Cyber Weekly Flash Briefing for 21 February 2020 – Adobe out-of-band fix, critical Cisco bugs, Insider Threats, PayPal phishing, Supply Chain Risks

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.


Adobe releases out-of-band patch for critical code execution vulnerabilities

Adobe has released an out-of-schedule fix to resolve two vulnerabilities that may expose user systems to code execution attacks.

On Wednesday, the software vendor released two separate security advisories describing the issues, warning that each bug is deemed critical, the highest severity score available. However, there is at present no evidence the vulnerabilities are being exploited in the wild.

The first vulnerability impacts Adobe Media Encoder versions 14.0 and earlier on the Microsoft Windows platform.  The second vulnerability impacts Adobe After Effects versions 16.1.2 and earlier also on Windows machines.

Read more on ZDnet here: https://www.zdnet.com/article/adobe-releases-out-of-schedule-fixes-for-critical-vulnerabilities/


Critical Cisco Bug Opens Software Licencing Manager to Remote Attack

A default password would let anyone access the Cisco Smart Software Manager On-Prem Base platform, even if it’s not directly connected to the internet.

A critical flaw in the High Availability (HA) service of Cisco Smart Software Manager On-Prem Base has been uncovered, which would open the door to remote attackers thanks to its use of a static, default password, even if the platform isn’t directly connected to the internet.

Cisco Smart Software Manager On-Prem Base is used to manage a customer or partner’s product licenses, providing near real-time visibility and reporting of the Cisco licenses that an organisation purchases and consumes. According to Cisco’s product literature, the platform is aimed at “customers who have strict security requirements and do not want their products to communicate with the central licensing database on Smart Software Manager over a direct Internet connection,” like financial institutions, utilities, service providers and government organisations.

Read the full article on ThreatPost here: https://threatpost.com/critical-cisco-bug-software-licencing-remote-attack/153086/


97% of IT leaders majorly concerned by insider data breaches

A study has found that 97% of IT leaders are concerned that data will be exposed by their own employees, leading to insider breaches

This findings from the survey spelled a lack of reassurance for decision makers regarding insider breaches over the past 12 months.

Also, 78% of IT leaders surveyed said that employees have put data at risk accidentally within the last year, while 75% say that intentional compromise of data security has occurred.

While the former statistic has remained stable since 2019, the latter saw a 14% jump.

In the UK, 63% declared intentional data security compromise, while 68% said this was accidental. This contrasted with leaders in the Benelux region, 89% of whom said that data was put at risk intentionally, and 91% accidentally.

Read more here: https://www.information-age.com/it-leaders-majorly-concerned-insider-data-breaches-123487769/


PayPal remains the most‑spoofed brand in phishing scams

PayPal, Facebook, Microsoft, Netflix, and WhatsApp were the most commonly impersonated brands in phishing campaigns in the fourth quarter of 2019.

The payment services provider retained its top spot from the previous quarter, according to data gleaned from the number of unique phishing URLs detected by the company. Thanks to the immediate financial payback and a pool of 305 million active users worldwide, PayPal’s continued popularity among phishers isn’t all that surprising.

PayPal-themed phishing campaigns usually target both consumers and SMB employees, with researchers pointing to an example of a recent fraudulent email that alerted users to an “unusual activity on your account”. A similar campaign was recently uncovered by researchers.

Social media phishing continues to grow with Facebook taking second place on the list. Meanwhile, WhatsApp jumped a whopping 63 spots to take fifth place and Instagram surged 16 places to take the 13th spot.

More: https://www.welivesecurity.com/2020/02/14/paypal-remains-most-spoofed-brand-phishing-scams/


Windows 10 update: Microsoft admits serious problem, here's how to fix it

It was recently discovered that the newest Windows 10 update was somehow deleting users’ files. The update has been live for over a week now, but fear not (or at least not too much) Windows fans, Microsoft has now said (unofficially) that it’s found a fix.

Thanks to Windows Latest (via TechRadar), we now know how Windows is responding to the problem. The site interviewed unnamed Microsoft support team staff, one of which was quoted  as saying: “Microsoft is aware of this known issue and our engineers are working diligently to find a solution for it.” In addition, it’s been reported that the Windows team have been able to replicate the bug and find one potential way of restoring any lost files.

Read the full article here: https://www.tomsguide.com/news/windows-10-update-microsoft-admits-serious-problem-heres-how-to-fix-it


Mitigating Risk in Supply Chain Attacks

In the last year, the number of global businesses falling victim to supply chain attacks more than doubled from 16 to 34 per cent – in the UK the picture is even worse with a staggering 42 per cent reporting they fell victim to these sorts of attacks.

