AttackWise cyber security weekly bulletin2019-02-09T16:42:54+00:00

Week ending 9th February 2019

In the news

  • Australian Federal MPs’ computer network hacked in possible foreign government attack. Agencies are now focussing on determining if the hackers have a foothold within the network.
  • Apple has patched the Facetime bug that allowed anonymous eavesdropping while also announcing it would reward the High School student who discovered the bug.
  • Jeff Bezos, the worlds richest man and founder/CEO of Amazon, has accused the National Inquirer of an extortion attempt using embarrassing pictures. There is speculation that the photos could have been acquired by using publicly available information email addresses and stolen passwords – this is a very common technique used by Penetration Testers to gain access to accounts, especially if not secured with Multi Factor Authentication.
  • QuadrigaCX, the largest bitcoin exchange in Canada, has lost access to its cryptocurrency reserves after the only person with access to the company’s offline wallet died losing a reported $145m.
  • A hacker has been sentenced to 10 years for using SIM swapping attacks to get around SMS based multi factor authentication and steal cryptocurrencies from his targets. This is one example why SMS is not considered secure for multi factor authentication.

Vulnerability alerts

  • Microsoft has published an advisory on the vulnerability reported last week on Exchange 2013 and newer being vulnerable to NTLM relay attack.
  • Check Point research has identified a reverse RDP vulnerability. The computer being connected to with RDP (the RDP server) can infect the source computer initiating the RDP session (the RDP client). FreeRDP patched the vulnerability, Microsoft acknowledged the finding but did not deem it sufficient to patch.

Other stuff

  • Microsoft has shared some AI security lessons-learned. This lesson was really interesting “Machine Learning models are largely unable to discern between malicious input and benign anomalous data. A significant source of training data is derived from un-curated, unmoderated, public datasets which are open to 3rd-party contributions. Attackers don’t need to compromise datasets when they are free to contribute to them”.
  • At interesting article on how Advanced Persistent Threat actions are named and how attribution is assigned.

UK industry events

Previous recent editions

Go to Top