Cyber Security News — Past 24 hours | 14.07.2021

Update Your Windows PCs to Patch 117 New Flaws, Including 9 Zero-Days

Microsoft rolled out Patch Tuesday updates for the month of July with fixes for a total of 117 security vulnerabilities, including nine zero-day flaws, of which four are said to be under active attacks in the wild, potentially enabling an adversary to take control of affected systems.
Of the 117 issues, 13 are rated Critical, 103 are rated Important, and one is rated as Moderate in severity, with six of these bugs publicly known at the time of release.

CVE-2021–34448 — Scripting Engine Memory Corruption Vulnerability

Microsoft also stressed the high attack complexity of CVE-2021–34448, specifically stating that the attacks hinge on the possibility of luring an unsuspecting user into clicking on a link that leads to a malicious website hosted by the adversary and contains a specially-crafted file that’s engineered to trigger the vulnerability.

«This Patch Tuesday comes just days after out-of-band updates were released to address PrintNightmare — the critical flaw in the Windows Print Spooler service that was found in all versions of Windows,» Bharat Jogi, senior manager of vulnerability and threat research at Qualys, told The Hacker News.

Prevent Ransomware Attacks

Additionally, Microsoft also rectified a security bypass vulnerability in Windows Hello biometrics-based authentication solution that could permit an adversary to spoof a target’s face and get around the login screen.
Other critical flaws remediated by Microsoft include remote code execution vulnerabilities affecting Windows DNS Server and Windows Kernel , the latter of which is rated 9.9 on the CVSS severity scale.

Source —

Use This Definitive RFP Template to Effectively Evaluate XDR solutions

A new class of security tools is emerging that promises to significantly improve the effectiveness and efficiency of threat detection and response. In fact, Gartner named XDR as the first of their Top 9 Security and Risk Trend for 2020.

Stack Overflow Teams

Because XDR represents a new solution category, there is no single accepted definition of what capabilities and features should be included. Each provider approaches XDR with different strengths and perspectives on how what an XDR solution should include. Cynet is now addressing this need with the Definitive RFP Template for XDR solutions , an expert-made security requirement list that enables stakeholders to accelerate and optimize the evaluation process of the products they evaluate. The RFP template aims to capture the widest common denominator in terms of security needs and deliver the essentials relevant to any organization.

An XDR solution can benefit large companies that are awash in alerts from multiple detection sources, rationalize the myriad signals, and simplify response actions. «Despite all the security tools that have been deployed over the years to prevent and detect breaches, attackers are still able to find the seams in the protections,» says Eyal Gruner, CEO of Cynet. «One of the main problems is that security teams simply cannot make sense of the barrage of information and alerts coming at them from multiple security tools. » .

The XDR solution RFP can help companies prioritize the capabilities available in emerging solutions to improve their purchase decisions

Source —

REvil Ransomware Gang Mysteriously Disappears After High-Profile Attacks

REvil, the infamous ransomware cartel behind some of the biggest cyberattacks targeting JBS and Kaseya, has mysteriously disappeared from the dark web, leading to speculations that the criminal enterprise may have been taken down. REvil is one of the most prolific ransomware-as-a-service groups that first appeared on the threat landscape in April 2019. It’s an evolution of the GandCrab ransomware, which hit the underground markets in early 2018. «If REvil has been permanently disrupted, it’ll mark the end of a group which has been responsible for >360 attacks on the U. » .

Stack Overflow Teams

The sudden development comes close on the heels of a wide-scale supply chain ransomware attack aimed at technology services provider Kaseya, for which REvil took responsibility for and demanded a $70 million ransom to unlock access to encrypted systems in exchange for a universal decryption key that would unlock all victims data. In late May, REvil also masterminded the attack on the world’s largest meat producer JBS, which ended up paying $11 million to the extortionists to recover from the incident. «The situation is still unfolding, but evidence suggests REvil has suffered a planned, concurrent takedown of their infrastructure, either by the operators themselves or via industry or law enforcement action,» FireEye Mandiant’s John Hultquist told CNBC. It appears that REvil’s Happy Blog was taken offline around 1 AM EST on Tuesday, with vx-underground noting that the group’s public-facing representative, Unknown, has not posted on popular hacking forums such as Exploit and XSS since July 8.

Subsequently, a representative for LockBit ransomware posted to the XSS Russian-speaking hacking forum that REvil’s attack infrastructure received a government legal request, causing the servers to be dismantled. «REvil is banned from XSS,» vx-underground later added.

Prevent Data Breaches

REvil’s unexplained shutdown, in a similar fashion, may as well be a case of planned retirement, or a temporary setback, forcing it to seemingly disband only to eventually reassemble under a new identity so as to attract less attention, or may have been the consequence of increased international scrutiny in the wake of the global ransomware crisis. If it indeed turns out that the group has permanently shuttered operations, the move is bound to leave the group’s targets in the lurch, with no viable means to negotiate ransoms and get hold of the decryption keys necessary to regain control of their systems, thus permanently locking them out of their data.

Source —

16 Cybercriminals Behind Mekotio and Grandoreiro Banking Trojan Arrested in Spain

Spanish law enforcement agencies on Wednesday arrested 16 individuals belonging to a criminal network in connection with operating two banking trojans as part of a social engineering campaign targeting financial institutions in Europe.

Stack Overflow Teams

Computer equipment, mobile phones, and documents were confiscated, and more than 1,800 spam emails were analyzed, enabling law enforcement to block transfer attempts totaling €3.5 million successfully. The campaign is said to have netted the actors €276,470, of which €87,000 has been successfully recovered.
As part of an effort to lend credibility to their phishing attacks, the operators worked by sending emails under the guise of legitimate package delivery services and government entities such as the Treasury, urging the recipients to click on a link that stealthily downloaded malicious software onto the systems.

Prevent Ransomware Attacks

Grandoreiro is part of a Tetrade of Brazilian banking trojans as detailed by cybersecurity firm Kaspersky in July 2020, while Mekotio’s evolving tactics were disclosed by ESET in August 2020, which involved displaying fake pop-up windows to its victims in an attempt to entice them into divulging sensitive information.
«These windows are carefully designed to target Latin American banks and other financial institutions,» the Slovak cybersecurity company had noted.

Source —

Stay Focused. Stay Vigilant.

Cyber Threat Incident Management Team — Cyber Security Community @ SLIIT



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store