CySec News
HTTP/3 (RFC 9114) is the latest revision of the HTTP protocol, taking over from 2015’s HTTP/2. HTTP/3 is designed to address some of the performance issues inherent in HTTP/2, improving the user experience, decreasing the impact of packet loss without head-of-line blocking, speeding up handshake requirements, and enabling encryption by default. The protocol utilizes space congestion control over User Datagram Protocol (UDP).
Reference: https://portswigger.net/daily-swig/http-3-evolves-into-rfc-9114-a-security-advantage-but-not-without-challenges
Atlassian has released security updates to address a critical zero-day vulnerability in Confluence Server and Data Center actively exploited in the wild to backdoor Internet-exposed servers. The zero-day (CVE-2022-26134) affects all supported versions of Confluence Server and Data Center and allows unauthenticated attackers to gain remote code execution on unpatched servers.
Reference: https://www.bleepingcomputer.com/news/security/atlassian-fixes-confluence-zero-day-widely-exploited-in-attacks/
A critical Windows zero-day vulnerability, known as Follina and still waiting for an official fix from Microsoft, is now being actively exploited in ongoing phishing attacks to infect recipients with Qbot malware. Proofpoint first reported Monday that the same zero-day was used in phishing targeting US and EU government agencies.
Reference: https://www.bleepingcomputer.com/news/security/qbot-malware-now-uses-windows-msdt-zero-day-in-phishing-attacks/
Black Basta is the latest ransomware gang to add support for encrypting VMware ESXi virtual machines (VMs) running on enterprise Linux servers.
Reference: https://www.bleepingcomputer.com/news/security/linux-version-of-black-basta-ransomware-targets-vmware-esxi-servers/
GitLab has released a critical security update for multiple versions of its Community and Enterprise Edition products to address eight vulnerabilities, one of which allows account takeover. Tracked as CVE-2022-1680 and rated with a critical severity score of of 9.9, the vulnerability affects all GitLab versions 11.10 through 14.9.4, 14.10 through 14.10.3, and version 15.0.
Reference: https://www.bleepingcomputer.com/news/security/gitlab-security-update-fixes-critical-account-take-over-flaw/
Microsoft is working on a new ‘Restore Apps’ feature for Windows 11 that will allow users to quickly reinstall all of their previously installed apps from the Microsoft Store on a new or freshly installed PC. While desktop applications will still need to be installed manually, the new Windows 11 feature will allow you to install all the Microsoft Store apps tied to your account by clicking a single button.
Reference: https://www.bleepingcomputer.com/news/microsoft/windows-11-restore-apps-feature-will-make-it-easier-to-set-up-new-pcs/
Microsoft said this week that Windows Autopatch, a service to automatically keep Windows and Microsoft 365 software up to date in enterprise environments, has now reached public preview. This enterprise service was first announced in April when Redmond said it would be made generally available in July 2022 and offered free to Microsoft customers with a Windows 10/11 Enterprise E3 license or greater. Windows Autopatch automatically manages the deployment of Windows 10 and Windows 11 quality and feature updates, drivers, firmware, and Microsoft 365 Apps for enterprise updates.
Reference: https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-autopatch-now-available-for-public-preview/
Apple has introduced a Rapid Security Response feature in iOS 16 and macOS Ventura that’s designed to deploy security fixes without the need for a full operating system version update. The feature, which also works on iOS, aims to separate regular software updates from critical security improvements and are applied automatically so that users are quickly protected against in-the-wild attacks and unexpected threats.
Reference: https://thehackernews.com/2022/06/apples-new-feature-will-install.html
Threat analysts have observed an unusual trend in ransomware group tactics, reporting that initial phases of victim extortion are becoming less open to the public as the actors tend to use hidden or anonymous entries. By not disclosing the victim’s name immediately, the ransomware operatives give their targets a more extended opportunity to negotiate the ransom payment in secrecy while still maintaining a level of pressure in the form of a future data leak.
Reference: https://www.bleepingcomputer.com/news/security/ransomware-gangs-now-give-victims-time-to-save-their-reputation/
CVE’s of the Week
Microsoft
CVE-2022-30190 – Score 9.3