Microsoft security updates, Trojans attack Google and the SEC announces enforcement action for SolarWinds….Here are the latest threats and advisories for the week of November 11, 2022.
Threat Advisories and Alerts
FBI Announces That Hacktivist DDoS Attacks Can Have Minimal Impact
As Russian military attacks on Ukraine continue, hacktivists are using DDoS attacks to target critical infrastructure companies. The FBI has released a notification emphasizing that these attacks can have minimal impact with the right mitigations. Hacktivists often try to exaggerate and publicize the severity of their attacks by posting about them in the news and on social media. Their actions often cause greater psychological impact on victims than disruption of services. See the FBI notification in the link below to learn how to mitigate hacktivist attacks.
Source: https://www.ic3.gov/Media/News/2022/221104.pdf
11 Critical Vulnerabilities Highlight Microsoft’s Patch Tuesday
Microsoft’s patch Tuesday comes with fixes for a laundry list of security flaws, including six bugs that are being actively exploited in the wild, 11 critical flaws and 22 vulnerabilities that have been labeled "more likely to be exploited" than not. The complete list of Microsoft’s recently released security patches can be found on the tech giant’s November 2022 Security Updates page.
Source: https://www.theregister.com/2022/11/09/microsoft_november_2022_patch_tuesday/
Malicious Trojan Allows Cybercriminals to Hijack Google Chrome
Google Chrome is in the news again this week. This time for a malicious extension named Cloud9, which acts as a remote access trojan (RAT), enabling a cybercriminal to remotely execute commands and control the browser. Once Google Chrome becomes infected, a threat actor can steal online accounts, log keystrokes and enlist the browser in DDoS attacks. The malicious extension isn’t on the official Chrome web store, but is instead being circulated via other means, such as fake Adobe Flash Player updates.
Emerging Threats and Research
Banking Trojan Gets 100,000+ Downloads on Google Play
The Android banking trojan Vultur has been running rampant in the Google Play Store, racking up more than 100,000 downloads. According to cybersecurity company Cleafy, threat actors choose official app stores to deliver malware because the platforms provide greater visibility and therefore a higher chance to defraud victims. As for how the malware impacts users, Cleafy said, “Once the banking trojan (Vultur) has been downloaded and installed through a fake update, threat actors can observe everything that happens on the infected devices and carry out bank fraud through account takeover attacks.”
Source: https://www.infosecurity-magazine.com/news/vultur-android-banking-trojan/
SolarWinds Faces Enforcement Action from SEC over 2020 Breach
The US Securities and Exchange Commission (SEC) has announced it plans to take enforcement action against SolarWinds for its massive 2020 data breach. The software company allegedly misrepresented its security posture before and during the attack and didn’t do enough to secure customer data. Government agencies like NASA, Homeland Security and the Justice Department were compromised during the incident, along with many private companies, hospitals, universities and Fortune 500 firms.
Source: https://www.infosecurity-magazine.com/news/sec-enforcement-action-solarwinds/
Maple Leaf Foods’ Operations Disrupted after Weekend Cyberattack
Canada’s biggest prepared meats and poultry food producer Maple Leaf Foods was hit by a cyberattack this past weekend. The incident has caused a system outage and disruption to normal business operations that is expected to continue as the food producer works towards recovery. Though an investigation into the attack is underway, it’s yet to determine how the incident occurred.
Microsoft Announces Availability of Passwordless Authentication
As bring your own device (BYOD) policies become even more popular in the post-pandemic workspace, Microsoft is rolling out another way to protect tablets and smartphones. Microsoft has announced the availability of its Azure Active Director certificate-based authentication, a secure alternative to passwords in a BYOD environment that can prevent phishing attacks designed to sidestep multifactor authentication.
Source: https://www.theregister.com/2022/11/07/microsoft_azure_phishing_mfa/
ENISA Study Highlights How Geopolitical Turmoil Has Shaped the Cybersecurity Threat Landscape
ENISA, the European Union (E.U.) Agency for Cybersecurity, released its annual Threat Landscape report this week, covering the year from July 2021 up to July 2022. Ransomware still fares as one of the primary threats in the new report, with phishing now identified as the most common initial vector of such attacks. Distributed Denial of Service (DDoS) attacks also rank highly, as do zero-day exploits and AI-enabled disinformation and deepfakes.
Source: https://www.helpnetsecurity.com/2022/11/08/cybersecurity-threat-landscape-2022/
To stay updated on the latest cybersecurity threats and advisories, look for weekly updates on the (ISC)² blog. Please share other alerts and threat discoveries you’ve encountered and join the conversation on the (ISC)² Community Industry News board.