I thought it would be good to share with everyone a little bit of the cybersecurity news for this month so far. It helps put some perspective on it as the mainstream media rarely shares this information.
Microsoft patches for June will include an update to Excel which fixes two vulnerabilities that allow a specially crafted .xlsx file to execute code on the victim’s machine. This exploit requires that a user be tricked into opening the attachment.
A vulnerability in Firefox gets patched that also has remote code execution. This one is more dangerous as all that is needed is for the user to visit a malicious web page. That’s it, just open the web page, and your now a victim. Consequences of something like this could result in something as bad as all files on all network shares visible by that user could be crypto locked and ransomed, or stolen/modified. If the user account is also a local admin on the machine, it could lead to a persistent foothold for the attacker.
Overall Microsoft released updates to address more than 120 vulnerabilities. This is the second month in a row to have more than 100. A few of these are considered very high risk including an issue with the Windows Graphics Device Interface which like the Firefox issue above can lead to an attacker gaining full control of the machine just by a user visiting a malicious web page.
It’s a dangerous world on the Internet and not just for Windows PCs. Phones are seeing a lot of vulnerabilities as well with some requiring no user action at all such as simply receiving a text message. If you see updates available for your devices, be sure to update them as soon as possible. I also suggest creating a reminder for checking for firmware updates on the devices in your home once a month. This would be for things like smart TVs, routers, Alexa/google controlled devices, and anything with an Internet connection. Next time your windows at home self-updates, be thankful and not upset as most people do not make security at home a concern.
——————————————–
In other news,
- Phishing/malicious emails are being seen around the topics of the Minneapolis police and George Floyd incidents. Never click links to stories about these or current topics from your email.
- A hacker-for-hire company out of India has been outed 2 days ago. This was the result of a multi-year investigation. Hackers for hire and malware as a service are big business these days.
- Florence, Alabama has been hit with ransomware.
- Honda confirmed an attack and disruption of its global production.
- Two healthcare providers have reported being breached with ransomware. Included are Woodland Dental out of Ohio, and Mat-Su surgical Associates in Alaska.
- A new tactic for ransomware attackers is to place a company’s stolen data up for auction. The thought is that the compromised company would be more willing to pay to keep their data out of the hands of competitors if they choose not to pay a ransom for crypto-locked files. This could give rise to new auction for hire as some ransomware gangs have been seen working together already on this.
- Several US energy providers have been targeted with a spear-phishing campaign trying to infect them.
- Defense Contractor ST Engineering’s North American subsidiary VT San Antonio Aerospace was hit with ransomware.
- Nuclear missile contractor Westech was breached
- The Trump and Biden campaigns have reported separate state-sponsored phishing attacks according to Google.
- A new malware that uses USB drives has emerged, making it more important to never put a USB drive in your machine if you do not know where it came from or have assurances it is safe and uninfected.
- Fake VPN update alerts are being used to steal users’ credentials. These phishing attacks have seen a rise with everyone working from home. Remember, if you get an email that directs you to action that you think could be real, never use the link in the email and instead navigate manually to the claimed web site. If using your work email, utilize the GoSecure plugin.
- A vulnerability with ‘Sign in with Apple’ has been patched. Be sure you update your iPhone if you have one.
And that’s just a short sample of the news from the past 11 days.
Daniel Weatherly
Director of Security Services
Mainstream Technologies Inc.
501-801-6706