Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Microsoft back-pedal ...

 Business

One of the most common ways to spread malware is to add malicious commands to macros in documents. In the vast majority of cases, this means macros for Microsoft Office files. That is, for Word documents, Excel spreadsheets, or Power Point presentations. The average company employee handles many such files every   show more ...

single day. This problem is over 20 years old, so a solution, to put it mildly, is long overdue. This February, Microsoft announced its intention to block execution of macros in documents downloaded from the internet. However, already in early July, Microsoft Office users noticed that this innovation had been rolled back. At the time of posting, the company had yet to release an official statement on the decision, although a spokesperson noted it was temporary and based on feedback. In any event, this is a good time to recall what macros are exactly, how they can bad for corporate cybersecurity, and how to guard against this threat. What are macros and why are they dangerous? Often, Microsoft Office users need to automate various processes. To do so, you can program a certain algorithm or sequence of actions, known as a macro. A simple example: an accountant draws up a standard report every month; to save time, they create a macro to automatically highlight the names of clients in the second column in bold. Macros are created in VBA (Visual Basic for Applications), which is somewhat simplified, but still a programming language. As is frequently the case, attackers can use it for their own purposes. Its worth noting here that familiarity with macros implies a fairly deep knowledge of the Office suite, which by no means all employees have, no matter what they write in their resumes. Some are not even aware that macros exist. Cybercriminals, on the other hand, use macros not for creating harmless algorithms for automating routines, but malicious commands. How do they work? A typical attack on a company starts with a mass dispatch of malicious e-mails to employees. These messages can look like job offers, company news, contractor invoices, information about competitors, and so on. The level of sophistication is limited only by the attackers imagination. The main aim is to get the recipient to open the attached file, or download a document by clicking the link provided and then opening it. What the cybercriminals need is for the malicious macro in the file to be run. Many moons ago, embedded macros would run automatically, but Microsoft limited this functionality so that now, upon opening a file downloaded online, the user is informed that macros are disabled. So, no problem any more, right? Not quite. Many users click the Enable Content button without thinking, thereby allowing automatic execution of said macros, which opens the door to malware. This is how attackers often gain access to the target companys infrastructure. Whats more, as mentioned above, most employees have no idea what problems an innocent click on the Enable Content button can entail. At long last, Microsoft took the only right decision — not to give the user a choice, but to block macros in downloaded files by default. The entire infosec expert community welcomed the news, and the innovation was implemented in early April of this year. Instead of a button, users saw a security warning with a link to a post about the dangers of macros. But the joy was short-lived — the change was rolled back shortly afterward. How to protect yourself? IT admins at large companies have always been able to disable macros at the security-policy level. So, if your workflows dont require the use of macros, wed recommend doing the same. I you do, a user who opens a document with a macro will see a different warning: If this option isnt available to you for some reason, then until Microsoft reintroduces default blocking of macros in downloaded files, its vital to protect all work devices with reliable security solutions. In addition, we recommend training all company employees in the basics of cybersecurity, focusing on the following main points: Never download and then open unexpected files, even if they appear to come from a person or organization you trust. Its possible they were sent by scammers. Dont blindly consent to enabling content in files downloaded from the internet or received by e-mail. For normal content viewing, this shouldnt be necessary. If someone in an e-mail or on a website asks you to enable content, be especially suspicious.

image for HR contribution to c ...

 Business

Did you know you need to enlist the help of a Human Resources expert to successfully combat cyberthreats? Is that a surprise? It shouldnt be. Sure, there are technical experts who are responsible for cybersecurity on the server, computer and software levels. But the companys security cannot be ensured by technical   show more ...

