CySec News
Microsoft has released security updates with the June 2022 cumulative Windows Updates to address a critical Windows zero-day vulnerability known as Follina and actively exploited in ongoing attacks. “Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action,” Microsoft said in an update to the original advisory.
Reference: https://www.bleepingcomputer.com/news/security/microsoft-patches-actively-exploited-follina-windows-zero-day/
A new side-channel attack known as Hertzbleed allows remote attackers to steal full cryptographic keys by observing variations in CPU frequency enabled by dynamic voltage and frequency scaling (DVFS). This is possible because, on modern Intel (CVE-2022-24436) and AMD (CVE-2022-23823) x86 processors, the dynamic frequency scaling depends on the power consumption and the data being processed.
Reference: https://www.bleepingcomputer.com/news/security/new-hertzbleed-side-channel-attack-affects-intel-amd-cpus/
Mozilla says that all Firefox users will now be protected by default against cross-site tracking while browsing the Internet. Total Cookie Protection forces all websites to keep their cookies in separate “jars,” thus blocking attempts to track you across the web and building browsing profiles.
Reference: https://www.bleepingcomputer.com/news/security/firefox-now-blocks-cross-site-tracking-by-default-for-all-users/
The ALPHV ransomware gang, aka BlackCat, has brought extortion to a new level by creating a dedicated website that allows the customers and employees of their victim to check if their data was stolen in an attack.
Reference: https://www.bleepingcomputer.com/news/security/ransomware-gang-creates-site-for-employees-to-search-for-their-stolen-data/
A new hardware attack targeting Pointer Authentication in Apple M1 CPUs with speculative execution enables attackers to gain arbitrary code execution on Mac systems. Pointer Authentication is a security feature that adds a cryptographic signature, known as pointer authentication code (PAC), to pointers that allow the operating system to detect and block unexpected changes that would otherwise lead to data leaks or system compromise.
Reference: https://www.bleepingcomputer.com/news/security/new-pacman-hardware-attack-targets-macs-with-apple-m1-cpus/
Microsoft has announced a new feature for Microsoft Defender for Endpoint (MDE) to help organizations prevent attackers and malware from using compromised unmanaged devices to move laterally through the network. This new feature allows admins to “contain” unmanaged Windows devices on their network if they were compromised or are suspected to be compromised. Once tagged as contained, the enterprise endpoint security platform will instruct Windows systems on the network to block all communication to and from the device.
Reference: https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-now-isolates-hacked-unmanaged-windows-devices/
A new covert Linux kernel rootkit named Syslogk has been spotted under development in the wild and cloaking a malicious payload that can be remotely commandeered by an adversary using a magic network traffic packet.
Reference: https://thehackernews.com/2022/06/new-syslogk-linux-rootkit-lets.html
A newly discovered Linux malware known as Symbiote infects all running processes on compromised systems, steals account credentials, and gives its operators backdoor access. After injecting itself into all running processes, the malware acts as a system-wide parasite, leaving no identifiable signs of infection even during meticulous in-depth inspections. Symbiote uses the BPF (Berkeley Packet Filter) hooking functionality to sniff network data packets and to hide its own communication channels from security tools.
Reference: https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/
A new high-severity vulnerability has been disclosed in the Zimbra email suite that, if successfully exploited, enables an unauthenticated attacker to steal cleartext passwords of users sans any user interaction. Tracked as CVE-2022-27924 (CVSS score: 7.5), the issue has been characterized as a case of “Memcached poisoning with unauthenticated request,” leading to a scenario where an adversary can inject malicious commands and siphon sensitive information.
Reference: https://thehackernews.com/2022/06/new-zimbra-email-vulnerability-could.html
An unpatched security issue in the Travis CI API has left tens of thousands of developers’ user tokens exposed to potential attacks, effectively allowing threat actors to breach cloud infrastructures, make unauthorized code changes, and initiate supply chain attacks.
Reference: https://thehackernews.com/2022/06/unpatched-travis-ci-api-bug-exposes.html
CVE’s of the Week
Microsoft
CVE-2022-30128 – Score 5.1
CVE-2022-30127 – Score 5.1
CVE-2022-26905 – Score 4.3
Dell
CVE-2022-29098 – Score 5.0
CVE-2022-29085 – Score 4.6
CVE-2022-29084 – Score 10.0
CVE-2022-26866 – Score 3.5
CVE-2020-26185 – Score 5.0
CVE-2020-26184 – Score 5.0