Weekly cyber news update

Facebook hacked

The hacking group OurMine claimed its most recent attack on the Facebook Twitter and Instagram accounts was an attempt to show cyber vulnerabilities on the platform.

The group posted a statement on Facebook’s official Twitter account stating, “Hi, we are OurMine. Well, even Facebook is hackable but at least their security is better than Twitter.”

But Facebook still appeared to have some control over the account, and deleted the tweet — posted at least five times — within seconds. Within 30 minutes, the hack appeared to stop.  The full article produced by the BBC can be found the BBC website.

It is important to keep not only your workplace accounts safe but also your personal accounts. The Information Security team at Oxford offer guidance, advice and training to support you to keep safe online.

 

Tens of millions of biz Dell PCs hit by privilege-escalation bug in bundled troubleshooting tool

Dell has reported to The Reg that they have released fixes for an uncontrolled search path vulnerability within Dell SupportAssist Client (CVE-2020-5316)

The flaw (CVE-2020-5316), which has a severity rating of "high", affects Dell SupportAssist for business PCs version 2.1.3 or earlier and for home PCs version 3.4 or earlier.

Cyberark's Eran Shimony, who discovered the bug, said that in this case, SupportAssist attempts to load a DLL from a directory that a regular (non-admin) user can write into.

"Therefore, a malicious non-privileged user can write a DLL that would be loaded by DellSupportAssist, effectively gaining code execution inside software that runs with NT AUTHORITY\System privileges," Shimony told The Reg. 

"Alternatively the flaw could be exploited to gain access to sensitive data or indeed to steal the credentials of other accounts, such as the domain administrator account," Brian Honan, founder of BH Consulting, told The Reg.

Read more information and the full article published by The Reg.

 

It’s a Myth, Macs do suffer from Malware.

Antivirus company Kaspersky has detailed the ten most common threats its macOS users encountered in 2019. At the top of the list: the Shlayer Trojan, which hit ten percent of all of the Macs Kaspersky monitors, and accounted for nearly a third of detections overall. It’s led the pack since it first arrived in February 2018. ThE full article and further information can be found here.

Protecting your computer from such attacks isn't as hard as it sounds, why not have a look at the current advice from The Information Security team at Oxford.

 

Patch Tuesday is here and aren't you in for a treat!

Its going to be a busy month with Microsoft, Intel, Adobe, and SAP issuing over 100 security fixes for Patch Tuesday.

A full list of all patches and where to find these updates can be found in the The Regs patch Tuesday article.

 

 

 

An image depicting the news story headline. The image contains a photo of a Macbook, a key in a lock and the twitter logo.