Security

Security

CISA orders agencies to patch new Windows zero-day used in attacks

By Sergiu Gatlan
CISA has added an actively exploited local privilege escalation vulnerability in the Windows Client/Server Runtime Subsystem (CSRSS) to its list of bugs abused in the wild.

This high severity security flaw (tracked as CVE-2022-22047) impacts both server and client Windows platforms, including the latest Windows 11 and Windows Server 2022 releases.

Microsoft has patched it as part of the July 2022 Patch Tuesday, and it classified it as a zero-day as it was abused in attacks before a fix was available.

“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” Microsoft explained in a security advisory published today.

Redmond says the vulnerability was discovered internally by the Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC).

BleepingComputer has also reached out to Microsoft earlier today with questions about how this vulnerability was used in attacks.
Federal agencies given three weeks to patch

CISA has given the agencies three weeks, until August 2nd, to patch the actively exploited CVE-2022-22047 vulnerability and block ongoing attacks that could target their systems.
Article (https://www.bleepingcomputer.com/news/security/cisa-orders-agencies-to-patch-new-windows-zero-day-used-in-attacks/)

You head off malware by using Bitdefender #1 in malware protection

 

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient

“Where Service and Technical Skills Count”

Hackers impersonate cybersecurity firms in callback phishing attacks

By Bill Toulas July 12, 2022 03:54 PM
Hackers are impersonating well-known cybersecurity companies, such as CrowdStrike, in callback phishing emails to gain initial access to corporate networks.

Most phishing campaigns embed links to landing pages that steal login credentials or emails that include malicious attachments to install malware.

However, over the past year, threat actors have increasingly used “callback” phishing campaigns that impersonate well-known companies requesting you call a number to resolve a problem, cancel a subscription renewal, or discuss another issue.

When the target calls the numbers, the threat actors use social engineering to convince users to install remote access software on their devices, providing initial access to corporate networks. This access is then used to compromise the entire Windows domain.

Article (https://www.bleepingcomputer.com/news/security/hackers-impersonate-cybersecurity-firms-in-callback-phishing-attacks/)

Folks you need to head off these attacks (Barracuda Anti-Spam) at least scan before  mail is delivered to your inbox

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient

“Where Service and Technical Skills Count”

OpenSSL Releases Security Update

Original release date: July 06, 2022

OpenSSL has released a security update to address a vulnerability affecting OpenSSL 3.0.4. An attacker could exploit this vulnerability to take control of an affected system. 

CISA encourages users and administrators to review the OpenSSL advisory and upgrade to the appropriate version. 

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient

“Where Service and Technical Skills Count”

Bitdefender releases update BEST 7.6.1.202 (Windows) Release Notes – Slow Ring

  

Bitdefender has released version 7.6.1.202 of Bitdefender Endpoint Security Tools (for Windows) on slow ring. 

The release notes are available here.

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient

“Where Service and Technical Skills Count”

Google patches new Chrome zero-day flaw exploited in attacks Attack details not revealed

he zero-day bug fixed today (tracked as CVE-2022-2294) is a high severity heap-based buffer overflow weakness in the WebRTC (Web Real-Time Communications) component, reported by Jan Vojtesek of the Avast Threat Intelligence team on Friday, July 1.

The impact of successful heap overflow exploitation can range from program crashes and arbitrary code execution to bypassing security solutions if code execution is achieved during the attack.

Although Google says this zero-day vulnerability was exploited in the wild, the company is yet to share technical details or a any info regarding these incidents.

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” Google said.

“We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”

With this delayed release of more info on the attacks, Chrome users should have enough time to update and prevent exploitation attempts until Google provides additional details.

Fourth ChRome zero-day fixed this year

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient

“Where Service and Technical Skills Count”

 

Microsoft quietly fixes ShadowCoerce Windows NTLM Relay bug

Microsoft has confirmed it fixed a previously disclosed ‘ShadowCoerce’ vulnerability as part of the June 2022 updates that enabled attackers to target Windows servers in NTLM relay attacks.

This NTLM relay attack method can be used by threat actors to force unpatched servers to authenticate against servers under the attacker’s control, leading to a takeover of the Windows domain.

As BleepingComputer was told by a Microsoft spokesperson, while there was no public announcement made regarding this issue, the “MS-FSRVP coercion abuse PoC aka ‘ShadowCoerce’ was mitigated with CVE-2022-30154, which affected the same component.”

BleepingComputer emailed Redmond after ACROS Security CEO Mitja Kolsek discovered that ShadowCoerce was silently patched while researching it with the 0Patch team to issue a micropatch.

While it is good that Microsoft has fixed this vulnerability, they have not yet provided any details publicly and is yet to assign a CVE ID.

This has prompted security firms and researchers [1, 2, 3, 4] to ask Redmond for more transparency and to include more info on what’s fixed in its security bulletins.

