Posts

Cybersecurity Updates For Week 16 of 2022

CVE-2021-3970, CVE-2021-3971, CVE-2021-3972: Lenovo UEFI Firmware Vulnerabilities

Security company ESET discovered 3 new vulnerabilities in the UEFI firmware of Lenovo laptops which affected hundreds of Lenovo models including Lenovo Flex; IdeaPads; Legion; V14, V15, and V17 series; and Yoga laptops.

Read more:
https://securityonline.info/cve-2021-3970-lenovo-uefi-firmware-vulnerabilities/

Hackers Are Getting Caught Exploiting New Bugs More Than Ever

A pair of reports from Mandiant and Google found a spike in exploited zero-day vulnerabilities in 2021. The question is, why?

Read more:
https://www.wired.com/story/zero-day-exploits-vulnerabilities-google-mandiant/

Access Bypass, Data Overwrite Vulnerabilities Patched in Drupal

Drupal on Wednesday announced the release of security updates to resolve a couple vulnerabilities that could lead to access bypass and data overwrite.

Read More:
https://www.securityweek.com/access-bypass-data-overwrite-vulnerabilities-patched-drupal

Other news worth mentioning:

Amazon’s Hotpatch for Log4j Flaw Found Vulnerable to Privilege Escalation Bug
Critical Chipset Bugs Open Millions of Android Devices to Remote Spying
Denonia Malware Shows Evolving Cloud Threats
Oracle Releases 520 New Security Patches With April 2022 CPU
Emotet reestablishes itself at the top of the malware world

Cybersecurity Updates For Week 12 of 2022

Okta’s Investigation of the January 2022 Compromise

On March 22, 2022, nearly 24 hours ago, a number of screenshots were published online that were taken from a computer used by one of Okta’s third-party customer support engineers.

Read more:
https://www.okta.com/blog/2022/03/oktas-investigation-of-the-january-2022-compromise/

Microsoft confirms Lapsus$ breach after hackers publish Bing, Cortana source code

Microsoft has confirmed that it was breached by the Lapsus$ hacking group.

Read more:
https://techcrunch.com/2022/03/23/microsoft-lapsus-hack-source-code/

North Korean Hackers Exploited Chrome Zero-Day to Target Fintech, IT, and Media Firms

Google’s Threat Analysis Group (TAG) on Thursday disclosed that it acted to mitigate threats from two distinct government-backed attacker groups based in North Korea that exploited a recently-uncovered remote code execution flaw in the Chrome web browser.

Read More:
https://thehackernews.com/2022/03/north-korean-hackers-exploited-chrome.html

Other news worth mentioning:

7 Suspected Members of LAPSUS$ Hacker Gang, Aged 16 to 21, Arrested in U.K.
FBI: Cybercrime Victims Suffered Losses of Over $6.9B in 2021
Feds Allege Destructive Russian Hackers Targeted US Refineries
Western Digital My Cloud OS update fixes critical vulnerability

Cybersecurity Updates For Week 8 of 2022

New Data-Wiping Malware Discovered on Systems in Ukraine

Researchers were scrambling to analyze a newly discovered piece of data-wiping malware found in the wild.

Read more:
https://www.darkreading.com/attacks-breaches/new-data-wiping-malware-discovered-on-systems-in-ukraine

Notorious TrickBot Malware Gang Shuts Down its Botnet Infrastructure

The modular Windows crimeware platform known as TrickBot formally shuttered its infrastructure on Thursday after reports emerged of its imminent retirement amid a lull in its activity for almost two months, marking an end to one of the most persistent malware campaigns in recent years.

Read more:
https://thehackernews.com/2022/02/notorious-trickbot-malware-gang-shuts.html

Microsoft Exchange Bugs Exploited by ‘Cuba’ Ransomware Gang

The ransomware gang known as “Cuba” is increasingly shifting to exploiting Microsoft Exchange vulnerabilities – including ProxyShell and ProxyLogon – as initial infection vectors, researchers have found.

Read More:
https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/

Other news worth mentioning:

Russia Sanctions May Spark Escalating Cyber Conflict
Redcar and Cleveland Council: Four serious data breaches reported
How to Use Google Chrome’s Enhanced Safety Mode
Social Media Hijacking Malware Spreading Through Gaming Apps on Microsoft Store

Bug-hunters punch huge holes in WPA3 standard for Wi-Fi security

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Researchers have detailed a set of side-channel and downgrade attacks that potentially allow an attacker to compromise Wi-Fi networks equipped with WPA3 protection.

Read more

 

Top 5 Security News

WordPress Urges Users to Uninstall Yuzo Plugin After Flaw Exploited

Google launches new security tools for G Suite users

Credential-stuffing attacks behind 30 billion login attempts in 2018

Android 7.0+ Phones Can Now Double as Google Security Keys

The right way to do AI in security

Google Releases Google Chrome 30

Google has released Chrome 30 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to cause a denial of service condition, spoof the address bar, or obtain sensitive information.

More information: http://googlechromereleases.blogspot.se/search/label/Stable%20updates

Basefarm SIRT Newsletter 28

Bluebox Labs found a vulnerability in Android which has been a lot in the news, and while Google have issued a Patch for it, it doesn’t mean the users will have the fix before the OEMs send it out to them. Reports regarding Styx-Crypt and the previous attacks on South Korea. A serious flaw was also found in Cryptocat that meant it was extremely easy to eavesdrop on conversations for seven months.
Microsoft and Adobe did their regular Patch Tuesday for July, which covers a few critical vulnerabilities that you should apply!

Top 5 Business Intelligence links
DEF CON To Feds: We Need Some Time Apart
Ponemon Survey: 59% Of IT Profs Say Security Metrics Are Too Complicated For Management
Practical IT: How to plan against threats to your business
Oops. Japanese Government Shares Internal E-Mails on Google
McAfee: Malware hunts for South Korean military secrets

Top 5 Miscellaneous Security links
Serious flaw found in Cryptocat chat app
Who’s Behind The Styx-Crypt Exploit Pack?
Uncovering Android Master Key that makes 99% of devices vulnerable
This Is Not a Test: Emergency Broadcast Systems Proved Hackable
Thousands of websites defaced after Belgium and Netherland domain registrars hacked

Basefarm SIRT Posts
Patch Tuesday July 2013

Google Chrome 25.0.1364.87

Google has released an update to their browser, and all users are suggested to update as soon as possible to avoid exploitation.

More information: http://googlechromereleases.blogspot.se/search/label/Stable%20updates