Updated: Apr 3, 2020
This week’s digest is all about breaches and vulnerabilities both patched and unpatched. Here is our roundup of what happened.
1. Microsoft announced the discovery of unpatched flaws in all supported versions of Windows, that are currently being exploited in the wild. Microsoft will most likely release security patches next patch Tuesday to fix these vulnerabilities in Windows 8.1 and 10 while only those with extended support contracts will receive a patch for Windows 7. Attackers exploit these vulnerabilities by delivering emails containing a specially crafted document asking users to open it. As always we advise you to be very careful and always suspicious of emails sent by unknown sources to avoid falling a victim of someone trying to take advantage of this vulnerability.
2. Apple has released dozens of security patches for iOS, macOS, AppleWatch and iTunes to fix bugs that can result in information disclosure, remote code execution and cross-site scripting. Since all of us are stuck inside because of the coronavirus pandemic, it is a great time to get patching.
3. As reported from KrebsonSecurity, the London Fintech company firm Finastra announced it was shutting down key systems in response to a security breach. The attack has since been confirmed to be a ransomware. The company has suffered considerably because of the attack, with customers and employees unable to access their resources. If you are worried about falling a victim of a ransomware attack, please contact us to give you more information regarding SentinelOne and how it can protect your organization from a breach.
4. A five million record database containing data from past security breaches was left exposed by a security firm. A researcher found the database on a publicly accessible Elasticsearch instance managed by the security firm Keepnet Labs. Immediately he notified the company which although it did not reply, took down the data within an hour. The data contained information for the passwords, email addresses of breached users, and even the potential hash type used.
5. As reported from Infosecurity, the Chinese actor APT41 (aka Double Dragon) has been recently observed carrying out one of the most widespread threat campaigns by a Chinese cyber espionage actor in recent years. The campaign included targets all over the world, including in the US, Europe, Middle East, Asia and Australia. The attackers took advantage of known vulnerabilities on Citrix ADC and Gateway devices, Cisco routers and Zoho ManageEngine Desktop Central products. Although the attack was massive in scale, its motives are still a mystery since APT41 has been observed carrying out attacks for both personal financial gain and government-sponsored cyber-espionage.
6. Another breach was announced this week, this time involving one of the biggest companies in the world, General Electric. Past and present employees of the company have been informed that a data breach on a third-party service provider has exposed their personal/sensitive information. The breach took place 3-14 February 2020 when the attackers managed to get access to a Canon employee email account that contained confidential information about a large number of individuals. Events like this one must always remind us how crucial, cyber awareness training is and that security mechanisms like two-factor authentication must always put in place to ensure the safety of your information.