Article Beeping Computer

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient

“Where Service and Technical Skills Count”

Bitdefender will be the leader in Extended Detection & Response (XDR)

Datasheet• Consolidates observations and events across the business environment
• Built-in machine learning algorithms for high confidence detections
• Cross-source root cause analysis and context for rapid triage and action
• Guided or automated threat response directly from the platform

At-a-Glance
Bitdefender GravityZone XDR is a cloud-delivered solution built to secure
the entire business environment. The solution provides detection and response
capabilities across an organization’s users and systems, including endpoints, network,
and cloud.
With an easy-to-use interface, GravityZone
XDR is designed to intelligently analyze and automatically correlate and triage security
events from across the organization, resulting in a key set of benefits to
organizations looking to secure complex environments.
Key Benefits
• Comprehensive visibility with easy to
deploy and manage sensors that collect
data from across the organization
• Out-of-the-box automated detection and
triage of alerts based on correlation
and detection algorithms delivered both
locally to the sensor and at the cloud
platform level
• Easy investigation using the Incident
Advisor, a single dashboard highlighting
comprehensive analysis with
recommended automated or guided
response actions
• Rapid response for complete incident
containment executed directly from
within the XDR Platform. This will replace all SOC’s

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient

“Where Service and Technical Skills Count”

Read (PDF)

Microsoft has revealed that this week’s Microsoft 365 worldwide outage

By Sergiu Gatlan June 22, 2022 07:23 AM

Microsoft has revealed that this week’s Microsoft 365 worldwide outage was caused by an infrastructure power outage that led to traffic management servicing failovers in multiple regions.

Starting on Monday, June 20, at 11:00 PM UTC, customers began experiencing and reporting several issues while trying to access and use Microsoft 365 services.
Microsoft reveals cause behind this week’s Microsoft 365 outage

According to Microsoft, problems encountered during the incident included delays and failures when accessing some Microsoft 365 services.

Customer reports also shared info on continuous re-login requests, emails not getting delivered after being stuck in queues, and the inability to access Exchange Online mailboxes despite trying all available connection methods.

The affected services included the Microsoft Teams communication platform, the Exchange Online hosted email platform, SharePoint Online, Universal Print, and the Graph API.

Microsoft’s response while investigating the root cause behind the outage also brought to light some issues related to how the company fails to share new incident-related info with customers.

Even though Microsoft told customers they could find out more about this incident from the admin center under EX394347 and MO394389, user reports suggest that those incident tickets were not showing up, effectively keeping the customers in the dark.

This is the reason we will not sell O365..We do not want to support the product. MspPortal Partners has a relationship with RackSpace hosting email, we have a 99.9 uptime..nothing is perfect but we/RackSpace is far superior to O365

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient

“Where Service and Technical Skills Count”

CISA say beware and alert with Goolge and Microsoft

Google-

CISA Recommends Organizations Update to the Latest Version of Google Chrome
Google last week reported seven vulnerabilities in the browser, four of which it rated as high severity.
CISA: Flaws Allow Attackers to Take Control of Affected Systems

The US Cybersecurity and Infrastructure Agency (CISA) Friday urged users and administrators to update to a new version of Chrome that Google released last week to fix a total of seven vulnerabilities in its browser.

In an advisory, Google described four of the flaws — three of which were reported to the company by external researchers — as presenting a high risk for organizations. The company said it had decided to restrict access to bug details until most users have updated to the new version of Chrome (102.0.5005.115).

Microsoft Releases June 2022 Security Updates
06/14/2022 02:53 PM EDT

Original release date: June 14, 2022

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Microsoft’s June 2022 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient

“Where Service and Technical Skills Count”

Technical Advisory: CVE-2022-30190 Zero-day Vulnerability “Follina” in Microsoft Support Diagnostic Tool

Quick Overview by Bitdefender

On Monday, May 30, 2022, Microsoft issued CVE-2022-30190, a zero-day remote code execution (RCE) vulnerability in the Microsoft Support Diagnostic Tool (MSDT). The first detections in the wild indicate that this vulnerability is triggered remotely from Microsoft Office documents. 

This is a critical issue as cybercriminals often choose Office documents as a popular tactic to infect victims with their malicious content. This vulnerability (referred to as “Follina”) only requires users to open a single document and no further interactions are necessary before the system is compromised. The end-user doesn’t even need to open the document in certain situations (document with RTF extension and the preview pane enabled). 

A CVE has been assigned by Microsoft, but there is no patch available as of May 31st, 2022. This is a critical issue, as it is not mitigated by disabling macros and Protected View offers only limited protection. 

It is important to note that this vulnerability is related to the Microsoft Support Diagnostic Tool (MSDT), not necessarily to Microsoft Office. Office has been used to weaponize this vulnerability in the wild, but it is not needed to trigger this vulnerability. There are also other methods to trigger this vulnerability. There are effectively two vulnerabilities: 1) Microsoft Office template injection trusting the MS-MSDT protocol and 2) the MS-MSDT protocol allowing malicious code execution.

All MspPortal Partners receive notices ASAP on security news

Article

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient

“Where Service and Technical Skills Count”