measures alone; organizational ones are also needed. In particular, someone needs to train employees to recognize cybercriminals tricks and to counter them. This is where the experience and skills of HR specialists can come in handy. Why purely technical measures are not enough Some might say thats what IT and Infosec specialists are for! And thats partly right. The IT or security department probably does everything it can to reduce the risk of an attack and mitigate possible consequences. However, just one human error can nullify most of their efforts. In fact, all employees should keep cybersecurity issues in mind. For any one of them could unintentionally deal the companys reputation and finances a blow. All they need do is open a malicious attachment, or believe something like a message from the boss prompting them to transfer money to an unfamiliar account. Cybercriminals have been relying on employees mistakes and unawareness above all else over the past few years. Phishing has become the most popular means for them to get their hands on confidential data, which involves attempts to trick people into disclosing information using social engineering, spoofed e-mails or fake websites. These days, corporate security depends on every employee, and the company should inform every single one of them about the rules of secure work. Why IT and Infosec departments need help in efforts to educate colleagues Its the technical side theyre good at — working with people usually isnt a central role in their job descriptions, never mind educating other employees. If youre good at what you do — it doesnt necessarily mean you can explain how you do it, especially to people outside the field. What seems obvious to a security expert may not be familiar to a sales manager at all. Thats why a specialists instructions and talks are often too difficult to understand and dont produce the desired results. In addition, a lecture is generally not the most optimal format for learning. As our experience shows, few people really process information presented in this way. This is like fire safety training — it seems to be vital, but most perceive it as a formality. Even if someone really listens to the lecturer, in a best-case scenario he probably forgets about 70% of what was said in a couple of days. It is always better to have a training conducted by an HR employee who knows how to convey information to the employee in the right way. Not to mention that IT and InfoSec teams tend to be overloaded dealing with ongoing routine issues — from forgotten passwords to hundreds of notifications from security solutions, each of which may be a sign of an attack. That means there simply arent enough resources for unfamiliar strategic tasks such as security awareness training. Your company needs a new hero Youve no doubt got it by now: Human Resources specialists are indispensable in the fight against cyberthreats. An HR expert knows all the ins and outs of corporate training. So who could do a better job at communicating the importance of this mission to management? And we, for our part, are ready to provide all the resources and means necessary. As part of the Kaspersky Security Awareness services, weve collected a variety of trainings and educational programs for specialists and companies of different levels and experience — from the basics to highly specialized interactive simulations. Despite the fact that the topic is not easy, you do not need to be an expert in cybersecurity to arrange trainings. Our specialists have prepared and systematized all the necessary information, and even a person without experience in the field of information security can manage the process. Our blog can serve as an additional source of information that can help HR specialist learn about the latest cyberthreats and modern approaches to train others to protect against those threats in simple terms. From time to time we publish posts relevant to HR professionals, and we also we plan to publish additional materials that can help HRs make a persuasive case for your management and get support from the IT department.

image for Microsoft Patch Tues ...

 Security Tools

Microsoft today released updates to fix at least 86 security vulnerabilities in its Windows operating systems and other software, including a weakness in all supported versions of Windows that Microsoft warns is actively being exploited. The software giant also has made a controversial decision to put the brakes on a   show more ...

