Welcome to this week's Black Arrow Cyber Tip Tuesday, this week James is talking about security of home routers. A recent study in Germany of 127 home routers from 7 different brands including D-Link, Linksys, TP-Link and Zyxel found that almost 60 percent of models hadn't had a security update in over a year and most were affected by hundreds of known vulnerabilities. On top of that, they found that vendors were shipping updates with no fixes for critical vulnerabilities that have been known about for many years, some are even observed as being actively exploited.  Most routers are based on a Linux operating system which is patched and maintained regularly but the home router manufacturers are choosing to use old and known vulnerable versions of the operating system without sending updates to customers devices.

The lesser of the evils seemed to be Asus and Netgear who both applied more security fixes more frequently but another recent study found that 79 of Netgear's routers have a critical security vulnerability that would allow a remote attacker to take complete control of the device and the network behind which has been present since 2007. With the increasing popularity of home working it is essential that both individuals and firms take in to account this increase in attack surface and apply appropriate controls and mitigations to prevent their data and their clients data from being captured by malicious third parties.

When approached correctly, home working can provide significant benefits to productivity without compromising security. Speak to us today to find out how you can achieve this.

This week's Cyber Tip Tuesday looks at whether children present a cyber risk to others in the household

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Former Uber security executive charged with data breach cover-up

Uber’s former chief security officer has been charged with obstruction of justice over accusations that he attempted to cover up a 2016 hack of the company, which exposed the personal details of 57m users and drivers.

Prosecutors said Joseph Sullivan, 52, hid the breach from the relevant authorities, and instead paid a ransom to the hackers and had them sign non-disclosure agreements stating, falsely, that they had not stolen personal information.

“The agreements contained a false representation that the hackers did not take or store any data,” prosecutors said in a press release. “When an Uber employee asked Sullivan about this false promise, Sullivan insisted that the language stay in the non-disclosure agreements.”

Mr Sullivan, who worked at Facebook prior to Uber, is said to have authorised the payment to the hackers of $100,000 in bitcoin, disguising the fee as coming via the company’s legitimate “bug bounty” programme — normally used to pay well-intentioned cyber security experts for discovering flaws and vulnerabilities.

It was not until November 2017, almost a year after Mr Sullivan allegedly knew the attack took place, that Uber revealed its knowledge of the breach and Mr Sullivan was dismissed.

Why this matters?

Not only was a criminal act conducted against Uber but a further criminal act was then conducted within the firm to cover it up. This shows what is at stake, that people will go to lengths to cover things up and that strong governance is needed and appropriate controls, and rewards, need to be in place across the organisation to encourage good behaviours.

Read more: https://www.ft.com/content/aff1fe76-418e-4f93-ba27-5a3c888c4252

Half of anti-malware products fail to recognize notable threats

Many of the most popular, well-established cyber security solutions do not protect their users from all notable threats, according to new analysis from SE Labs.

The security firm tested 14 of the world’s most popular cyber security solutions and, while products from Microsoft and Kaspersky Lab scored 100 percent, more than half failed to identify all threats.

"While the numbers of 'misses' are not out of this world, it's disappointing to see big brand products miss well-known threats," said Simon Edwards, CEO at SE Labs.

"Although we do 'create' threats by using publicly available free hacking tools, we don't write unique malware so there is no technical reason why any vendor being tested should do poorly."

According to SE Labs, the firm used common threats that affect the general public to conduct the tests, as well as more targeted forms of attack.

"In some cases the bad guys actually help us out, by sending our own organization the same types of malware that they use to target other potential victims. The Emotet malware campaign that ran in July of this year was a notable example," Edwards added.

With the Covid-19 pandemic forcing employees to remain at home, it has never been more important to protect devices and data from cyberthreats. Businesses and consumers alike are advised to keep their operating systems, applications and cybersecurity solutions up to date.

Why this matters:

Many firms put too much faith in technical controls, yet reports like this prove the point that technical controls are not as good as many people believe.Technical controls, even the best technical controls, only go so far when information security is a whole of business risk and people controls are needed in addition to technical controls to keep a firm safe.

