web analytics

Breach Roundup: Microsoft Patches Zero-Day Active Since 2023 – Source: www.databreachtoday.com

breach-roundup:-microsoft-patches-zero-day-active-since-2023-–-source:-wwwdatabreachtoday.com
Rate this post

Source: www.databreachtoday.com – Author: 1

Cybercrime
,
Fraud Management & Cybercrime
,
Incident & Breach Response

Also: Europol Decries Mobile Encryption; FBCS Breach Victim Count Grows

Anviksha More (AnvikshaMore) •
July 11, 2024    

Breach Roundup: Microsoft Patches Zero-Day Active Since 2023
Image: Shutterstock

Every week, Information Security Media Group rounds up cybersecurity incidents and breaches around the world. This week, Microsoft and Adobe released patches, Europol pushed back against mobile encryption, Japan warned of Kimsuky attacks, the FBCS breach victim count grew, and a fraud campaign offered fake tickets to the Summer Olympics in Paris.

See Also: Webinar | 2023 OT Cybersecurity Year in Review: Lessons Learned from the Frontlines

Microsoft Fixes Windows Zero-Day Flaw

Microsoft’s July Patch Tuesday included security updates for 142 flaws, including two actively exploited zero-days, one of which hackers may have exploited as early as January 2023.

That flaw, tracked as CVE-2024-38112, allowed hackers to send a Windows Internet Shortcut file that would open Internet Explorer to visit a malicious website. Researchers from Check Point who discovered the flaw said attackers “could do many bad things because IE is insecure and outdated.” Microsoft long ago deprecated its former flagship browser but can’t quite seem to fully shake it off, much to the delight of hackers.

Hackers taking advantage of the flaw executed attacks in a two-step move that first directed the operating system to use IE rather than a modern browser to open the malicious file. The second trick was fooling victims into believing they opened a PDF file “while in fact, they are downloading and executing a dangerous .hta application,” Check Point said. A researcher told Dark Reading that at least two likely different threat actors have exploited the flaw to target individuals in Vietnam and Turkey. Hackers behind on campaign have been dropping an info stealer used to grab financial and credential data.

Redmond also patched CVE-2024-38080, a Hyper-V elevation of privileges vulnerability that attackers could use to gain systems privileges in the Microsoft virtual machine hypervisor.

Adobe Releases Critical Patches for Multiple Products

Adobe released critical patches Tuesday addressing security defects in several enterprise products that affect Windows and macOS. The company identified seven vulnerabilities across Premiere Pro, InDesign and Adobe Bridge and urged users to install the patches immediately to prevent potential arbitrary code execution attacks.

Adobe Premiere Pro has an untrusted search path vulnerability. Adobe InDesign faces memory safety issues and Adobe Bridge is affected by integer overflow and out-of-band read vulnerabilities.

Adobe did not say whether there were any known exploits in the wild.

Europol Proposes Solutions for Home Routing Problems

Europol said steps meant to ensure that Europeans don’t pay through the nose for mobile internet when crossing national borders have had the unintended side effect of making it harder to intercept criminal communications.

The police coordination agency said criminals have taken advantage of Home Routing, the policy that makes it possible for a telecom to process calls, messages and data through the customer’s domestic network rather than through the network of a foreign country.

When communications are encrypted by the telecom, police in the foreign country can’t view the traffic unless both countries have a law enforcement cooperation agreement. Police otherwise must submit a cross-border investigation order to obtain access – a process that can take up to 120 days, Europol said. Criminals have figured this out and have started using SIM cards purchased in third countries, it said.

In a position paper, Europol said that telecoms should consider routinely unencrypting Home Routing communications. Or as an alternative, it said, telecoms should make it possible for law enforcement to directly request the content of a suspect’s communications. “However, the service provider in another Member State would become aware of the person(s) of interest; operationally this might not always be desirable,” Europol said.

Japan Warns of Kimsuky Attacks Targeting Organizations

Japan’s Computer Emergency Response Team Coordination Center warned that North Korean Kimsuky hackers are targeting Japanese organizations. Kimsuky is an advanced persistent threat group that conducts global attacks to gather intelligence for the North Korean government.

