Welcome to the ICTSS Newsletter Issue 4
For this issue we are introducing a new format and style, aiming at providing you with more relevant information on security threats, recommended actions for improvement and free to access content on security-related topics.
We hope you enjoy the content we have curated for you, and look forward to your feedback.
ICT Security Services Team
ICT Security Services
Tell us what you think...
2020 brought many challenges for us all. Due to this change all of our services have been moved online.
Based on our Client Security Forum on the 2nd of March we would like your feedback. Please complete our survey at a time convenient to you.
Recommended action: Apply security patches and workarounds (info included on the hyperlink CVE’s above) released with the advisories.
Multiple vulnerabilities in VMware ESXi and vSphere Client (HTML5) were privately reported to VMware. Relevant security patches and workarounds made publicly available on February 23rd 2021. The affected products include:
VMware vCenter Server (vCenter Server)
VMware Cloud Foundation (Cloud Foundation).
Security patches have been released for some of the most recent zero-day vulnerabilities discovered on Google Chrome. As usual, it is recommended to apply security updates and ensure that Open Source Software such as Google Chrome, are covered by your institution's vulnerability management programme.
For more information on the patches released and security issues, please see Google Chrome's blog post.
Apple Security Updates
On March 8th 2021, Apple released important security patches for iOS, macOS, watchOS and Safari web browser that address arbitrary code execution on their products.
The ransom note claims that the attacker has gained access to the source code of the recently released cyberpunk 2077 and Witcher 3.
They have also gained access to employee's personal data as well as locked them out of company's network restricting access to tools required for their work resulting in a massive loss of productivity for the company.
Qualys hit with Ransomware: Customer Invoices Leaked on Extortionists' Tor Blog
"Infosec outfit Qualys, its cloud-based vuln detection tech, and its SSL server test webpage, have seemingly fallen victim to a ransomware attack.
Files appearing to originate from Qualys were dumped online this afternoon on the Tor blog of the Clop criminal extortionists."
Over 500,000 Credentials For Tens of Gaming Firms Available in the Dark Web
"The gaming industry under attack, Over 500,000 credentials for the top two dozen leading gaming firms, including Ubisoft, leaked on online." For more information please seeSecurityAffairs website.
Data of 21 Million Users From 3 Android VPNs Put for Sale Online
"A user on a popular hacker forum is selling three databases that purportedly contain user credentials and device data stolen from three different Android VPN services – SuperVPN, GeckoVPN, and ChatVPN – with 21 million user records being sold in total." For more information please seeCyberNews website.
Improving Cybersecurity Maturity
Defending Against DDoS Attacks
A threat intelligence report by A10 Networks on "The State of DDoS Weapons" was released in December 2020. This research highlights how the pandemic and remote working have been the perfect combination for the increase of Distributed Denial of Services (DDoS) attacks, as follows:
Most weaponised services: SSDP, SNMP, Portmap, DNS Resolver and TFTP
List of countries / regions hosting DDoS botnet agents
Top five TCP ports scanned: 23, 2323, 80, 8080, 1023
The main recommended action is to be aware of the above, apply patches in a timely manner and restrict traffic to only authorised IP addresses / users.
CSA - Mitigating Hybrid Cloud Risk
During 2020, the Cloud Security Alliance (CSA) & Hybrid Cloud Security Working Group reviewed hybrid cloud model risks, threats and vulnerabilities to identify adequate mitigation controls for organisations to implement. The following are the controls listed, which is a useful starting point to analyse the security posture of hybrid cloud environments:
Security BSides Dublin 2021 Virtual Conference will take place on 27th March 2021.
"Security BSides is a community-driven framework for building events, by and for, information security community members. These events are already happening in major cities all over the world! We are responsible for organising an independent BSides-Approved event for Ireland, in Dublin."
Nathan recently joined the HEAnet team as a Security & Risk Adviser. He has a number of years experience in Offensive Security including consultancy delivering penetration testing across a broad range of industries. Nathan holds a BSc in Digital Forensics and Cyber Security and is currently completing his Master of Science in Cyber Security. Nathan has a keen interest in all things relating to Offensive Security, particularly in Web Application penetration tesitng, network penetration testing, social engineering.
John Charles Lawlor
John-Charles is currently a third-year Computing with IT Management student at TU Dublin. He has joined HEAnet on a 6-month placement as a Security Analyst. John has had a keen interest in cyber security since the completion of his information security module and jumped at the chance to gain experience in the field.