Hybrid Cloud
Cyber Security & NaaS
AI & Data
IoT & Connectivity
Business Applications
Intelligent Workplace
Consulting & Professional Services
Small Medium Enterprise
Health and Social Care
Industry
Retail
Tourism and Leisure
Transport & Logistics
Energy & Utilities.jpg)
Cyber Security Briefing, 1-7 July '23
Microsoft denies being a victim of data breach by Anonymous Sudan
The hacktivist group Anonymous Sudan recently posted on its Telegram channel that an alleged database containing more than 30 million Microsoft account credentials was for sale for $50,000. It also included a sample of data as proof of the threat actor's claims.
However, digital media outlet BleepingComputer contacted Microsoft for information about the incident, to which a company spokesperson said that after conducting an internal investigation there was no evidence that the data had been accessed or compromised by Anonymous Sudan.
It is worth noting that last month Microsoft admitted that Anonymous Sudan was responsible for disruptions to services such as Azure, Outlook and OneDrive through DDoS attacks.
Mozilla fixes vulnerabilities in Firefox
Mozilla has released Firefox 115, which fixes a number of vulnerabilities. Firstly, there are a number of high-impact vulnerabilities, CVE-2023-37201, a Use-after-free flaw in WebRTC. CVE-2023-37202 also refers to a potential Use-after-free flaw in SpiderMonkey.
In addition, CVE-2023-37211 and CVE-2023-37212, identified as CVE-2023-37211 and CVE-2023-37212, are due to memory security bugs, which could be exploited to execute arbitrary code. On the other hand, CVE-2023-3482, with a moderate impact, could cause malicious websites to store tracking data without permission, even if they are configured to block the storage of cookies.
The other moderate impact vulnerabilities include those identified as CVE-2023-37203, CVE-2023-37204, CVE-2023-37205, CVE-2023-37206, CVE-2023-37207, CVE-2023-37208 and CVE-2023-37209; which could lead to spoofing attacks or bugs that allow URL spoofing in the address bar, insufficient validation of links in the file system API, missing warnings when opening files with malicious or Use-after-free code. It is recommended to update Firefox to fix these security issues.
.jpg "Cosas que no deberías contarle a ChatGPT")
Malicious campaign against banks in Spain and Chile
SentinelOne researchers, in collaboration with vx-underground, have published the results of an investigation into a campaign targeting banking institutions by threat actor Neo_Net. The malicious actor is reportedly behind an Android malware campaign targeting financial institutions around the world, but mainly geolocated in Spain and Chile, between June 2021 and April 2023.
Neo_Net is estimated to have stolen more than €350,000 from bank accounts and compromised the personal information of thousands of victims. In terms of methodology, the attacks would occur in several stages, starting with SMS phishing messages, using sender IDs (SIDs) to impersonate the bank in order to trick victims, and continuing with a wide-ranging infrastructure, including phishing panels and Android trojans.
Google fixes three actively exploited Android vulnerabilities
Google has released monthly security updates for the Android operating system in which it fixed 46 vulnerabilities affecting the OS, including three 0-day vulnerabilities that were being actively exploited.
- The first of these, identified as CVE-2023-26083 (CVSS 3.3) is a memory leak flaw in the Arm Mali GPU driver for Bifrost, Avalon and Valhall chips, which was exploited in a chain of exploits that delivered spyware to Samsung devices in December 2022.
- The second security flaw, CVE-2021-29256 (CVSS 8.8) is a high-severity root privilege escalation and information disclosure flaw that also affects specific versions of the Bifrost and Midgard Arm Mali GPU kernel drivers.
- The third vulnerability, CVE-2023-2136 (CVSS 9.6), is an integer overflow bug in Skia, Google's open-source cross-platform 2D graphics library that is also used in Chrome.
In addition, a critical vulnerability (CVE-2023-21250) in the Android system component affecting OS versions 11, 12 and 13 was fixed. Exploitation of this vulnerability could lead to remote code execution without user interaction or additional execution privileges.
Google recommends updating Android to patch level 2023-07-05 or later to address these issues.
New tool developed to deliver malware to Teams users
The US Navy Red Team has developed a tool that can exploit a vulnerability in Microsoft Teams and deliver malicious files to users in an organisation. The tool, called TeamsPhisher, is Python-based and provides a fully automated attack.
It works in environments where communication between internal and external Teams users is allowed. Malicious actors could send malicious files to victims' inboxes without relying on traditional phishing scams. TeamsPhisher incorporates techniques on initial access to Teams described by researcher Andrea Santese.
It also includes the one recently disclosed by researchers at Jumpsec Labs, which allows circumventing a security feature in Teams by using a direct insecure object reference (IDOR) technique.
In addition, it uses a tool called TeamsEnum developed by Secure Systems Engineering to enumerate Teams users and verify that they can receive external messages. Microsoft continues to fail to address the vulnerability that TeamsPhisher exploits, claiming that it does not meet the requirements for immediate service.
 (1).jpg "Evolución de la Ciberseguridad: la IA como herramienta de ataque y defensa")
Photo: tirachardz / Freepik.
