Stay Alert

New Microsoft Zero-Day Attack Underway

Microsoft Releases Workaround Guidance for MSDT “Follina” Vulnerability
Original release date: May 31, 2022
New Microsoft Zero-Day Attack Underway
“Follina” vulnerability in Microsoft Support Diagnostic Tool (MSDT) affects all currently supported Windows versions and can be triggered via specially crafted Office documents.

Microsoft has released workaround guidance to address a remote code execution (RCE) vulnerability—CVE-2022-30190, known as “Follina”—affecting the Microsoft Support Diagnostic Tool (MSDT) in Windows. A remote, unauthenticated attacker could exploit this vulnerability to take control of an affected system. Microsoft has reported active exploitation of this vulnerability in the wild.

CISA urges users and administrators to review Microsoft’s Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability and apply the necessary workaround.

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient

“Where Service and Technical Skills Count”

New Chaos Malware Variant Ditches Wiper for Encryption

New Chaos Malware Variant Ditches Wiper for Encryption
Tara Seals
Managing Editor, News, Dark Reading

Article

The Chaos malware-builder, which climbed up as a wiper from the underground murk nearly a year ago, has shape-shifted with a rebranded binary dubbed Yashma that incorporates fully fledged ransomware capabilities.

That’s according to researchers at BlackBerry, who say that Chaos is on track to become a significant threat to businesses of every size.

Chaos began life last June purporting to be a builder for a .NET version of the Ryuk ransomware – a ruse its operators leaned into hard, even using Ryuk branding on its user interface. However, a Trend Micro analysis at the time showed that binaries created with this initial version shared very little heritage with the well-known ransomware baddie. Instead, the sample was “more akin to a destructive trojan than to traditional ransomware,” the firm noted – mainly overwriting files and rendering them unrecoverable.

Inside the Chaos
Chaos targets more than 100 default file extensions for encryption and also has a list of files it avoids targeting, including .DLL, .EXE, .LNK, and .INI – presumably to prevent crashing a victim’s device by locking up system files.

In each folder affected by the malware, it drops the ransom note as “read_it.txt.”

“This option is highly customizable within all iterations of the builder, giving malware operators the ability to include any text they want as the ransom note,” according to BlackBerry’s analysis. “In all versions of Chaos Ransomware Builder, the default note stays relatively unchanged, and it includes references to the Bitcoin wallet of the apparent creator of this threat.”

Over time, the malware has added more sophisticated capabilities, such as the ability to:

  • Delete shadow copies
  • Delete backup catalogs
  • Disable Windows recovery mode
  • Change the victim’s desktop wallpaper
  • Customizable file-extension lists
  • Better encryption compatibility
  • Run on startup
  • Drop the malware as a different process
  • Sleep prior to execution
  • Disrupt recovery systems
  • Propagate the malware over network connections
  • Choose a custom encryption file-extension
  • Disable the Windows Task Manager

  • Roy Miehe | MspPortal Partners Inc. | Ceo/President

    Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient

    “Where Service and Technical Skills Count”

 

iPhones Open to Attack Even When Off, Researchers Say

Wireless chips that run when the iPhone iOS is shut down can be exploited.
By Dark Reading Staff

Bluetooth, near-field communication (NFC) and ultra-wideband (UWB) operate when iPhone’s iOS system is shut off, meaning even powered-down devices are vulnerable to attack.

New research from the Technical University of Darmstadt in Germany examined the chips that enable the “Find My” functions and allow users to access banking and identification information even when the device is in low-power mode. This access also has the unintended consequence of leaving the device open to attack, even though the user might think the iPhone is offline and secure. according to the team’s paper, entitled “Evil Never Sleeps.”

“On recent iPhones, Bluetooth, near field communication (NFC), and U=ultra-wideband (UWB) keep running after power off, and all three wireless chips have direct access to the secure element,” the paper states. “As a practical example what this means to security, we demonstrate the possibility to load malware onto a Bluetooth chip that is executed while the iPhone is off.”

That said, exploitation is far from simple, requiring several steps and the use of known bugs like BrakTooth, the researchers explain.

Article

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient
“Where Service and Technical Skills Count”

 

Zero-Click Zoom Bug Allows Code Execution Just by Sending a Message

Google has disclosed a nasty set of six bugs affecting Zoom chat that can be chained together for MitM and RCE attacks, no user interaction required.

