WME Security Briefing 27 April 2024

WME Cybersecurity Briefings No. 007

Critical Security Advisory | US Federal Agencies Ordered to Remove Suspect Foreign Software

Overview

  • The latest guidelines from the US Cybersecurity and Infrastructure Security Agency (CISA) insist that federal agencies must identify and remove software products linked to foreign adversaries. The campaign homes in on software emanating from firms in countries seen as a national security danger.
  • The listed types of software include network management and data services, which, despite being vital to federal operations, also have the potential to be backdoors for surveillance and data theft.

Impact

  • Such software vulnerabilities in federal systems allow any stranger to have a free pass and thus engage in espionage. This would compromise the sensitive data the government holds, and thus, national and infrastructure security will be compromised.
  • CISA assessed this as a high risk due to foreign entities’ impact on critical infrastructure and the wide range of uses within many federal departments.

Recommendation

  • These federal agencies are encouraged to assess their current software inventory for the products developed by foreign entities listed in CISA.
  • Any such products should be removed immediately and replaced, followed by a full audit of the network to ascertain that no remaining vulnerability exists.
  • Other software solutions from reputable vendors that meet the latest domestic security standards are recommended to be used by CISA.

Security Alert: Arrest Warrant Issued for Suspected Cybercriminal in Germany

Overview

  • German authorities arrested a suspect cybercriminal with participation in many assaults on critical infrastructures, following the search of his residence.
  • The person, exploiting the vulnerabilities of the systems of public utilities, has caused great harm.
  • This statement came after thorough investigations by the Federal Cyber Protection Agency of Germany.

Impact

  • Interruptions in infrastructure: The majority of the subjects of the attack were public utilities with the main aim of causing temporary shutdowns and disorder, affecting public services.
  • Data Breach: The personal data of thousands of citizens was compromised, bringing about huge concerns about privacy and security.
  • Increased Alertness: The cases have led to beefed-up cyber security even in all other sectors that are prone to similar attacks.

Recommendation

  • Enhanced Security Protocols: Organizations should enhance their cybersecurity defenses in areas that have previously been established as weaknesses.
  • Regular System Audit: A systematic audit of IT systems to identify and recognize possible loopholes in security and get rid of them.
  • Public awareness: Create awareness among the stakeholders and the public about the necessity of adopting security best practices.

Security Brief: APT28 Exploits Windows Print Spooler Vulnerability

Overview

A vulnerability has been found in the Windows Print Spooler service which is under attack by the notorious Russian cyber-espionage group APT28 (Fancy Bear). The vulnerability is active in the wild and has been used to compromise several high-profile targets across the globe actively. Microsoft has identified this vulnerability and released security updates that would help reduce the associated risk of exploitation.

Impact

  • System Compromise: The exploit provides APT28 with unauthorized admin privileges, thereby allowing them to install malware, view, change, or delete data, and create new accounts with full user rights.
  • Data Breach: The confidential data of the affected organizations, including the military and government, are at risk of being breached and manipulated.
  • Operational disruption: Systems and services that are organizationally important may not be available, hence leading to operational and security breaches within the organization.

Recommendation

  • All organizations using Windows systems for the Print Spooler service should immediately install provided patches by Microsoft.
  • Increase the level of monitoring in system and network activities for earlier detections of any form of compromise.
  • Conduct a review of system accesses and privileges and a security audit to ensure no unauthorized change was made during the vulnerability period.

Security Advisory: Detailed Breakdown of Newly Uncovered Windows Path Conversion Vulnerabilities

Overview

A new report from Israeli cybersecurity outfit SafeBreach details critical vulnerabilities in the Windows path conversion mechanism, first revealed just last week at the Black Hat Asia conference. The vulnerabilities arise during the conversion from DOS paths to NT paths, most often done by any number of functions throughout the Windows operating system.

Impact

Path Manipulation: As for the user, whenever a path is provided as an argument to any function they call, the system will translate DOS paths into NT paths. In the course of conversion, trailing dots in any part of the path element and trailing space in the last element are thrown away.

Security Implications: Such manipulations can serve as very good exploitation opportunities for malicious actors to break security mechanisms and lead to various kinds of unauthorized access or information disclosure.

Affected APIs: Most user-space APIs in Windows are affected, which means that a huge number of apps and services are affected.

Recommendation

  • Patch and Update: Users are highly encouraged to apply the patches promptly (if any issued by Microsoft) that address the said vulnerabilities.
  • Code review and testing are prime aspects for every developer and system administrator. For the affected API, it is crucial to test the application under every possible system exploitation scenario.
  • Monitor and Audit: Continuous monitoring of unusual system behavior and regular audit of the system logs may be very helpful for early detection of potential exploits.

Microsoft Identifies North Korean Hacking Campaign Targeting Research Institutions

Overview

Microsoft is warning of a new sophisticated hacking campaign by North Korean-linked “Kimsuky” cyber-actors targeting global research institutions and think tanks. The spear-phishing and social engineering attacks campaign range from espionage to exfiltrating sensitive information across nuclear, defense, and human rights research organizations.

Impact

  • Data Theft: The main motivation comes from exfiltration, in which data is transferred out of a computer system, stealing confidential research, and intellectual property.
  • Targeted Organizations: Institutions in Policy Research and National Security, United States, Japan, and South Korea.
  • The attacks are based on carefully crafted phishing emails pretending to be legitimate communications and usually use stolen credentials for initial access.

Recommendation

  • Enhanced Vigilance: You must sensitize the staff on the risks of spear-phishing and, in the same spirit, discourage their inclination to open attachments and carelessly click on the links contained in the emails.
  • Advanced Security Measures: Implement MFA, periodic password renewal, and tracking of network traffic.
  • Incident Response Plan: Ensure that you have an effective incident response plan to react quickly to breaches or suspected malicious activities.

 Windows Management Experts

Now A Microsoft Solutions Partner for:

✓ Data & AI

✓ Digital and App Innovation

✓ Infrastructure

✓ Security

The Solutions Partner badge highlights WME’s excellence and commitment. Microsoft’s thorough evaluation ensures we’re skilled, deliver successful projects, and prioritize security over everything. This positions WME in a global tech community, ready to innovate on the cloud for your evolving business needs.

CTA: Know More

Why not reach out to us at WME?

Contact us and let us transform your business’s security into a strategic advantage for your business. Be sure, with WME, you’re just beginning a path toward a more streamlined and secure future.

Contact us: sales@winmgmtexperts.com

Share:

Facebook
Twitter
LinkedIn

Contact Us

=
On Key

More Posts

WME Security Briefing 27 May 2024

Kinsing Hacker Group Exploits Docker Vulnerabilities Overview Recent investigations have shown that the hacker group Kinsing is actively exploiting Docker vulnerabilities to gain unauthorized access to systems. The modified hacker group targets misconfigured Docker API ports deployed with cryptocurrency mining malware.

Read More »
WME Cybersecurity Briefings No. 010
Cyber Security

WME Security Briefing 20 May 2024

Advanced Persistent Threats: North Korean Hackers Launch Golang Malware Overview A new malware strain, called Titan Stealer, is currently actively circulating in the threat landscape, targeting a variety of personal data and linked to North Korean state-sponsored cyber espionage

Read More »
WME Cybersecurity Briefings No. 009
Cyber Security

WME Security Briefing 08 May 2024

Exploitable vulnerability in Microsoft Internet Explorer, used to deploy VBA Malware Overview Cybersecurity researchers discovered a severe exploitation targeting a bug that had already been patched in the Microsoft Internet Explorer browser. Their report added that

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.

=