Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings . This review is for the week ending Saturday, November 5th, 2022.
The week started with a writeup detailing a data breach, The Australian Department of Defence appears to be the latest victim of a data breach. A communications platform called ForceNet used by military personnel and public servants from the Defence department. This platform is hit by a ransomware attack. Another data breach detailing about the Adrastea threat actor involved in a data breach of a European missile manufacturer having ties to NATO, MBDA.
Researchers from Symantec have discovered the details of previously unknown tools and techniques used in a stealthy campaign by a suspected threat actor known as Cranefly using malware called Denafun. 0patch released an unofficial patch for an actively exploited security vulnerability in Microsoft Windows that allows bypassing Mark-of-the-Web (MotW) protections by using files signed with malformed signatures.
The US CISA has issued a new report outlining baseline cybersecurity performance goals for all critical infrastructure sectors. SQLite database engine has been patched with a high severity vulnerability that attackers could exploit to crash or control programs that rely on the software. They have revised the software with a patch to defend against the flaw which is difficult to exploit
ConnectWise has patched a critical RCE flaw impacting Recover and R1Soft Server Backup Manager. The vulnerability is an Improper Neutralization of Special Elements in Output Used by a Downstream Component. An attacker can exploit the vulnerability to execute remote code or directly access confidential data.
Two high severity security vulnerabilities affecting OpenSSL were made public, which were the issues that led to Fedora 37 being delayed to mid November to allow the release images have mitigated OpenSSL packages. A newly disclosed vulnerability in Microsoft Azure Cosmos DB called CosMiss was found to open the door to an attacker without needing authentication under certain conditions.
Threat actors used employee login information they had obtained through phishing to log into one of Dropbox’s GitHub accounts, where they stole 130 code projects. When GitHub alerted the organization to suspicious behavior that began the day before the notice was given, on October 14, the company learned that the account had been compromised by the attackers.
Qualys introduced TotalCloud with FlexScan delivering cloud-native VMDR with Six Sigma Accuracy by both agent and agent-less scanning for comprehensive coverage of cloud-native posture management and workload security across multi-cloud and hybrid environments.
Grafana Labs is releasing two open-source tools Phlare and Faro designed to help developers make their applications more efficient and resolve software errors faster. 1Password, a password manager solution has acquired Passage, a company that focused on wiping out passwords as a form of authentication.
Fortinet addressed 16 vulnerabilities in its products portfolio’s, in which six flaws received a ‘high’ severity rating. Continental, a german multinational automotive parts manufacturer is the new victim of Lockbit ransomware group.
Azul Systems this week announced the launch of Azul Vulnerability Detection, a new software-as-a-service product designed to continuously detect known security vulnerabilities in Java applications to help enterprise customers avoid risk from software supply chain attacks.
Black Basta ransomware has been linked to the notorious Russian cybercrime group known as FIN7. Research Analysis of the operation indicated that the threat actor is developing their toolkit in-house and might be collaborating with a small number of affiliates.
Tanium updated with a capability for detecting libraries and software packages with known vulnerabilities within a software bill of materials (SBOM) manifest that can then be used to automate remediation of endpoints running vulnerable code. Attackers are using W4SP stealer, for creating fake Python packages and use rudimentary obfuscation techniques in an attempt to infect developers. W4SP, a trojan that is designed to steal crypto information, exfiltrate sensitive data, and collect credentials from developers’ systems.
Microsoft comes with a warning on nation-state actors increasingly leveraging publicly-disclosed zero-day vulnerabilities for breaching target environments. Microsoft in its Digital defence report noted that it only takes 14 days on average for an exploit to be available in the wild after public disclosure of a flaw, stating that while zero-day attacks are initially limited in scope, they tend to be swiftly adopted by other threat actors, leading to indiscriminate probing events before the patches are installed.