Read more: https://www.itproportal.com/news/half-of-anti-malware-products-fail-to-recognize-notable-threats/

Hundreds of millions of Instagram, TikTok, YouTube accounts compromised by data breach

Security researchers have discovered an exposed database online which contains scraped data from the social media profiles of nearly 235m Instagram, TikTok and YouTube users.

For those unfamiliar with the practice, web scraping is an automated technique used to gather data from websites that is often employed by analytics firms who use it to create large databases of user information. Although the practice is legal, it is strictly prohibited by social media companies as it puts the privacy of their users and their data at risk.

Researchers discovered three identical copies of the exposed database online at the beginning of August. After examining the database they learned that it belonged to a company called Deep Social which has shut down its operations.

Why this matters

Big beaches like these, where data has been taken from different sources, breaches and public databases, can give attackers an incredible amount of data on you, probably enough to then start attacking your home or your employer. Even as far as identity theft type attacks.

Read more: https://www.techradar.com/news/hundreds-of-millions-of-instagram-tiktok-youtube-accounts-compromised-by-data-breach

Working from home causes surge in security breaches, staff 'oblivious' to best practices

The COVID-19 pandemic shows little sign of slowing down, and for many businesses, employees are still working remotely and from home offices.

While some companies are gearing towards reopening their standard office spaces in the coming months -- and have all the challenges associated with how to do so safely to face -- they may also be facing repercussions of the rapid shift to remote working models in the cyber security space.

In the clamor to ensure employees could do their jobs from home, the enterprise needed to make sure members of staff had the right equipment as well as network and resource access.

However, according to Malwarebytes, the rushed response to COVID-19 in the business arena has created massive gaps in cyber security -- and security incidents have increased as a result.

On Thursday, the cyber security firm released a report (.PDF), "Enduring from Home: COVID-19's Impact on Business Security," examining the impact of the novel coronavirus in the security world.

Company telemetry and a survey conducted with 200 IT and cyber security professionals suggest that since the start of the pandemic, remote workers have caused a security breach in 20% of organisations.

As a result, 24% of survey respondents added that their organizations had to pay unexpected costs to address cyber security breaches or malware infections after shelter-in-place orders were imposed.

Why this matters:

Months into this pandemic and staff working from home many staff are still oblivious to what they should and should not be doing and some firms are not doing a good enough job of getting their staff to appreciate the role they playing in helping to keep their firm’s safe.

Read more: https://www.zdnet.com/article/working-from-home-trend-causes-surge-in-cybersecurity-costs-security-breaches/

Two-fifths of firms have sacked staff for cybersecurity breaches during Covid, poll shows

Almost two-fifths of business decision-makers (39 per cent) have dismissed employees because of a cyber security policy breach since the pandemic began, a survey has found.

The research polled 200 UK business decision-makers and found more than half (58 per cent) of firms believed that working from home made employees more likely to circumvent security protocols – including through the use of personal laptops and failing to change passwords.

To combat poor employee security practices, more than half (55 per cent) of those surveyed had banned, or planned to ban, staff from using personal devices to work from home.

Meanwhile, 57 per cent were implementing more measures to securely authenticate employees, including biometric data checks such as fingerprint and facial recognition technology, and multi-factor authentication steps to access certain files, applications and accounts.

The poll found that almost two-thirds (65 per cent) had made substantial changes to their cybersecurity policies in response to breaches and to Covid-19.

Why this matters:

It is imperative employers revisited their data security protocols in light of widespread home working. Employers need to communicate that the same principles of data protection apply at home as in the office, including that a breach could lead to severe disciplinary action. The importance of securing data and directing employees accordingly cannot be underestimated as the employer could find themselves responsible for significant data breaches if they have not taken appropriate steps to protect it.

Separately, a report by recruitment firm Robert Walters has found that up to 65,000 cyber attacks take place on UK SMEs every day, with 4,500 successful. The report, Cyber security: Building Business Resilience, found that almost half (48 per cent) of UK companies admitted to not having adequate cyber security provision to maintain a fully remote working model.

Read more: https://www.peoplemanagement.co.uk/news/articles/two-fifths-firms-sacked-staff-cybersecurity-breaches-during-covid-poll-finds

We are at the mercy of Google's cloud services – and it could cost us dearly

If the internet is our information superhighway, this week's mass outage of Google services represents the sudden and total closure of the M25.