This kind of attack is a powerful threat as it enables malicious code to slip into an organisation through trusted sources. What is worse is that it’s a tougher threat for traditional security approaches to account for.

Of even more concern though is that this particular attack vector doesn’t appear to be a top priority for businesses. The same survey found only 42 per cent of respondents have vetted all new and existing software suppliers in the past 12 months. While this has led to 30 per cent of respondents believing with absolute certainty that their organisation will become more resilient to supply chain attacks over the next 12 months, the increasing scale and frequency of these attacks demands a proportionate response.

The problem is that many businesses fail to understand how quickly adversaries can move laterally through the network via this sort of compromise and how much damage can be done in that short amount of time. There is an educational need for the cyber industry to broadcast the potential consequences of supply chain attacks, and to share best practices around their defence and mitigation.

Adversaries use supply chain attacks as a sneaky weak point through which to creep into the enterprise and attack software further up the supply chain rather than going straight for their final target: An organisation with funds or information they wish to pilfer, or whom they will ‘merely’ disrupt. Once an adversary successfully compromises the chain, their M.O. is to modify the trusted software to perform additional, malicious activities. If not discovered, compromised software can then be delivered throughout an organisation via software updates.

Read the original article here: https://www.cbronline.com/opinion/mitigating-risk-in-supply-chain-attacks


Russia’s GRU was behind cyber attacks on Georgian government and media, says NCSC

British security officials have identified a Russian military intelligence unit as the source of a series of “large-scale, disruptive cyber attacks” on Georgia last autumn.

The former Soviet Union state suffered a spree of attacks on its government websites, national broadcasters and NGOs over several hours on 28 October 2019.

Analysts at the National Cyber Security Centre have concluded “with the highest level of probability” that the attacks, aimed at web hosting providers, were carried out by the GRU in a bid to destabilise the country.

Read more here: https://tech.newstatesman.com/security/russia-gru-cyber-attacks-georgia-ncsc


UK Google users could lose EU GDPR data protections

Google is to move the data and user accounts of its British users from the EU to the US, placing them outside the strong privacy protections offered by European regulators.

The shift, prompted by Britain’s exit from the EU, will leave the sensitive personal information of tens of millions not covered by Europe’s world-leading General Data Protection Regulation (GDPR) and therefore with less protection and within easier reach of British law enforcement.

Google intends to require its British users to acknowledge new terms of service including the new jurisdiction, according to people familiar with the plans.

Read more: https://www.theguardian.com/technology/2020/feb/20/uk-google-users-to-lose-eu-gdpr-data-protections-brexit


ISS World “malware attack” leaves employees offline

Global facilities company ISS World, headquartered in Denmark, has shuttered most of its computer systems worldwide after suffering what it describes as a “security incident impacting parts of the IT environment.”

The company’s website currently shows a holding page, with no clickable links on it.

Some media outlets – for example, the BBC – have mentioned ransomware prominently in their coverage of the issue, perhaps because of the suddenness of the story, but at the moment we simply don’t know what sort of malware was involved.

As you can imagine, facilities companies that provide services such as cleaning and catering rely heavily on IT systems for managing their operations.

Read the full article here: https://nakedsecurity.sophos.com/2020/02/20/iss-world-malware-attack-leaves-employees-offline/


Google is trying to scare Microsoft Edge users into switching to Chrome

Could Google be worried about the new Edge browser stealing away Chrome users? It seems that way, with the company now displaying a warning to people using Microsoft’s new web browser when they access the Chrome web store.

Originally, Microsoft’s Edge web browser was a deeply unpopular piece of software, despite it being the default web browser in Windows 10, which led Microsoft to overhaul the app, and it’s now based on the same Chromium engine as Chrome.

Edge users who visit the Chrome web store are seeing a warning message that says “Google recommends switching to Chrome to use extensions securely.”

Read more here: https://www.techradar.com/uk/news/google-is-trying-to-scare-microsoft-edge-users-into-switching-to-chrome


Your home PC is twice as likely to get infected as your work laptop

Outdated operating systems and poor security put consumer PCs at risk

Consumer PCs are twice as likely to get infected as business PCs, new research has revealed.

According to the findings, the reason consumer PCs are more susceptible to infections is due to the fact that many are running outdated operating systems such as Windows 7 and because consumers aren't employing the same security solutions used by businesses which offer greater protection.

Of the infected consumer devices, more than 35 percent were infected over three times and nearly 10 percent encountered six or more infections.

More: https://www.techradar.com/uk/news/consumer-pcs-are-twice-as-likely-to-get-infected-compared-to-business-pcs


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Previous
Previous

The majority of data breaches over the last couple of years were caused by users sending emails to the wrong recipients - how can you stop this?

Next
Next

Should firms conduct phishing testing against their own staff? What pitfalls should they look out for?