A vulnerability chain discovered in Zoom’s chat functionality can be exploited to allow zero-click remote code execution (RCE), threat hunters have revealed.

Google’s Project Zero uncovered an attack path that would allow cyber adversaries to silently force a victim to connect to a man-in-the-middle (MitM) server — no user action needed. From there, attackers can intercept and modify client update requests and responses in order to send the victim a malicious update, which will automatically download and execute, thus allowing RCE.

Article

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient
“Where Service and Technical Skills Count”

CISA and DoD Release 5G Security Evaluation Process Investigation Study

CISA and DoD Release 5G Security Evaluation Process Investigation Study
05/26/2022 09:00 AM EDT

2.3 5G Threat Landscape
A key input to any security risk assessment is threat analysis. The 5G system model supports
depiction of the attack surface for the investigation. There are numerous threat frameworks such as
those offered by MITRE ATT&CK® [5]; the European Union Agency for Cybersecurity’s (ENISA) 5G
Threat Landscape [6]; the Threat Modeling Framework for Mobile Communication Systems [7];
3GPP’s Security Assurance Specifications (SCAS) and Technical Specification (TS) 33.501 [8];
publications released by the Federal Communications Commission (FCC) Communications Security,
Reliability, and Interoperability Council VII (CSRIC) [9]; 5G Enablers for Network and System Security
and Resilience (ENSURE) [10]; and the GSM Association’s (GSMA) Security Manual [11]. The study
team examined these resources as well as threat analyses conducted by 3GPP and a paper on
potential 5G threat vectors published by the Enduring Security Framework’s 5G Threat Model
Working Panel [12]. Figure 3 shows some of the threats to the 5G subsystems that were extracted
from these sources. Some of the threats such as eavesdropping, theft of user data, or user location
tracking may impact integrity and confidentiality of user data as well as service availability to
individual users. Other threats may impact local or regional network, application, or service availability
(e.g., denial of service [DoS] or Distributed DoS [DDoS] attacks, misconfigured or compromised
virtualization platforms or network functions, vulnerable components [supply chain threats], or
physical attacks on edge computing components), with follow-on effects on the confidentiality,
integrity, and availability of 5G services and applications for enterprises relying on 5G for their
missions

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient

“Where Service and Technical Skills Count”

5G_Security_Evaluation_Process_Investigation_508c

Microsoft the No. 1 Most-Spoofed Brand in Phishing Attacks (O365)

1) Microsoft the No. 1 Most-Spoofed Brand in Phishing Attacks
Nearly 60% of all phishing attacks impersonate Microsoft and about half a million Microsoft 365 accounts were compromised in 2021, new data shows.

Barracuda Networks’ telemetry — from from millions of emails it analyzed — shows that in 2021, a little over half of all social engineering attacks came via phishing, and Microsoft was the most-impersonated brand in those attack attempts. Overall, attackers sent 3 million emails from 12,000 compromised accounts, and one in five organizations suffered an account compromise last year.

As a Security Software Distributor of Barracuda there security mail which is by far the best in the industry. Built from scratch using open source. For a very inexpensive dollar amount you could be protected> Call your MSP/Tech firm for pricing and then have them call MspPortal Partners to assist in implementing a secure solution at no additional cost.

1) Google Emergency Update Fixes Chrome Zero-Day
Google patches a critical flaw in its Chrome browser, bringing its count of zero-day vulnerabilities fixed in 2022 to four already. Do you really want to use Chrome or Google period let alone Google Mail
2) Microsoft Releases Advisory to Address Critical Remote Code Execution Vulnerability (CVE-2022-26809)
3)Microsoft Releases April 2022 Security Updates (112)
4) Apple Releases Security Updates (its getting worse)

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient

“Where Service and Technical Skills Count”

 

Industry News Security

Google Fixes Critical Security Flaw in Chrome’s Blink Engine – Patch Now! (https://www.bitdefender.com/blog/hotforsecurity/google-fixes-critical-security-flaw-in-chromes-blink-engine-patch-now/)

Google this week is rolling out an incremental update to Chrome users to address multiple security flaws, including many labeled high risk. One flaw, discovered in the browser’s rendering engine, is rated critical. Chrome 99 has been around since the beginning of March [https://www.bitdefender.com/blog/hotforsecurity/chrome-99-rolls-out-with-dozens-of-security-fixes-update-now/] . In the meantime, researchers have kept busy mining the browser’s code for bugs, not just to keep users safe from hackers, but also to fetch a well-deserved bug bounty. Yesterday personally I dealt with 3 gmail scams account be hacked and sending encrypted messages on compromised mail accounts