plan to block macros in Office documents downloaded from the Internet. In February, security experts hailed Microsoft’s decision to block VBA macros in all documents downloaded from the Internet. The company said it would roll out the changes in stages between April and June 2022. Macros have long been a trusted way for cybercrooks to trick people into running malicious code. Microsoft Office by default warns users that enabling macros in untrusted documents is a security risk, but those warnings can be easily disabled with the click of button. Under Microsoft’s plan, the new warnings provided no such way to enable the macros. As Ars Technica veteran reporter Dan Goodin put it, “security professionals—some who have spent the past two decades watching clients and employees get infected with ransomware, wipers, and espionage with frustrating regularity—cheered the change.” But last week, Microsoft abruptly changed course. As first reported by BleepingComputer, Redmond said it would roll back the changes based on feedback from users. “While Microsoft has not shared the negative feedback that led to the rollback of this change, users have reported that they are unable to find the Unblock button to remove the Mark-of-the-Web from downloaded files, making it impossible to enable macros,” Bleeping’s Sergiu Gatlan wrote. Microsoft later said the decision to roll back turning off macros by default was temporary, although it has not indicated when this important change might be made for good. The zero-day Windows vulnerability already seeing active attacks is CVE-2022-22047, which is an elevation of privilege vulnerability in all supported versions of Windows. Trend Micro’s Zero Day Initiative notes that while this bug is listed as being under active attack, there’s no information from Microsoft on where or how widely it is being exploited. “The vulnerability allows an attacker to execute code as SYSTEM, provided they can execute other code on the target,” ZDI’s Dustin Childs wrote. “Bugs of this type are typically paired with a code execution bug, usually a specially crafted Office or Adobe document, to take over a system. These attacks often rely on macros, which is why so many were disheartened to hear Microsoft’s delay in blocking all Office macros by default.” Kevin Breen, director of cyber threat research at Immersive Labs, said CVE-2022-22047 is the kind of vulnerability is typically seen abused after a target has already been compromised. “Crucially, it allows the attacker to escalate their permissions from that of a normal user to the same permissions as the SYSTEM,” he said. “With this level of access, the attackers are able to disable local services such as Endpoint Detection and Security tools. With SYSTEM access they can also deploy tools like Mimikatz which can be used to recover even more admin and domain level accounts, spreading the threat quickly.” After a brief reprieve from patching serious security problems in the Windows Print Spooler service, we are back to business as usual. July’s patch batch contains fixes for four separate elevation of privilege vulnerabilities in Windows Print Spooler, identified as CVE-2022-22022, CVE-2022-22041, CVE-2022-30206, and CVE-2022-30226. Experts at security firm Tenable note that these four flaws provide attackers with the ability to delete files or gain SYSTEM level privileges on a vulnerable system. Roughly a third of the patches issued today involve weaknesses in Microsoft’s Azure Site Recovery offering. Other components seeing updates this month include Microsoft Defender for Endpoint; Microsoft Edge (Chromium-based); Office; Windows BitLocker; Windows Hyper-V; Skype for Business and Microsoft Lync; and Xbox. Four of the flaws fixed this month address vulnerabilities Microsoft rates “critical,” meaning they could be used by malware or malcontents to assume remote control over unpatched Windows systems, usually without any help from users. CVE-2022-22029 and CVE-2022-22039 affect Network File System (NFS) servers, and CVE-2022-22038 affects the Remote Procedure Call (RPC) runtime. “Although all three of these will be relatively tricky for attackers to exploit due to the amount of sustained data that needs to be transmitted, administrators should patch sooner rather than later,” said Greg Wiseman, product manager at Rapid7. “CVE-2022-30221 supposedly affects the Windows Graphics Component, though Microsoft’s FAQ indicates that exploitation requires users to access a malicious RDP server.” Separately, Adobe today issued patches to address at least 27 vulnerabilities across multiple products, including Acrobat and Reader, Photoshop, RoboHelp, and Adobe Character Animator. For a closer look at the patches released by Microsoft today and indexed by severity and other metrics, check out the always-useful Patch Tuesday roundup from the SANS Internet Storm Center. And it’s not a bad idea to hold off updating for a few days until Microsoft works out any kinks in the updates: AskWoody.com usually has the lowdown on any patches that may be causing problems for Windows users. As always, please consider backing up your system or at least your important documents and data before applying system updates. And if you run into any problems with these updates, please drop a note about it here in the comments.

 Malware and Vulnerabilities

Fortinet researchers stumbled across a malicious document that not only exploited the Follina vulnerability (CVE-2022-30190) but also pulls in the Rozena backdoor. The main aim of Rozena is to inject a shellcode that executes a reverse shell to the attacker’s machine, enabling them to take full control of the system. Users should apply the patch against the flaw as soon as possible.

 Malware and Vulnerabilities

FortiGuard Labs has observed a growing number of active droppers including Microsoft Excel, Windows shortcut, and ISO image files, during the second quarter of 2022. The emails sometimes contain a password-protected ZIP as an attachment, carrying the droppers. Users are suggested to deploy an email gateway protection and provide training to employees on spotting phishing emails.

 Breaches and Incidents

A large-scale phishing campaign is leveraging the Anubis Network, a C2 portal, to target internet users in Portugal and Brazil since March. A feature, called the email temp, has been added in this new version of the C2 portal that allows the operators to create new domains and use internal emails to control all the   show more ...

processes. Breaches continue to become common, phishing awareness trainings to users and employees is imperative.

 Expert Blogs and Opinion

Of all the signals given off by smartphones in the normal course of operation, location data is perhaps the most valuable during battle. Unlike captured conversations or call metadata, location data is actionable immediately.

 Malware and Vulnerabilities

Older AMD and Intel chips are vulnerable to yet another Spectre-based speculative-execution attack that exposes secrets within kernel memory despite defenses already in place. Mitigating this side channel is expected to take a toll on performance.

 Malware and Vulnerabilities

AWS fixed three authentication bugs present in the code of its IAM Authenticator for Kubernetes, used by the cloud giant's popular managed Kubernetes service Amazon EKS, that could allow an attacker to escalate privileges within a Kubernetes cluster.

 Malware and Vulnerabilities

Eight months after disclosing a high-severity privilege escalation flaw in vCenter Server's Integrated Windows Authentication (IWA) mechanism, VMware has finally released a patch for one of the affected versions.