Recent reports indicate that Kimsuky is distributing CHM malware in Korea. The malware, which is in a Microsoft proprietary format, is used for displaying HTML help pages. It executes malicious scripts to exfiltrate user information and perform keylogging. The latest malware variants employ sophisticated obfuscation to evade detection.

FBCS Breach Victim Count Grows

A breach at debt collection agency Financial Business and Consumer Solutions potentially exposed information of over 4 million individuals, according to a regulatory filing released on Monday. The Pennsylvania company initially discovered the breach in February and reported the number of affected individuals as 2 million. The breach, which occurred in February, compromised names, birthdates, Social Security numbers, driver’s license numbers and sensitive medical information.

Olympics Ticket Buyers Targeted

A fraud campaign, dubbed Ticket Heist, is targeting Russian-speaking users with over 700 domains offering fake tickets for the Summer Olympics in Paris and other major events. Researchers from QuoIntelligence discovered the operation. They said some domains date back to 2022, and around 20 new domains are registered monthly.

The fake websites, which mimic legitimate ticket sellers, inflate prices to as much as 1,000 euros. The domains share the same IP address and use similar subdomains and JavaScript files. The operation also includes fake tickets for the UEFA European Championship and concerts in Russia, indicating a primary target of Russian-speaking users.

The French National Gendarmerie recently reported 338 similar scam sites.

Other Coverage From Last Week

Original Post url: https://www.databreachtoday.com/breach-roundup-microsoft-patches-zero-day-active-since-2023-a-25750

Category & Tags: –

Views: 0

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

Joas Antonio
ChatGPT for Cybersecurity by Joas Antonio dos Santos – malwareanalysis #reverseengineering
ChatGPT for Cybersecurity by Joas...
CISO2CISO Notepad Series
How Can We Structure Cybersecurity Teams To Better Integrate Security In Agile At Scale?
How Can We Structure Cybersecurity...
OCCUPYTHEWEB
Linux Basics for Hackers by Occupytheweb
Linux Basics for Hackers by...
NIST
Digital Forensics and Incident Response (DFIR) Framework for Operational Technology (OT) by NIST – Eran Salfati and Michael Pease
Digital Forensics and Incident Response...
Think Big Blog
Top 10 TED Talks to Learn about Cyber Security
Top 10 TED Talks to...
NCSC
NCSC Cyber Security for Small Business “SMEs” Guide.
NCSC Cyber Security for Small...
Marcos Jaimovich
The Silent Spectre Haunting Your Network: QPhishing, the CISO’s Unspoken Nightmare.
The Silent Spectre Haunting Your...
Marcos Jaimovich
Goodbye to Traditional: Why Conventional Cybersecurity Tools are No Longer Sufficient for the Future of Digital Threats ?
Goodbye to Traditional: Why Conventional...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...
IZZMIER
Incident Response Playbooks & Workflows Ready for use in your SOC & Redteams
Incident Response Playbooks & Workflows...
LOGPOINT
396 Use Cases & Siem Rules Code ready for use for Mitre Attacks Events Detection in Your SOC by Logpoint
396 Use Cases & Siem...

LASTEST PUBLISHED POSTS

CASOS DE USO APLICABLES EN UN SIEM
CASOS DE USO APLICABLES EN...
IGNITE Technologies
Burp Suite for Pentester
Burp Suite for Pentester
The Institute of Internal auditors
Auditing Risk Culture
Auditing Risk Culture
DevSecOps Guide
ATTACKING PHP APPLICATIONS
ATTACKING PHP APPLICATIONS
DevSecOps Guide
ATTACKING KUBERNETES WITH SECURITY BEST PRACTICE
ATTACKING KUBERNETES WITH SECURITY BEST...
CLTC WHITE PAPER SERIES
Guidance for the Development of AI Risk and Impact Assessments
Guidance for the Development of...
Active Directory
Active Directory IT AuditChecklist
Active Directory IT AuditChecklist
A guide to business continuity planning
A guide to business continuity...
LOG RHYTHM
Using MITRE ATT&CK™ in Threat Huntingand Detection
Using MITRE ATT&CK™ in Threat...
Kaspersky
H2 2023 – A brief overviewof main incidentsin industrial cybersecurity
H2 2023 – A brief...
Andrey Prozorov
24 Great Cybersecurity Frameworks
24 Great Cybersecurity Frameworks
ENISA-EUROPA
SEGURIDAD DE TELECOMUNICACIONES
SEGURIDAD DE TELECOMUNICACIONES

