS AND THREAT INTELLIGENCE
- Huawei building UK 5G 'like letting a kleptomaniac into your house', US ambassador says
- Huawei's US head of security hints that the company would be open to working with the US government to ease its concerns over cybersecurity
- Facebook stops apps being pre-installed on Huawei phones
- Huawei products riddled with backdoors, zero days and critical vulnerabilities
- The US 'could ease Huawei sanctions' if China trade deal advances
- Huawei: We don't have to cooperate with the Chinese state
- Huawei cancels laptop launch because of US trade blacklist
- Nokia distances itself from boss's warning over Huawei 5G kit
- Inside the West’s failed fight against China’s ‘Cloud Hopper’ (APT10) Hackers
- Operation Soft Cell campaign targets cellular telecom providers, points to China’s APT10
- Russian Cyber Spies likely Hijacked Iranian APT34 Turla Group’s Infrastructure to deliver Backdoor
- New ‘BlackSquid’ Malware targets Web Servers and Drives
REPORTS
No comments:
Post a Comment