Researchers Identify Backdoor Infection Spike on Several GoDaddy-Hosted Websites

Researchers Identify Backdoor Infection Spike on Several GoDaddy-Hosted Websites (https://www.bitdefender.com/blog/hotforsecurity/researchers-identify-backdoor-infection-spike-on-several-godaddy-hosted-websites/)
Security researchers have noticed a surge in backdoor infections on hundreds of websites hosted on GoDaddy’s Managed WordPress service, all compromised by the same payload. The incident affects websites such as tsoHost, MediaTemple, Domain Factory, Heart Internet,

Beware and update your security and change your passwords at least every 30-60 days

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Bitdefender / Distributor

“Where Service and Technical Skills Count”

More Orgs Suffered Successful Phishing Attacks in 2021 Than in 2020

Enterprise organizations appear to be falling even further behind in their battle against phishing threats despite heightened awareness of the problem and efforts to curb it.

A new study shows that in 2021 more organizations experienced at least one successful email-based phishing attack than the year before. There were also more opportunistic and targeted phishing attacks last year compared with 2020, as well as phishing attacks involving ransomware and business email compromise (BEC).

Researchers recently analyzed data from a survey of 600 IT and security professionals and another survey of 3,500 employees from seven countries, including the US, UK, France, Germany, and Australia. The researchers also analyzed data gathered from some 100 million simulated phishing attacks and more than 15 million emails that end users reported as being suspicious.

Seventy-eight percent of organizations experienced a ransomware attack in which a phishing email was the initial infection vector. Seventy-seven percent reported a phishing-related BEC incident — an 18-point increase from 2020. Overall, 12% more organizations reported being victims of an indiscriminate or opportunistic phishing attack, while organizations reporting more targeted spear-phishing and BEC attacks went up 20%.

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Bitdefender and Barracuda Distributor for Msp’s
“Where Service and Technical Skills Count”

Hackers slip into Microsoft Teams chats to distribute malware

Hackers slip into Microsoft Teams chats to distribute malware

Security researchers warn that some attackers are compromising Microsoft Teams accounts to slip into chats and spread malicious executables to participants in the conversation.

More than 270 million users are relying on Microsoft Teams every month, many of them trusting the platform implicitly, despite the absence of protections against malicious files.
Simple but efficient method

Researchers at Avanan, a Check Point company that secures cloud email and collaboration platforms, found that hackers started to drop malicious executable files in conversations on Microsoft Teams communication platform.

The attacks started in January, the company says in a report today, and the threat actor inserts in a chat an executable file called “User Centric” to trick the user into running it.

Once executed, the malware writes data into the system registry installs DLLs and establishes persistence on the Windows machine.
“In this Teams attack, hackers have attached a malicious Trojan document to a chat thread. When clicked on, the file will eventually take over the user’s computer” – Avanan

Manage Microsoft Teams settings for your organization
Here you can turn on or turn off file sharing and cloud file storage options. read Article and turn off file sharing

Users can upload and share files from cloud storage services in Teams channels and chats. Cloud storage options in Teams currently include Dropbox, Box, Citrix files, Google Drive, and Egnyte. Turn on the switch for the cloud storage providers that your organization wants to use.

Using either the above solution and fixing the issues or

Use Bitdefender/MspPortal Partners malware protection in combination of Barracuda/MspPortal Partners Spam, Phishing malware protection

Roy Miehe | MspPortal Partners Inc. | Ceo/President Bitdefender /MSP Aggregator – Distributor “Where Service and Technical Skills Count”

Google Releases Security Updates for Chrome (Must Apply)

Google Releases Security Updates for Chrome (Must Apply) (Review update)
02/15/2022 07:25 AM EST

Original release date: February 15, 2022

Google has released Chrome version 98.0.4758.102 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. One of these vulnerabilities has been detected in exploits in the wild.

CISA encourages users and administrators to review the Chrome Release Note and apply the necessary update as soon as possible.

I have always supported Firefox. As bad as I personally think Facebook is, I think Google products and browser are worse.

Roy Miehe | MspPortal Partners Inc. | Ceo/President Bitdefender /MSP Aggregator – Distributor “Where Service and Technical Skills Count”