CySec News

The Follina vulnerability, which came to light late last week, involved a real-world exploit that leveraged the shortcoming in a weaponized Word document to execute arbitrary PowerShell code by making use of the “ms-msdt:” URI scheme. Microsoft on Monday published guidance for a newly discovered zero-day security flaw in its Office productivity suite that could be exploited to achieve code execution on affected systems. The weakness, now assigned the identifier CVE-2022-30190, is rated 7.8 out of 10 for severity on the CVSS vulnerability scoring system. Microsoft Office versions Office 2013, Office 2016, Office 2019, and Office 2021, as well as Professional Plus editions, are impacted.

Reference: https://thehackernews.com/2022/05/microsoft-releases-workarounds-for.html

Microsoft has announced that it will automatically enable stricter secure default settings known as ‘security defaults’ on all existing Azure Active Directory (Azure AD) tenants in late June 2022. First introduced in October 2019 only for new tenants, security defaults are a set of basic security mechanisms designed to introduce good identity security hygiene with a minimum of effort, even for organizations that don’t have an IT team.

Reference: https://www.bleepingcomputer.com/news/microsoft/microsoft-to-force-better-security-defaults-for-all-azure-ad-tenants/

A new ransomware named ‘Cheers’ has appeared in the cybercrime space and has started its operations by targeting vulnerable VMware ESXi servers. VMware ESXi is a virtualization platform commonly used by large organizations worldwide, so encrypting them typically causes severe disruption to a business’ operations.

Reference: https://www.bleepingcomputer.com/news/security/new-cheers-linux-ransomware-targets-vmware-esxi-servers/

A nascent Linux-based botnet named Enemybot has expanded its capabilities to include recently disclosed security vulnerabilities in its arsenal to target web servers, Android devices, and content management systems (CMS). “The malware is rapidly adopting one-day vulnerabilities as part of its exploitation capabilities,” AT&T Alien Labs said in a technical write-up published last week. “Services such as VMware Workspace ONE, Adobe ColdFusion, WordPress, PHP Scriptcase and more are being targeted as well as IoT and Android devices.”

Reference: https://thehackernews.com/2022/05/enemybot-linux-botnet-now-exploits-web.html

The privacy-focused DuckDuckGo browser purposely allows Microsoft trackers on third-party sites due to an agreement in their syndicated search content contract between the two companies. While DuckDuckGo does not store any personal identifiers with your search queries, Microsoft advertising may track your IP address and other information when clicking on an ad link for “accounting purposes” but it is not associated with a user advertising profile.

Reference: https://www.bleepingcomputer.com/news/security/duckduckgo-browser-allows-microsoft-trackers-due-to-search-agreement/

Zyxel has released patches to address four security flaws affecting its firewall, AP Controller, and AP products to execute arbitrary operating system commands and steal select information.

Reference: https://thehackernews.com/2022/05/zyxel-issues-patches-for-4-new-flaws.html

The maintainers of the Tails project have issued a warning that the Tor Browser that’s bundled with the operating system is unsafe to use for accessing or entering sensitive information. “We recommend that you stop using Tails until the release of 5.1 (May 31) if you use Tor Browser for sensitive information (passwords, private messages, personal information, etc.),” the project said in an advisory issued this week.

Reference: https://thehackernews.com/2022/05/tails-os-users-advised-not-to-use-tor.html

Three fileless malware: Ave Maria, BitRAT and PandoraHVNC – Part II, by Fortinet’s FortiGuard Labs, is part of a series of posts on the subject.