Threat Advisory – November 22-28

Data Breach

CYSEC NEWS


Tracked as CVE-2021-41379 and discovered by security researcher Abdelhamid Naceri, the elevation of privilege flaw affecting the Windows Installer software component was originally resolved as part of Microsoft’s Patch Tuesday updates for November 2021 However, in what’s a case of an insufficient patch, Naceri found that it was not only possible to bypass the fix implemented by Microsoft but also achieve local privilege escalation via a newly discovered zero-day bug.


Reference: https://thehackernews.com/2021/11/warning-hackers-exploiting-new-windows.html


Web hosting giant GoDaddy on Monday disclosed a data breach that resulted in the unauthorized access of data belonging to a total of 1.2 million active and inactive customers, making it the third security incident to come to light since 2018.


Reference: https://thehackernews.com/2021/11/godaddy-data-breach-exposes-over-1.html


VMware has shipped updates to address two security vulnerabilities in vCenter Server and Cloud Foundation that could be abused by a remote attacker to gain access to sensitive information. The more severe of the issues concerns an arbitrary file read vulnerability in the vSphere Web Client. Tracked as CVE-2021-21980, the bug has been rated 7.5 out of a maximum of 10 on the CVSS scoring system, and impacts vCenter Server versions 6.5 and 6.7 “A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information,” the company noted in an advisory published on November 23, crediting ch0wn of Orz lab for reporting the flaw.


Reference: https://thehackernews.com/2021/11/vmware-warns-of-newly-discovered.html


At least 9.3 million Android devices have been infected by a new class of malware that disguises itself as dozens of arcade, shooter, and strategy games on Huawei’s AppGallery marketplace to steal device information and victims’ mobile phone numbers.


Reference: https://thehackernews.com/2021/11/over-9-million-android-phones-running.html


A now-patched vulnerability affecting Oracle VM VirtualBox could be potentially exploited by an adversary to compromise the hypervisor and cause a denial-of-service (DoS) condition.


Reference: https://thehackernews.com/2021/11/researchers-detail-privilege-escalation.html


Security researchers have discovered a new remote access trojan (RAT) for Linux that keeps an almost invisible profile by hiding in tasks scheduled for execution on a non-existent day, February 31st. “The CronRAT adds a number of tasks to crontab with a curious date specification: 52 23 31 2 3. These lines are syntactically valid, but would generate a run time error when executed. However, this will never happen as they are scheduled to run on February 31st,” Sansec Researchers explain.

Reference: https://www.bleepingcomputer.com/news/security/new-linux-malware-hides-in-cron-jobs-with-invalid-dates/


Threat actors have recently begun to compromise internal Microsoft Exchange servers using the ProxyShell and ProxyLogin vulnerabilities to perform phishing attacks. Once they gain access to a server, they use the internal Microsoft Exchange servers to perform reply-chain attacks against employees using stolen corporate emails.


Reference: https://www.bleepingcomputer.com/news/security/ikea-email-systems-hit-by-ongoing-cyberattack/


Free unofficial patches have been released to protect Windows users from a local privilege escalation (LPE) zero-day vulnerability in the Mobile Device Management Service impacting Windows 10, version 1809 and later. The security flaw resides under the “Access work or school” settings, and it bypasses a patch released by Microsoft in February to address an information disclosure bug tracked as CVE-2021-24084.


Reference: https://www.bleepingcomputer.com/news/security/new-windows-10-zero-day-gives-admin-rights-gets-unofficial-patch/


Microsoft has confirmed a new issue impacting Windows Server devices preventing the Microsoft Defender for Endpoint security solution from launching on some systems. The enterprise endpoint security platform (previously known as Microsoft Defender Advanced Threat Protection or Defender ATP) might fail to start or run on devices with a Windows Server Core installation. The known issue only impacts devices where customers have installed KB5007206 or later updates on Windows Server 2019 and KB5007205 or later updates on Windows Server 2022.


Reference: https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-for-endpoint-fails-to-start-on-windows-server/


Microsoft describes Super Duper Secure Mode as “a browsing mode in Microsoft Edge where the security of your browser takes priority, providing you an extra layer of protection when browsing the web.” “We quietly released Super Duper Secure Mode to stable (96.0.1054.29),” said Johnathan Norman, Microsoft Edge Vulnerability Research Lead.


Reference: https://www.bleepingcomputer.com/news/microsoft/microsoft-edge-adds-super-duper-secure-mode-to-stable-channel/


HAVE ANY QUESTIONS?
Do not hesitate to contact us!

Address: Mesogeion Ave. 41, 11524 Athens, Greece
Phone: (+30) 211 800 5 800
Email: info@devoq.gr
Website: www.devoq.gr

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.