CySec News

Microsoft reminded customers that Windows Server, version 20H2 will be reaching its End of Service (EOS) next month, on August 9.

Reference: https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-windows-server-20h2-reaches-eos-next-month/

 

Microsoft says last week’s decision to roll back VBA macro auto-blocking in downloaded Office documents is only a temporary change.

Reference: https://www.bleepingcomputer.com/news/microsoft/microsoft-says-decision-to-unblock-office-macros-is-temporary/

 

Cisco on Wednesday rolled out patches for 10 security flaws spanning multiple products, one of which is rated Critical in severity and could be weaponized to conduct absolute path traversal attacks. In a related development, Fortinet addressed as many as four high-severity vulnerabilities affecting FortiAnalyzer, FortiClient, FortiDeceptor, and FortiNAC.

Reference: https://thehackernews.com/2022/07/cisco-and-fortinet-release-security.html

 

Eight months after disclosing a high-severity privilege escalation flaw in vCenter Server’s IWA (Integrated Windows Authentication) mechanism, VMware has finally released a patch for one of the affected versions. This vulnerability (tracked as CVE-2021-22048 and reported by CrowdStrike’s Yaron Zinar and Sagi Sheinfeld) also affects VMware’s Cloud Foundation hybrid cloud platform deployments. Successful exploitation enables attackers with non-administrative access to unpatched vCenter Server deployments to elevate privileges to a higher privileged group.

Reference: https://www.bleepingcomputer.com/news/security/vmware-patches-vcenter-server-flaw-disclosed-in-november/

 

Microsoft has fixed 32 vulnerabilities in the Azure Site Recovery suite that could have allowed attackers to gain elevated privileges or perform remote code execution.

Reference: https://www.bleepingcomputer.com/news/security/microsoft-fixes-dozens-of-azure-site-recovery-privilege-escalation-bugs/

 

Microsoft says that Windows Autopatch, an enterprise service that automatically keeps Windows and Microsoft 365 software up to date, is generally available starting 11/7/2022. Windows Autopatch was first announced in April when Microsoft said it would be available for free to Microsoft customers with a Windows 10/11 Enterprise E3 license or greater starting July 2022 (it reached public preview in early June).

Reference: https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-autopatch-is-now-generally-available/

 

Hackers are impersonating well-known cybersecurity companies, such as CrowdStrike, in callback phishing emails to gain initial access to corporate networks. Over the past year, threat actors have increasingly used “callback” phishing campaigns that impersonate well-known companies requesting you call a number to resolve a problem, cancel a subscription renewal, or discuss another issue. When the target calls the numbers, the threat actors use social engineering to convince users to install remote access software on their devices, providing initial access to corporate networks. This access is then used to compromise the entire Windows domain.

Reference: https://www.bleepingcomputer.com/news/security/hackers-impersonate-cybersecurity-firms-in-callback-phishing-attacks/

 

Recently Zimperium discovered and began monitoring the growth of a wide range of malicious browser extensions with the same extension ID as that of Google Translate, deceiving users into believing that they have installed a legitimate extension. Similar to app spoofing and cloning, these malicious applications look legitimate, but underneath the surface lies code that puts personal and enterprise data at risk. These malicious extensions can perform a wide variety of attacks based on the attacker’s purpose, as the malware includes a javascript injection method from the attacker’s controlled server.

Reference: https://otx.alienvault.com/pulse/62cc1954b78e7fe63ff90784

 

TrendMicro recently found a new ransomware family, which we have dubbed as HavanaCrypt, that disguises itself as a legitimate Google Software Update application and uses a Microsoft web hosting service IP address as its command-and-control (C&C) server to circumvent detection.

Reference: https://otx.alienvault.com/pulse/62c7f28fe2bd732167bb24dc

 

The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) has chosen the first set of quantum-resistant encryption algorithms that are designed to “withstand the assault of a future quantum computer.” The post-quantum cryptography (PQC) technologies include the CRYSTALS-Kyber algorithm for general encryption, and CRYSTALS-Dilithium, FALCON, and SPHINCS+ for digital signatures.

Reference: https://thehackernews.com/2022/07/nist-announces-first-four-quantum.html

 

The UK’s National Cyber Security Centre (NCSC) and Information Commissioner’s Office (ICO) have released a joint letter urging the legal industry not to pay ransomware demands. The letter (PDF) was released following an increase in the number of ransomware payments as tracked by both organizations and a growing suspicion that solicitors are advising their clients to give in to extortionate demands.

Reference: https://portswigger.net/daily-swig/uk-ncsc-and-ico-urge-legal-sector-to-discourage-businesses-from-paying-ransomware-demands

 

Organizations are increasingly using machine learning (ML) models in their applications and services without considering the security requirements they entail, a new study by security consultancy NCC Group shows.

Due to the unique ways that machine learning systems are developed and deployed, they introduce new threat vectors that developers are often unaware of, the study finds, adding that many of the old and known threats also apply to ML systems.

Reference: https://portswigger.net/daily-swig/take-threats-against-machine-learning-systems-seriously-security-firm-warns