WME Security Briefing 08 May 2024

WME Cybersecurity Briefings No. 009

Exploitable vulnerability in Microsoft Internet Explorer, used to deploy VBA Malware

Overview

Cybersecurity researchers discovered a severe exploitation targeting a bug that had already been patched in the Microsoft Internet Explorer browser.

Their report added that the exploit leverages the deployment of a VBA (Visual Basic for Applications) RAT (remote access trojan), allowing high amounts of control over the targeted system. Noteworthy is the fact that the vulnerability was traced back to a group working under the North Korean Lazarus Group and given the code CVE-2021-26411.

Impact

The exploit uses a decoy document that causes a body of embedded malicious code to be triggered and allows for the execution of a RAT. This allows the user to execute commands on the victim’ system just as one would from an open terminal, stealing sensitive data on the system or manipulating files. This provides the additional functionalities for the RAT to enable hackers to evade detection by antivirus solutions.

Recommendation

Organizations should make sure that their systems do not operate on the outdated Internet Explorer browser, which is among the prime targets by attackers. It is therefore important that you update to the latest browsers and apply all recent security patches to avert exploitation.

The proactive means would include continued monitoring to ascertain any unusual network patterns and staff training on the dangers of opening unknown attachments to their email.

Ongoing North Korean Cyber Threats to Blockchain Sectors

Overview

The North Korean hacker group, known as Hidden Cobra (also Lazarus Group), has continued to launch serious attacks against targets worldwide. The most recent warnings came from U.S. Treasury, CISA, and FBI over ongoing cyber-attacks squarely focused on the blockchain and cryptocurrency sector, including exchanges, DeFi protocols, and companies involved in cryptocurrency trading.

Impact

Their activities are subtle and harmful. Spearheaded by the Hidden Cobra group’s spear-phishing campaigns and malware-laden applications, this attack was directed at your cryptocurrency and valuable NFTs. The group is also associated with some financial thefts, among them high-profile cryptocurrency platform breaches that have swindled over $80 million.

Recommendation

Businesses operating in this sector should promptly implement the security practices. We recommend, among others, encouraging such attempts related to spear-phishing active monitoring, endpoint protection from unauthorized access, and auditing systems for indications of compromise that are commonly used by the group.

Major Platforms Adopt Google’s Passkeys: A Move Towards a Password-less Future

Overview

Google has announced broad adoption of the use of passkeys—seen as a more secure option to passwords in major platforms that include Apple and Microsoft. The move is just an addition to the attempts to simplify and secure user authentication.

Impact

This shift to passkeys will largely diminish rampant security threats, such as phishing and credential theft. With a device-specific and cryptographically secure passkey, users can log into their accounts without a glitch but in a way much more secure than with a traditional password.

Recommendation

We recommend users and system administrators migrate to a passkey-based authentication mechanism. Your devices and systems should be updated to the latest OS compliant with the use of passkeys. Follow detailed setup instructions provided by your device or service provider for turning on passkeys.

Critical Vulnerabilities in Cisco Small Business Switches

Overview

The latest security update issued by Cisco has exposed critical vulnerabilities to its Small Business Series Switches. The vulnerabilities, if exploited, due to the insufficiency in web interface requests’ validation, may result in an unauthenticated remote attack to execute arbitrary code or throw a denial of service (DoS) condition on these devices.

Impact:

These vulnerabilities are rated as high and critical, with respective CVSS scores of up to 9.8.

Affected product families include:

  • 250, 350, 350X, and 550X series – all with updated firmware.
  • 200, 300, and 500 Series in the end-of-life process, they will not receive patches.

These vulnerabilities can be exploited to the gain of an attacker taking over the root access device whereby code could be run remotely, or even DoS attacks on the device service.

Recommendation:

The company advised all users of the affected models to immediately update their firmware with the patched versions to avert the risks. In instances where models are not patched, replacement of such devices with those that are supported will guarantee the model is reliable and safe.

Critical Android App Security Breach

Overview

A latest research identified a malware breach of more than 400 Android and iOS applications targeting the theft of Facebook log-in credentials. The malware impersonates various utilities and games, including the Google Play and Apple App Stores.

Impact

The compromised applications ranged from photo editors, VPNs, to flashlight applications, and mobile games. Once installed, the programs would immediately prompt the user to log in with Facebook credentials, which are stolen by the malware. In other words, a violation of security might lead to personal account hacking, access to confidential data, and fraud even in a monetary system.

Recommendation

●      Users should uninstall any suspicious apps immediately.

●      Change the password of all important accounts and set them up using two-factor authentication.

General Preventive Measures:

●      Continue reviewing app permissions.

●      Be wary of those who ask to log in via social media for very basic functions.

●      Try to recognize scam apps. These include bad user reviews and promises that sound too good to be true.

Windows Management Experts

Now A Microsoft Solutions Partner for:

✓ Data & AI

✓ Digital and App Innovation

✓ Infrastructure

✓ Security

The Solutions Partner badge highlights WME’s excellence and commitment. Microsoft’s thorough evaluation ensures we’re skilled, deliver successful projects, and prioritize security over everything. This positions WME in a global tech community, ready to innovate on the cloud for your evolving business needs.

Know More

Why not reach out to us at WME?

Contact us and let us transform your business’s security into a strategic advantage for your business. Be sure, with WME, you’re just beginning a path toward a more streamlined and secure future.

Contact Us

Share:

Facebook
Twitter
LinkedIn

Contact Us

=
On Key

More Posts

WME Security Briefing 27 May 2024

Kinsing Hacker Group Exploits Docker Vulnerabilities Overview Recent investigations have shown that the hacker group Kinsing is actively exploiting Docker vulnerabilities to gain unauthorized access to systems. The modified hacker group targets misconfigured Docker API ports deployed with cryptocurrency mining malware.

Read More »
WME Cybersecurity Briefings No. 010
Cyber Security

WME Security Briefing 20 May 2024

Advanced Persistent Threats: North Korean Hackers Launch Golang Malware Overview A new malware strain, called Titan Stealer, is currently actively circulating in the threat landscape, targeting a variety of personal data and linked to North Korean state-sponsored cyber espionage

Read More »
WME Cybersecurity Briefings No. 009
Cyber Security

WME Security Briefing 08 May 2024

Exploitable vulnerability in Microsoft Internet Explorer, used to deploy VBA Malware Overview Cybersecurity researchers discovered a severe exploitation targeting a bug that had already been patched in the Microsoft Internet Explorer browser. Their report added that

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.

=