Twitter boss, Jack Doresy, had his Twitter account was hacked at the end of August, with hackers using his account to send a stream of offensive messages to his 4.2 million followers. It appears Jack was using his mobile phone to provide multi-factor authentication access to his Twitter account, a good solid security practice to adopt, however, it appears his Twitter account password and his mobile phone SMS service were both compromised, the latter probably due to either sim card swap fraud social engineering by the hacker, or by an insider at his mobile network service provider.
It was another bumper ‘Patch Tuesday’, with Microsoft releasing security updates for 93 security vulnerabilities, including 31 which are ‘critical’ rated in Windows, Server 2019, IE, Office, SharePoint and Chakra Core.
Amongst the Microsoft patch release were patches for two serious ‘bluekeep’ or ‘WannaCry’ wormable vulnerabilities in Windows Remote Desktop Services, CVE-2019-1181 and CVE-2019-1182. A Microsoft Security Response Center (MSRC) blog post said Microsoft had found the vulnerabilities as part of a project to make Remote Desktop Services more secure, and stated ‘future malware that exploits these could propagate from vulnerable computer to vulnerable computer without user interaction.” The fixes for these are available for download in the Microsoft Security Update Guide.
A United Nations report concluded North Korea funded its weapons programme to the tune of $2 billion from profits from cyber attacks. ‘Democratic People’s Republic of Korea cyber actors, many operating under the direction of the Reconnaissance General Bureau, raise money for its WMD (weapons of mass destruction) programmes, with total proceeds to date estimated at up to two billion US dollars,’ the UN report said. The report referred at least 35 instances of North Korean-sponsored cryptomining activity or attacks on financial companies and cryptocurrency exchanges. The attacks spanned a total of 17 countries and were designed to generate funds the would be hard to trace and elude regulatory oversight.
VULNERABILITIES AND SECURITY UPDATES
HUAWEI NEWS AND THREAT INTELLIGENCE
AWARENESS, EDUCATION AND THREAT INTELLIGENCE
*** This is a Security Bloggers Network syndicated blog from IT Security Expert Blog authored by SecurityExpert. Read the original post at: http://feedproxy.google.com/~r/securityexpert/~3/pWzl_MCT5cs/cyber-security-roundup-for-august-2019.html