Posts

Cybersecurity Updates For Week 12 of 2022

Okta’s Investigation of the January 2022 Compromise

On March 22, 2022, nearly 24 hours ago, a number of screenshots were published online that were taken from a computer used by one of Okta’s third-party customer support engineers.

Read more:
https://www.okta.com/blog/2022/03/oktas-investigation-of-the-january-2022-compromise/

Microsoft confirms Lapsus$ breach after hackers publish Bing, Cortana source code

Microsoft has confirmed that it was breached by the Lapsus$ hacking group.

Read more:
https://techcrunch.com/2022/03/23/microsoft-lapsus-hack-source-code/

North Korean Hackers Exploited Chrome Zero-Day to Target Fintech, IT, and Media Firms

Google’s Threat Analysis Group (TAG) on Thursday disclosed that it acted to mitigate threats from two distinct government-backed attacker groups based in North Korea that exploited a recently-uncovered remote code execution flaw in the Chrome web browser.

Read More:
https://thehackernews.com/2022/03/north-korean-hackers-exploited-chrome.html

Other news worth mentioning:

7 Suspected Members of LAPSUS$ Hacker Gang, Aged 16 to 21, Arrested in U.K.
FBI: Cybercrime Victims Suffered Losses of Over $6.9B in 2021
Feds Allege Destructive Russian Hackers Targeted US Refineries
Western Digital My Cloud OS update fixes critical vulnerability

Cybersecurity Updates For Week 8 of 2022

New Data-Wiping Malware Discovered on Systems in Ukraine

Researchers were scrambling to analyze a newly discovered piece of data-wiping malware found in the wild.

Read more:
https://www.darkreading.com/attacks-breaches/new-data-wiping-malware-discovered-on-systems-in-ukraine

Notorious TrickBot Malware Gang Shuts Down its Botnet Infrastructure

The modular Windows crimeware platform known as TrickBot formally shuttered its infrastructure on Thursday after reports emerged of its imminent retirement amid a lull in its activity for almost two months, marking an end to one of the most persistent malware campaigns in recent years.

Read more:
https://thehackernews.com/2022/02/notorious-trickbot-malware-gang-shuts.html

Microsoft Exchange Bugs Exploited by ‘Cuba’ Ransomware Gang

The ransomware gang known as “Cuba” is increasingly shifting to exploiting Microsoft Exchange vulnerabilities – including ProxyShell and ProxyLogon – as initial infection vectors, researchers have found.

Read More:
https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/

Other news worth mentioning:

Russia Sanctions May Spark Escalating Cyber Conflict
Redcar and Cleveland Council: Four serious data breaches reported
How to Use Google Chrome’s Enhanced Safety Mode
Social Media Hijacking Malware Spreading Through Gaming Apps on Microsoft Store

Cybersecurity Updates For Week 5 of 2022

Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution – CVE-2022-44142

All versions of Samba prior to 4.13.17 are vulnerable to an out-of-bounds heap read write vulnerability that allows remote attackers to execute arbitrary code as root on affected Samba installations that use the VFS module vfs_fruit.

Read more:
https://www.samba.org/samba/security/CVE-2021-44142.html

Libexpat CVE-2022-23852 & CVE-2022-23990

Two vulnerabilities have been found in Libexpat, this is a well known used XML parser in devices such as loadbalancers.
So make sure to double check if your vendor is affected and has updated.

Read more:
https://github.com/libexpat/libexpat/blob/master/expat/Changes

Cisco Small Business RV Series Routers Vulnerabilities

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series, make sure to read the security advisory from ciso and update as soon as possible.

Read More:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D

Other news worth mentioning:

Google Patches 27 Vulnerabilities With Release of Chrome 98
MICROSOFT ONEDRIVE FOR MACOS LOCAL PRIVILEGE ESCALATION
Critical Flaw Impacts WordPress Plugin With 1 Million Installations
Linux kernel patches “performance can be harmful” bug in video driver

Google Releases Google Chrome 30

Google has released Chrome 30 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to cause a denial of service condition, spoof the address bar, or obtain sensitive information.

More information: http://googlechromereleases.blogspot.se/search/label/Stable%20updates

Google Chrome 25.0.1364.87

Google has released an update to their browser, and all users are suggested to update as soon as possible to avoid exploitation.

More information: http://googlechromereleases.blogspot.se/search/label/Stable%20updates