Users up and down the country who rely on the system for their livelihoods found themselves confronted with the simple Gmail message: “Oops, something went wrong”. It was the digital equivalent of the Road Closed sign.

Such is the public and private sector’s dependence on software services provided by Google and its rivals Amazon, Microsoft and Alibaba that the five-hour outage will likely be felt at GDP level.

Never mind the frustration felt by hundreds of thousands of homeworkers, think of all the lost opportunities from meetings unattended, the lost confidence from work unsent and the lost productivity from reduced output.

It all adds up: a temporary internet shutdown costs an advanced economy like Britain’s £107m per day according to a report from Deloitte and Facebook into the economic impact of disruptions to connectivity.

That’s equivalent to 1.9 per cent of daily GDP. A big hit, especially in a recession when companies small and large are fighting for their lives and public services are stretched to the limit.

Why this matters

Firms are increasing reliant on a small number of providers and a loss of any one of those providers could have serious ramifications for any business operating online. It is always best to diversify your critical systems across different providers such that a loss of one does not have such wide reaching impact.

Read more: https://www.telegraph.co.uk/technology/2020/08/20/mass-outages-google-will-cost-country-dearly-must-do-better/

Four million Britons with Huawei phones risk their devices becoming obsolete

Up to four million British consumers could be stuck with increasingly useless and vulnerable Huawei mobiles after the Chinese firm was blocked from receiving future software updates due to US sanctions.

The crisis-hit company's phones are in danger of rapidly becoming obsolete following the expiry of a temporary licence allowing it to use apps and Android updates from Google - raising fears they could become increasingly slow and laden with bugs.

Huawei is at risk of being unable to renew the licence after being blacklisted by the Trump administration in May last year, with US companies barred from selling technology to it without explicit government approval.

As a result, Huawei phones using Google Mobile Services could stop getting new features and security updates from the US company.

The US claims that Huawei equipment can be used by the Chinese government for espionage – something which Huawei has repeatedly denied. Older Huawei phones, developed before May 2019, are still expected to have the support of critical security features.

Why this matters:

Security updates need to rolled out to keen devices and software secure once vulnerabilities have been found and fixed by vendors. If Huawei phones are no longer able to receive these security updates any vulnerabilities in the underlying operating system will be able to continue being exploited by cyber criminals or ironically nation state actors.

Read more: https://www.telegraph.co.uk/technology/2020/08/19/four-million-britons-huawei-phones-risk-devices-becoming-obsolete/

HMRC Investigating Over 10,000 COVID-Related Phishing Scams

More than 10,000 email, SMS, social media and phone scams exploiting the COVID-19 pandemic are being investigated by Her Majesty’s Revenue and Customs (HMRC) in the UK.

The official figures, published following a Freedom of Information (FOI) request highlight how the health and economic crisis has provided major scamming opportunities for cyber criminals.

The data showed that May was the month in which the highest number of phishing scams were reported by members of the public to HMRC, at 5152, representing a 337% rise compared to March when lockdown measures were first introduced in the UK. This was followed by 2558 reports in June, and 2105 in April. The total since March comes to 10,428.

Government programs introduced to support businesses and workers impacted by the lockdown have been a common target for scammers. Examples include an email purporting to be from HMRC regarding the government’s Coronavirus Job Retention Scheme, which attempted to get business owners to reveal their bank account information, while another offered a bogus tax rebate under the guise of the Self-Employment Income Support Scheme.

The FOI also showed that 106 COVID-related websites have been requested for removal since March, with April the highest month at 42, followed by 24 in May and 17 in March. In May, it was revealed that HMRC formally asked internet service providers (ISPs) to remove 292 scam web addresses exploiting the coronavirus outbreak.

Why this matters:

Cyber criminals will always take advantage of current events, crises and tragedies to exploit unsuspecting victims. This has never been so evident as with the current Coronavirus pandemic, especially with the shift to more staff working from home.

Read more: https://www.infosecurity-magazine.com/news/hmrc-investigating-covid-related/

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Welcome to this week's Black Arrow Cyber Tip Tuesday, this week James is talking about risks posed by home routers.

A recent study in Germany of 127 home routers from 7 different brands including D-Link, Linksys, TP-Link and Zyxel found that almost 60 percent of models hadn't had a security update in over a year and most were affected by hundreds of known vulnerabilities. On top of that, they found that vendors were shipping updates with no fixes for critical vulnerabilities that have been known about for many years, some are even observed as being actively exploited.