More Latest Published Posts

SF-ISAC
Digital Operational Resilience Act
Digital Operational Resilience Act
SYNGRESS
DIGITAL FORENSICS WITH Open Source TOOLS
DIGITAL FORENSICS WITH Open Source TOOLS
IT REVOLUTION DEVOPS ENTERPRISE FORUM
DevOps Automated Governance Reference Architecture
DevOps Automated Governance Reference Architecture
SANS GIAC CERTIFICATIONS
Detecting Attacks on Web Applications from Log Files
Detecting Attacks on Web Applications from Log Files
EUROPEAN DATA PROTECTION SUPERVISOR
ANNUAL REPORT 2023
ANNUAL REPORT 2023
TechTarget
IT Disaster Recovery Plan Template
IT Disaster Recovery Plan Template
Opstune
IOC Scan Framework v2.0
IOC Scan Framework v2.0
Federal Office for Information Security
Indirect Prompt Injections
Indirect Prompt Injections
the Department of the Environment Climate and Communications
Guidelines on CyberSecurity Specifications
Guidelines on CyberSecurity Specifications
Edelman
INCIDENT RESPONSE REFERENCE GUIDE
INCIDENT RESPONSE REFERENCE GUIDE
Security METRICS
Security Metrics Guide to PCI DSS Compliance
Security Metrics Guide to PCI DSS Compliance
SOC TIPS Cybersecurity
Guia de Resposta a Incidentes de Segurança para LGPD
Guia de Resposta a Incidentes de Segurança para LGPD
CDCP
FIREWALL Audit CHECKLIST
FIREWALL Audit CHECKLIST
GitGuardian
Secrets Management Maturity Model
Secrets Management Maturity Model
MegaCorp One
Sample Penetration Test Report
Sample Penetration Test Report
FORTINET
Routing in FortiGate
Routing in FortiGate
FUTURE OF PRIVACY FORUM
Risk Framework Body Related Data (PD) Immersive Tech
Risk Framework Body Related Data (PD) Immersive Tech
ENISA
Remote ID Proofing Good Practices
Remote ID Proofing Good Practices
Google
Why Red TeamsPlay a Central Rolein Helping OrganizationsSecure AI Systems
Why Red TeamsPlay a Central Rolein Helping OrganizationsSecure AI Systems
Red Canary
Threat Detection Report 2024
Threat Detection Report 2024
HADESS
Pwning the Domain Persistence
Pwning the Domain Persistence
Australian Goverment
PROTECTIVE SECURITYPOLICY FRAMEWORKSecuring government business:Protective security guidance for executive
PROTECTIVE SECURITYPOLICY FRAMEWORKSecuring government business:Protective security guidance for executive
CISC (Comité Internacional Sobre Ciberseguridad)
Política Nacional de Ciberseguridad 2023-2028
Política Nacional de Ciberseguridad 2023-2028
Google
Perspectiveson Securityfor the Board
Perspectiveson Securityfor the Board
HADESS
OSINT Method for Map Investigations
OSINT Method for Map Investigations
CCN-CERT
Observatorio Riesgos Ciberseguridad 2024
Observatorio Riesgos Ciberseguridad 2024
CYBERTHEORY
The ISMG Cybersecurity Pulse Report 2024 is a treasure trove of insights from the RSA Conference, revealing the dynamic landscape of cybersecurity. From AI to Zero Trust: A comprosive guide to the key themes and expert opinions from RSA CONFERENCE 2024 – #RSAC2024
The ISMG Cybersecurity Pulse Report 2024 is a treasure trove of insights from the RSA Conference, revealing the dynamic landscape of cybersecurity. From AI to Zero Trust: A comprosive guide to the key themes and expert opinions from RSA CONFERENCE 2024 – #RSAC2024
FORTINET
Bloking Malware Through Antivirus Security Profile in FortiGate
Bloking Malware Through Antivirus Security Profile in FortiGate