Category Archives: Magecart

Cyber Security Roundup for October 2019

The UK National Cyber Security Centre (NCSC) released its annual review. The report showcases the NCSC successes with its core mission to make the UK the safest place to live and work online. The NCSC is certainly having a positive impact in helping British businesses of all sizes with their cyber defences, and with their excellent 'CyberFirst' initiative, which encourages and supports youngsters into the cybersecurity professional.


The NCSC reported it had  "handled" 658 attacks on 900 organisations, including schools, airports and emergency services, with many attacks were "from hostile nation-states". The NCSC said cyberattacks from Russia, China, Iran and North Korea pose "strategic national security threats to the UK", and also warned that "large-scale global cybercrime" was a threat to "our social fabric, our way of life and our economic prosperity", despite often being "low in sophistication".

Mailing and IT services company Pitney Bowes client operations were severely disrupted by a ransomware outbreak, which affected their postage machines services, Mail360, MIPro, SendPro Online in the UK, 'Your Account' and even the 'Pitney Bowes Supplies' online store became inaccessible. According to Rejeev Gutpa of Cowbell Cyber, "Costs related to this cyber incident could go up rapidly for Pitney Bowes: third-party forensic experts, breach notification, loss of revenue, lawsuits and much more. Cybersecurity insurance can help immediately, especially if the cyber policy is up to date with the number of records to be covered. This is why continuous underwriting of cyber policies can eliminate any insurability gaps”.

Amazon Web Services (AWS) Domain Name System (DNS) was taken offline by DDoS attack for a number of hours on 22nd October, affecting a number of websites. According to reports, a flood of fake traffic disrupted legitimate attempts to resolve DNS requests to connect to Amazon cloud-hosted storage buckets and systems.

Another set of unsecured AWS servers belonging were discovered, this time belonging to UK recruitment firm Sonic Jobs and to another US-based recruitment firm, exposing more than 250,000 CVs of job candidates. Sonic Jobs specialises in the recruitment for retail and restaurant jobs and is used by hotel chains Marriott and InterContinental.

NordVPN revealed a third-party server located in Finland was accessed in March 2018The hacker had acquired an expired TLS key from the server through an insecure remote access system. The company said it was an isolated incident and no other servers or datacentres were impacted. “The intruder did not find any user activity logs because they do not exist. They did not discover users’ identities, usernames, or passwords because none of our applications sent user-created credentials for authentication” NordVPN said in a statement.

October was a fairly quiet month for Microsoft security patch releases, Microsoft's 'Patch Tuesdaywas their smallest security update release this year, and saw only 60 vulnerabilities addressed, 9 of which was rated as critical. Adobe patched 81 vulnerabilities in four of their products, and there was the usual barrage of Cisco patches and Juniper patches on then network appliance front. And Oracle didn't hold back with their patching, releasing security updates addressing a massive 218 vulnerabilities, and 6 WordPress bugs were addressed with new patch releases.

FireEye reported attackers are improving Business Email Compromise (BEC) techniques.  BEC or impersonation, or more commonly known as phishing attacks, rose during the second quarter of 2019 by 25%, with some types of attacks becoming more common and better executed according to the FireEye report. Attackers are increasingly impersonating executives and attempting to involve a company’s supply chain vendors as part of the attack to make it appear as if the malicious email is a legitimate request. 

BLOG
NEWS
VULNERABILITIES AND SECURITY UPDATES

AWARENESS, EDUCATION AND THREAT INTELLIGENCE