Most routers are based on a Linux operating system which is patched and maintained regularly but the home router manufacturers are choosing to use old and known vulnerable versions of the operating system without sending updates to customers devices.

The lesser of the evils seemed to be Asus and Netgear who both applied more security fixes more frequently but another recent study found that 79 of Netgear's routers have a critical security vulnerability that would allow a remote attacker to take complete control of the device and the network behind which has been present since 2007.

With the increasing popularity of home working it is essential that both individuals and firms take in to account this increase in attack surface and apply appropriate controls and mitigations to prevent their data and their clients data from being captured by malicious third parties.

When approached correctly, home working can provide significant benefits to productivity without compromising security. Speak to us today to find out how you can achieve this.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

60ish second video roundup

Cyber-Criminals Impersonating Google to Target Remote Workers

Remote workers have been targeted by up to 65,000 Google-branded cyber-attacks during the first four months of 2020, according to a new report. The study found that Google file sharing and storage websites were used in 65% of nearly 100,000 form-based attacks the security firm detected in this period.

According to the analysis, a number of Google-branded sites, such as storage.googleapis.com, docs.google.com, storage.cloud.google.com and drive.google.com, were used to try and trick victims into sharing login credentials. Google-branded attacks were far in excess of those impersonating Microsoft, with the sites onedrive.live.com, sway.office.com and forms.office.com making up 13% of attacks.

Other form-based sites used by attackers included sendgrid.net (10%), mailchimp.com (4%) and formcrafts.com (2%).

Read the full article here: https://www.infosecurity-magazine.com/news/cyber-criminals-impersonating/

Ransomware Demands Soared 950% in 2019

Ransomware operators had another standout year in 2019, with attacks and ransom demands soaring according to new data.

A new report claimed that, after a relatively quiet 2018, ransomware was back with a vengeance last year, as attack volumes climbed by 40%.

As large enterprises became an increasing focus for attacks, ransom demands also soared: from $8,000 in 2018 to $84,000 last year. That’s a 950% increase.

The “greediest ransomware families with highest pay-off” were apparently Ryuk, DoppelPaymer and REvil, the latter on occasion demanding $800,000.

Read more: https://www.infosecurity-magazine.com/news/ransomware-demands-soared-950-in/

Use of cloud collaboration tools surges and so do attacks

The COVID-19 pandemic has pushed companies to adapt to new government-mandated restrictions on workforce movement around the world. The immediate response has been rapid adoption and integration of cloud services, particularly cloud-based collaboration tools such Microsoft Office 365, Slack and videoconferencing platforms. A new report shows that hackers are responding to this with increased focus on abusing cloud account credentials.

Analysis of cloud usage data that was collected between January and April from over 30 million enterprise indicated a 50% growth in the adoption of cloud services across all industries. Some industries, however, saw a much bigger spike--for example manufacturing with 144% and education with 114%.

The use rate of certain collaboration and videoconferencing tools has been particularly high. Cisco Webex usage has increased by 600%, Zoom by 350%, Microsoft Teams by 300% and Slack by 200%. Again, manufacturing and education ranked at the top.

More here: https://www.csoonline.com/article/3545775/use-of-cloud-collaboration-tools-surges-and-so-do-the-attacks-report-shows.html

Huge rise in hacking attacks on home workers during lockdown

Hackers have launched a wave of cyber-attacks trying to exploit British people working from home, as the coronavirus lockdown forces people to use often unfamiliar computer systems.

The proportion of attacks targeting home workers increased from 12% of malicious email traffic before the UK’s lockdown began in March to more than 60% six weeks later, according to new data.

Attacks specifically aimed at exploiting the chaos wrought by Sars-CoV-2 have been evident since January, when the outbreak started to garner international news headlines.

The attacks have increased in sophistication, specifically targeting coronavirus-related anxieties rather than the more usual attempts at financial fraud or extortion.

In early May “a large malicious email campaign” was detected against UK businesses that told employees they could choose to be furloughed if they signed up to a specific website.

