Cyber Weekly Digest - Week #37
This week in cyber security has seen an increasing number of organisations affected by ransomware attacks, Microsoft's September Patch Tuesday and $5.4 million being stolen from a Slovakian cryptocurrency exchange firm. Keep reading to hear about the biggest cyber security stories from this week.
1. Newcastle University joins the growing list of organisations hit by ransomware.
This week it was announced that Newcastle university became a victim of a ransomware attack on August 30th which has affected most of the university’s systems. In an update, the university stated that the situation would take several weeks to address. The notorious DoppelPaymer group responsible has started to post some of the "stolen" documents to its dedicated “Doppel Leaks” site. The ransom demand is unknown, but the DoppelPaymer group has been ranked as one of the “greediest ransomware families with the highest pay-off.”
2. Microsoft Patch Tuesday is the 7th month in a row to fix over 100 vulnerabilities.
Microsoft released its September Patch Tuesday which saw 129 CVEs fixed. This month marks the 7th month in a row where over 100 flaws have been patched. None of the flaws this month are known to be actively exploited or publicly disclosed; however, 23 are rated as critical. Most of these critical vulnerabilities are issues with Windows OS and browsers, SharePoint accounts for 7 of them.
3. A sophisticated phishing scam has been targeting Lloyds bank customers.
Customers of one of the largest banks in England and Wales, Lloyds, have been receiving phishing messages. Over 100 people reported a realistic-looking message which featured the bank's logo and branding. The scam was conducted through SMS and email, which claims that the customer's account banking has been disabled due to recent activities on their account. The scam encouraged the customer to visit a fraudulent site which requested the customer's details and data.
4. Cryptocurrency exchange firm ETERBASE revealed that $5.4 million was stolen in a cyber-attack.
The Slovakian "premier digital asset exchange" firm, ETERBASE, announced it was hit by a significant cyber-attack in which $5.4 million was stolen from customer's hot wallets. The firm announced on twitter that law enforcement are investigating the attack and that they believe most of the digital currency has ended up at Binance, Huobi and HitBTC. Six hot wallets were affected which manage the digital currencies Bitcoin, Ether, ALGO, Ripple, Tezos and TRON.
5. 83 zero-day flaws were discovered in popular CMS platforms.
Researchers are warning users of content management system (CMS) platforms such as WordPress, Joomla, Drupal and Opencart after they uncovered 89 zero-day vulnerabilities. 100,000 websites are currently running plugins which could be exploited, the majority of which were on WordPress and Joomla.