News from the different realms of Cybersecurity
Much more detail here:
CISA: https://www.cisa.gov/uscert/ncas/alerts/aa22-103a
Mandiant: https://www.mandiant.com/resources/incontroller-state-sponsored-ics-tool
IcedID Info-Stealing Malware Continues to Spread
Compromised Microsoft Exchange servers are sending out emails that appear to be a part of an email chain’s conversation to lure the un-suspecting user into opening an attached password protected archive or .zip file, along with the included password on open the file, resulting in infecting the user’s computer. From this point IcedID phones home with command-and-control techniques and then it can be utilized for a number of different ways to continue to exploit the infected computer. Due to the age of IcedID malware there is quite a bit of researched patterns and information of how it infects a computer.
More details:
The Register – https://www.theregister.com/2022/03/29/icedid_microsoft_exchange_phishing/
The Hacker News – https://thehackernews.com/2022/03/hackers-hijack-email-reply-chains-on.html
BleepingComputer – https://www.bleepingcomputer.com/news/security/microsoft-exchange-targeted-for-icedid-reply-chain-hijacking-attacks/
Microsoft is underway investigating if they were breached due to a claim from a cyberthreat group has released. The same extortion group that has also claimed recent breaches to six other large businesses.
Bleeping Computer – “Microsoft investigating claims of hacked source code repositories” : https://www.bleepingcomputer.com/news/security/microsoft-investigating-claims-of-hacked-source-code-repositories/
A new style of malware uniquely set to compromise Windows OS via the Windows Subsystem for Linux (WSL), has been reported by researchers at Lumen’s Black Lotus Labs.
More detail here: https://www.bleepingcomputer.com/news/security/new-malware-uses-windows-subsystem-for-linux-for-stealthy-attacks/
Ready or not, it’s patch time again:
“Point and Print Default Behavior Change” via MSRC : https://msrc-blog.microsoft.com/2021/08/10/point-and-print-default-behavior-change/
Microsoft: Security Updates for August: https://msrc.microsoft.com/update-guide/
Adobe: Security updates for Adobe Connect and Magento : https://helpx.adobe.com/security/security-bulletin.html
“Firefox 91 Introduces Enhanced Cookie Clearing” via Mozilla Security Blog : https://blog.mozilla.org/security/2021/08/10/firefox-91-introduces-enhanced-cookie-clearing/
“Snort rule update for Aug. 10, 2021 — Microsoft Patch Tuesday” via Snort Blog : https://blog.snort.org/2021/08/snort-rule-update-for-aug-10-2021.html
“BazaCall: Phony call centers lead to exfiltration and ransomware” via Eric Avena | Microsoft Security Blog
“Our continued investigation into BazaCall campaigns, those that use fraudulent call centers that trick unsuspecting users into downloading the BazaLoader malware, shows that this threat is more dangerous than what’s been discussed publicly in other security blogs and covered by the media. Apart from having backdoor capabilities, the BazaLoader payload from these campaigns also gives a remote attacker hands-on-keyboard control on an affected user’s device, which allows for a fast network compromise. In our observation, attacks emanating from the BazaCall threat could move quickly within a network, conduct extensive data exfiltration and credential theft, and distribute ransomware within 48 hours of the initial compromise.”
More detail: https://www.microsoft.com/security/blog/2021/07/29/bazacall-phony-call-centers-lead-to-exfiltration-and-ransomware/
Bug hunters asked to probe Microsoft Teams mobile apps, can earn up to $30k
— Read on www.helpnetsecurity.com/2021/07/20/bug-hunters-microsoft-teams/
“Microsoft to acquire RiskIQ to strengthen cybersecurity of digital transformation and hybrid work” via Emma Jones | Microsoft Security Blog
“Organizations are increasingly using the cloud to reimagine every facet of their business. Hybrid work has accelerated this digital transformation, and customers are challenged with the increasing sophistication and frequency of cyberattacks. Today, Microsoft is announcing that we have entered into a definitive agreement to acquire RiskIQ, a leader in global threat intelligence and attack surface management, to help our shared customers build a more comprehensive view of the global threats to their businesses, better understand vulnerable internet-facing assets, and build world-class threat intelligence.”
“Out-of-Band (OOB) Security Update available for CVE-2021-34527” via Microsoft Security Response Center
“Today Microsoft released an Out-of-Band (OOB) security update for CVE-2021-34527, which is being discussed externally as PrintNightmare. This is a cumulative update release, so it contains all previous security fixes and should be applied immediately to fully protect your systems. The fix that we released today fully addresses the public vulnerability, and it also includes a new feature that allows customers to implement stronger protections.”
More detail: https://msrc-blog.microsoft.com/2021/07/06/out-of-band-oob-security-update-available-for-cve-2021-34527/
Cybersecurity Today