Read more here: https://www.theguardian.com/technology/2020/may/24/hacking-attacks-on-home-workers-see-huge-rise-during-lockdown?CMP=share_btn_tw

EasyJet faces £18 billion class-action lawsuit over data breach

UK budget airline easyJet is facing an £18 billion class-action lawsuit filed on behalf of customers impacted by a recently-disclosed data breach.

Made public on May 19, easyJet said that information belonging to nine million customers may have been exposed in a cyber attack, including over 2,200 credit card records.

The "highly sophisticated" attacker to blame for the security incident managed to access this financial information, as well as email addresses and travel details. EasyJet is still contacting impacted travelers.

The carrier did not explain how or exactly when the data breach took place, beyond that "unauthorized access" has been "closed off."

The National Cyber Security Centre (NCSC) and the UK's Information Commissioner's Office (ICO) have been notified, of which the latter has the power to impose heavy fines under GDPR if an investigation finds the carrier has been lax in data protection and security.

Last year, British Airways faced a "notice of intent" filed by the ICO to fine the airline £183.4 million for failing to protect the data of 500,000 customers in a data breach during 2018.

Read the full article here: https://www.zdnet.com/article/easyjet-faces-18-billion-class-action-lawsuit-over-data-breach/

Data Breach at Bank of America

Bank of America Corporation has disclosed a data breach affecting clients who have applied for the Paycheck Protection Program (PPP).

Client information was exposed on April 22 when the bank uploaded PPP applicants' details onto the US Small Business Administration's test platform. The platform was designed to give lenders the opportunity to test the PPP submissions before the second round of applications kicked off.

The breach was revealed in a filing made by Bank of America with the California Attorney General's Office. As a result of the incident, other SBA-authorized lenders and their vendors were able to view clients' information.

Data exposed in the breach consisted of details relating not only to individual businesses, but also to their owners. Compromised data may have included the business address and tax identification number along with the owner's name, address, Social Security number, phone number, email address, and citizenship status.

More Here: https://www.infosecurity-magazine.com/news/data-breach-at-bank-of-america/

Apple sends out 11 security alerts – get your fixes now!

Apple has just blasted out 11 email advisories detailing its most recent raft of security fixes.

There were 63 distinct CVE-tagged vulnerabilities in the 11 advisory emails.

11 of these vulnerabilities affected software right across Apple’s mobile, Mac and Windows products.

Read more: https://nakedsecurity.sophos.com/2020/05/27/apple-sends-out-11-security-alerts-get-your-fixes-now/

NSA warns of new Sandworm attacks on email servers

The US National Security Agency (NSA) has published a security alert warning of a new wave of cyber attacks against email servers conducted by one of Russia's most advanced cyber-espionage units.

The NSA says that members of Unit 74455 of the GRU Main Center for Special Technologies (GTsST), a division of the Russian military intelligence service, have been attacking email servers running the Exim mail transfer agent (MTA).

Also known as "Sandworm," this group has been hacking Exim servers since August 2019 by exploiting a critical vulnerability.

Read more: https://www.zdnet.com/article/nsa-warns-of-new-sandworm-attacks-on-email-servers/

DoubleGun Group Builds Massive Botnet Using Cloud Services

An operation from the China-based cybercrime gang known as DoubleGun Group has been disrupted, which had amassed hundreds of thousands of bots that were controlled via public cloud services, including Alibaba and Baidu Tieba.

Researchers in a recent post said that they noticed DNS activity in its telemetry that traced back to a suspicious domain controlling mass amounts of infected Windows devices. Analysis of the command-and-control (C2) infrastructure of the operation and the malware used to build the botnet showed that the effort could be attributed to a known threat group – DoubleGun, a.k.a. ShuangQiang.

Read more: https://threatpost.com/doublegun-massive-botnet-cloud-services/156075/

Malicious actor holds at least 31 stolen SQL databases for ransom

A malicious cyber actor or hacking collective has reportedly been sweeping the internet for online stores’ unsecured SQL databases, copying their contents, and threatening to publish the information if the rightful owners don’t pay up.