 Govt., Critical Infrastructure

In a Saturday meeting with northwestern state officials, Home Affairs Minister Amit Shah said New Delhi will collaborate with states on a strategy even as he urged local governments to take strict action against cybercriminals.

 Identity Theft, Fraud, Scams

INKY recently detected a new variant of the tried-and-true phone scam. This time, the perps abused QuickBooks, an accounting software package used primarily by small business and midmarket customers who lack in-house finance and accounting teams.

 Companies to Watch

The company plans to use Kormoon's codified repository of data privacy rules across 46 jurisdictions globally to inform and automate policies on Privitar's data provisioning platform, says co-founder and CEO Jason du Preez.

 Malware and Vulnerabilities

Researchers from ETH Zurich have revealed that threat actors can exploit two new vulnerabilities, collectively called Retbleed, to obtain sensitive data and passwords from memory. 

 Feed

A vulnerability exists within Sourcegraph's gitserver component that allows a remote attacker to execute arbitrary OS commands by modifying the core.sshCommand value within the git configuration. This command can then be triggered on demand by executing a git push operation. The vulnerability was patched by   show more ...

introducing a feature flag in version 3.37.0. This flag must be enabled for the protections to be in place which filter the commands that are able to be executed through the git exec REST API.

 Feed

Ubuntu Security Notice 5510-2 - USN-5510-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 16.04 ESM. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain inputs. An attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code and escalate privileges.

 Feed

The operators behind the Qakbot malware are transforming their delivery vectors in an attempt to sidestep detection. "Most recently, threat actors have transformed their techniques to evade detection by using ZIP file extensions, enticing file names with common formats, and Excel (XLM) 4.0 to trick victims into downloading malicious attachments that install Qakbot," Zscaler Threatlabz

 Feed

Microsoft released its monthly round of Patch Tuesday updates to address 84 new security flaws spanning multiple product categories, counting a zero-day vulnerability that's under active attack in the wild. Of the 84 shortcomings, four are rated Critical, and 80 are rated Important in severity. Also separately resolved by the tech giant are two other bugs in the Chromium-based Edge browser, one

 Feed

Cybersecurity researchers have uncovered new variants of the ChromeLoader information-stealing malware, highlighting its evolving feature set in a short span of time. Primarily used for hijacking victims' browser searches and presenting advertisements, ChromeLoader came to light in January 2022 and has been distributed in the form of ISO or DMG file downloads advertised via QR codes on Twitter

 Feed

The U.S. Federal Trade Commission (FTC) warned this week that it will crack down on tech companies' illegal use and sharing of highly sensitive data and false claims about data anonymization. "While many consumers may happily offer their location data in exchange for real-time crowd-sourced advice on the fastest route home, they likely think differently about having their thinly-disguised online

 Feed

Consumer electronics maker Lenovo on Tuesday rolled out fixes to contain three security flaws in its UEFI firmware affecting over 70 product models. "The vulnerabilities can be exploited to achieve arbitrary code execution in the early phases of the platform boot, possibly allowing the attackers to hijack the OS execution flow and disable some important security features," Slovak cybersecurity

 Feed

Microsoft on Tuesday disclosed that a large-scale phishing campaign targeted over 10,000 organizations since September 2021 by hijacking Office 365's authentication process even on accounts secured with multi-factor authentication (MFA). "The attackers then used the stolen credentials and session cookies to access affected users' mailboxes and perform follow-on business email compromise (BEC)

 Feed

Often, organizations think of firewall security as a one-and-done type of solution. They install firewalls, then assume that they are "good to go" without investigating whether or not these solutions are actually protecting their systems in the best way possible. "Set it and forget it!" Instead of just relying on firewalls and assuming that they will always protect their businesses from cyber

 Feed

Security researchers have uncovered yet another vulnerability affecting numerous older AMD and Intel microprocessors that could bypass current defenses and result in Spectre-based speculative-execution attacks. Dubbed Retbleed by ETH Zurich researchers Johannes Wikner and Kaveh Razavi, the issues are tracked as CVE-2022-29900 (AMD) and CVE-2022-29901 (Intel), with the chipmakers releasing 

2022-07
Aggregator history
Wednesday, July 13
FRI
SAT
SUN
MON
TUE
WED
THU
JulyAugustSeptember