The Good
Patches for Actively Exploited Excel and Exchange Server 0-Day Bugs are now available from Microsoft.
Microsoft has released security updates as part of its monthly Patch Tuesday release cycle to address 55 vulnerabilities across Windows, Azure, Visual Studio, Windows Hyper-V, and Office, including fixes for two actively exploited zero-day flaws in Excel and Exchange Server that could be abused to take control of an affected system.
Of the 55 glitches, six are rated Critical and 49 are rated as Important in severity, with four others listed as publicly known at the time of release.
Automatic GitHub Backups
“Earlier this year, Microsoft was alerted that APT Group HAFNIUM was exploiting four zero-day vulnerabilities in the Microsoft Exchange server,” said Bharat Jogi, director of vulnerability and threat research at Qualys.
“This evolved into exploits of Exchange server vulnerabilities by DearCry Ransomware — including attacks on infectious disease researchers, law firms, universities, defense contractors, policy think tanks and NGOs. Instances such as these further underscore that Microsoft Exchange servers are high-value targets for hackers looking to penetrate critical networks,” Jogi added.
Prevent Data Breaches
To install the latest security updates, Windows users can head to Start > Settings > Update & Security > Windows Update or by selecting Check for Windows updates.
Source — https://thehackernews.com/2021/11/microsoft-issues-patches-for-actively.html
The Bad
Hackers use a zero-day vulnerability in macOS to target Hong Kong users with a new implant.
Google researchers on Thursday disclosed that it found a watering hole attack in late August exploiting a now-parched zero-day in macOS operating system and targeting Hong Kong websites related to a media outlet and a prominent pro-democracy labor and political group to deliver a never-before-seen backdoor on compromised machines.
Automatic GitHub Backups
Tracked as CVE-2021–30869 , the security shortcoming concerns a type confusion vulnerability affecting the XNU kernel component that could cause a malicious application to execute arbitrary code with the highest privileges. Apple addressed the issue on September 23.
The attacks observed by TAG involved an exploit chain that strung together CVE-2021–1789, a remote code execution bug in WebKit that was fixed in February 2021, and the aforementioned CVE-2021–30869 to break out of the Safari sandbox, elevate privileges, and download and execute a second stage payload dubbed ‘MACMA” from a remote server.
Prevent Data Breaches
According to security researcher Patrick Wardle, a 2019 variant of MACMA masquerades as Adobe Flash Player, with the binary displaying an error message in Chinese language post-installation, suggesting that “the malware is geared towards Chinese users” and that “this version of the malware is designed to be deployed via socially engineering methods.” The 2021 version, on the other hand, is designed for remote exploitation.
Source — https://thehackernews.com/2021/11/hackers-exploit-macos-zero-day-to-hack.html
The Ugly
The Robinhood trading app suffers a data breach, exposing the personal information of 7 million users.
Robinhood on Monday disclosed a security breach affecting approximately 7 million customers, roughly a third of its user base, that resulted in unauthorized access of personal information by an unidentified threat actor.
Automatic GitHub Backups
“Based on our investigation, the attack has been contained and we believe that no Social Security numbers, bank account numbers, or debit card numbers were exposed and that there has been no financial loss to any customers as a result of the incident,” the Silicon Valley financial company noted. The malicious third-party is believed to have socially engineered a customer service representative to gain access to internal support systems, using it to obtain the email addresses of five million users, full names for a different group of about two million people, and additional information such as names, dates of birth, and zip codes for a limited set of 310 more users.
Prevent Data Breaches
“We take the security of all collected data extremely seriously, and we don’t intend to use this data for anything beyond the fulfillment of our regulatory requirements,” the company points out in a support page.
Source — https://thehackernews.com/2021/11/robinhood-trading-app-suffers-data.html
Stay Focused. Stay Vigilant.
Cyber Security News Team — Cyber Security Community of SLIIT