The perpetrator has stolen the copied versions of at least 31 SQL databases, which have been put up for sale on an unnamed website. These databases constitute roughly 1.620 million rows of information, including e-commerce customers’ names, usernames, email addresses, MD5-hashed passwords, birth dates, addresses, genders, account statuses, histories and more

Read more: https://www.scmagazine.com/home/security-news/data-breach/malicious-actor-holds-at-least-31-stolen-sql-databases-for-ransom/

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

With more of us working from home in the Coronavirus crisis, employees need to maintain good cyber hygiene. People behave differently at home, often less alert to information security risks.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Working from Home: COVID-19’s Constellation of Security Challenges

Organisations are sending employees and students home to work and learn — but implementing the plan opens the door to more attacks, IT headaches and brand-new security challenges.

As the threat of coronavirus continues to spread, businesses are sending employees home to work remotely, and students are moving to online classes. But with the social distancing comes a new threat – a cyber-related one.

As organisations rush to shift their businesses and classes online, cybercriminals are ramping up their tactics to take advantage of those who may have inadequate or naive security postures as a result. Given the challenges in securing work- and learn-from-home environments, the attack surface represents an attractive opportunity for threat actors

Read more here: https://threatpost.com/working-from-home-covid-19s-constellation-of-security-challenges/153720/

Thousands of COVID-19 scam and malware sites are being created on a daily basis

Malware authors and fraudsters aren't letting a tragedy go to waste.

In the midst of a global coronavirus (COVID-19) pandemic, hackers are not letting a disaster go to waste and have now automated their coronavirus-related scams to industrial levels.

According to multiple reports, cybercriminals are now creating and putting out thousands of coronavirus-related websites on a daily basis.

Most of these sites are being used to host phishing attacks, distribute malware-laced files, or for financial fraud, for tricking users into paying for fake COVID-19 cures, supplements, or vaccines.

More here: https://www.zdnet.com/article/thousands-of-covid-19-scam-and-malware-sites-are-being-created-on-a-daily-basis/

EU warns of broadband strain as millions work from home

The EU has called on streaming services such as Netflix and YouTube to limit their services in order to prevent the continent’s broadband networks from crashing as tens of millions of people start working from home. 

Until now, telecoms companies have been bullish that internet infrastructure can withstand the drastic change in online behaviour brought about by the coronavirus outbreak. 

But on Wednesday evening, Thierry Breton, one of the European commissioners in charge of digital policy, said streaming platforms and telecoms companies had a “joint responsibility to take steps to ensure the smooth functioning of the internet” during the crisis.

Read more on the FT here: https://www.ft.com/content/b4ab03db-de1f-4f98-bcc2-b09007427e1b

COVID-19: With everyone working from home, VPN security has now become paramount

With most employees working from home amid today's COVID-19 (coronavirus) outbreak, enterprise VPN servers have now become paramount to a company's backbone, and their security and availability must be the focus going forward for IT teams.

It is critical that the VPN service is patched and up to date because there will be more scanning against these services.

It is also critical that multi factor authentication (MFA or 2FA) is used to protect connections over VPN.

More: https://www.zdnet.com/article/covid-19-with-everyone-working-from-home-vpn-security-has-now-become-paramount/

What do you not want right now? A bunch of Cisco SD-WAN, Webex vulnerabilities? Here are a bunch of them

Cisco has issued a series of security updates for its SD-WAN and Webex software, just when they're most needed.

SD-WAN is host to five vulnerabilities ranging from privilege escalation to remote code injection.

Meanwhile, the Webex video-conferencing software also needs some sorting out right when everyone's working from home amid the coronavirus pandemic.

The patch bundle includes a fix for Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows. A hacker can send a suitably crafted file in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF), and if the recipient clicks on it on a vulnerable computer, they get pwned. iOS users also need to patch an information-disclosure bug.

The other fixes mention SQL injection and cross-site scripting flaws.

More on The Register here: https://www.theregister.co.uk/2020/03/19/cisco_sdwan_bugs/

Windows 10 or Mac user? Patch Adobe Reader and Acrobat now to fix 9 critical security flaws

Adobe has released an important security update for its popular PDF products, Adobe Acrobat and Reader after missing its usual release aligned with Microsoft Patch Tuesday.

The company has released an update for the PDF software for Windows and macOS machines. The update addresses nine critical flaws and four vulnerabilities rated as important.

The critical flaws include an out-of-bounds write, a stack-based overflow flaw, a use-after-free, buffer overflow, and memory corruption bug.

All the critical flaws allow for arbitrary code execution, meaning attackers could use them to rig a PDF to install malware on a computer running a vulnerable version of the software.

More here: https://www.zdnet.com/article/windows-10-or-mac-user-patch-adobe-reader-and-acrobat-now-to-fix-9-critical-security-flaws/

WordPress and Apache Struts account for 55% of all weaponized vulnerabilities

Comprehensive study looks at the most attacked web technologies of the last decade.

A study that analysed all the vulnerability disclosures between 2010 and 2019 found that around 55% of all the security bugs that have been weaponized and exploited in the wild were for two major application frameworks, namely WordPress and Apache Struts.

The Drupal content management system ranked third, followed by Ruby on Rails and Laravel, according to a report published this week.

In terms of programming languages, vulnerabilities in PHP and Java apps were the most weaponized bugs of the last decade.

Read the full article here: https://www.zdnet.com/article/wordpress-and-apache-struts-account-for-55-of-all-weaponized-vulnerabilities/

Trickbot malware adds new feature to target telecoms, universities and finance companies

Researchers uncover a Trickbot campaign with new abilities that looks like it's being used in an effort to steal intellectual property, financial data - and potentially for espionage.

The new form of the infamous Trickbot malware is using never-before-seen behaviour in attacks targeting telecommunications providers, universities and financial services in a campaign that looks to be going after intellectual property and financial data.

Trickbot has been in operation since 2016 and, while it started life as a banking trojan, the modular nature of the malware means it can be easily re-purposed for other means, which has led to it becoming one of the most advanced and capable forms of malware attack delivery in the world today.

And now it has been updated with yet another new capability, with a module that uses brute force attacks against targets mostly in telecoms, education, and financial services in the US and Hong Kong. These targets are pre-selected based on IP addresses, indicating that the attackers are going after them specifically.

More here: https://www.zdnet.com/article/trickbot-malware-adds-new-feature-to-target-telecoms-universities-and-finance-companies/

Most organizations have yet to fix CVE-2020-0688 Microsoft Exchange flaw

Organisations are delaying in patching Microsoft Exchange Server flaw (CVE-2020-0688) that Microsoft fixed with February 2020 Patch Day updates.

The CVE-2020-0688 flaw resides in the Exchange Control Panel (ECP) component, the root cause of the problem is that Exchange servers fail to properly create unique keys at install time.

A remote, authenticated attacker could exploit the CVE-2020-0688 vulnerability to execute arbitrary code with SYSTEM privileges on a server and take full control.

More here: https://securityaffairs.co/wordpress/99752/hacking/companies-cve-2020-0688-fixed.html

Two Trend Micro zero-days exploited in the wild by hackers

Hackers tried to exploit two zero-days in Trend Micro antivirus products, the company said in a security alert this week.

The Japanese antivirus maker has released patches on Monday to address the two zero-days, along with three other similarly critical issues (although, not exploited in the wild).

According to the alert, the two zero-days impact the company's Apex One and OfficeScan XG enterprise security products.

Trend Micro did not release any details about the attacks.

These two zero-days mark the second and third Trend Micro antivirus bugs exploited in the wild in the last year.

Read more here: https://www.zdnet.com/article/two-trend-micro-zero-days-exploited-in-the-wild-by-hackers/

Most ransomware attacks take place during the night or over the weekend

27% of all ransomware attacks take place during the weekend, 49% after working hours during weekdays

The vast majority of ransomware attacks targeting the enterprise sector occur outside normal working hours, during the night or over the weekend.

According to a report published this week, 76% of all ransomware infections in the enterprise sector occur outside working hours, with 49% taking place during night-time over the weekdays, and 27% taking place over the weekend.

The numbers were compiled from dozens of ransomware incident response investigations from 2017 to 2019.

The reason why attackers are choosing to trigger the ransomware encryption process during the night or weekend is because most companies don't have IT staff working those shifts, and if they do, they are most likely short-handed.

If a ransomware attack does trigger a security alert within the company, then there would be nobody to react right away and shut down a network, or the short-handed staff would have a hard time figuring what's actually happening before the ransomware encryption process ends and the company's network is down & ransomed.

Read more here: https://www.zdnet.com/article/most-ransomware-attacks-take-place-during-the-night-or-the-weekend/

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.