Hybrid Cloud
Cyber Security & NaaS
AI & Data
IoT & Connectivity
Business Applications
Intelligent Workplace
Consulting & Professional Services
Small Medium Enterprise
Health and Social Care
Industry
Retail
Tourism and Leisure
Transport & Logistics
Energy & Utilities
Cyber Security Briefing, 26 May - 7 June
Google fixes up to 37 vulnerabilities in June Android security bulletin
Google has issued the June 2024 Android security bulletin, fixing up to 37 vulnerabilities, including several privilege escalation bugs. In the first section, with patch level 2024-06-01, 19 flaws in Framework and System are fixed, the most serious being a vulnerability in System that could lead to local privilege escalation without the need for additional execution privileges. Also, seven other flaws in System and twelve in Framework, mostly related to privilege escalation, have been fixed.
The second section, patch level 2024-06-05, addresses 18 vulnerabilities in Kernel, Imagination Technologies, Arm, MediaTek and Qualcomm components, with three Qualcomm flaws being the most critical. Finally, Google does not mention that any vulnerabilities have been exploited. However, it is recommended to apply the security patches as soon as possible.
Microsoft warns of attacks on OT devices
Microsoft has issued a post on the importance of securing internet-exposed operational technology (OT) devices, a warning prompted by the detection of a wave of cyber-attacks targeting these types of environments thatt started at the end of 2023. Specifically, Microsoft says an attack on OT devices could allow malicious actors to manipulate critical parameters used in industrial processes, causing malfunctions through the programmable logic controller (PLC) or using the graphical controls of the human-machine interface (HMI).
Furthermore, OT systems are prone to exploitation by attackers because they tend to lack adequate security mechanisms, which is also compounded by the additional risks associated with the direct connection to the internet.
Risk of cyber-attacks at the Paris 2024 Olympic Games
The Paris 2024 Olympic Games raise a few cybersecurity concerns. Companies such as Google and Microsoft have recently posted about the cyber threats most likely to impact French entities in the run-up to the games in July and August this year. Mandiant has warned of the possibility of different types of malicious actors carrying out cyber-attacks against the Games. Possible attack typologies could include cyber espionage and intelligence operations, hacktivist, or economically motivated actions, as well as other disruptive and destructive attacks.
In addition, Microsoft has highlighted two information operations currently being carried out by malicious actors Storm-1679 and Storm-1099, which would aim to both attack the reputation of the International Olympic Committee and create the expectation of violence at the Games.
RansomHub analysis traces its origins to Knight ransomware
Symantec researchers have published a report in which they claim that the origin of the ransomware RansomHub is the extinct Knight. Specifically, the experts point out that there are many similarities between the two ransomware families, including the fact that they are written in Go and use Gobfuscate for obfuscation, there is a lot of code overlap, the ransom notes are similar, the command-line help menus of the two ransomwares are identical, they use similar obfuscation techniques, among others. It is worth noting that RansomHub first appeared in February 2024, which coincides with the sale of Knight's source code.
Ultimately, RansomHub is estimated to have grown into one of the most prolific RaaS operations, with affiliates of other tools such as Blackcat, Notchy and Scattered Spider believed to be behind it.
Microsoft's Recall Function could allow data exfiltration
Security researchers have demonstrated how threat actors could steal data collected by Microsoft's Recall feature. Recall, enabled by default in new Copilot+ PCs, allows Windows users to easily find previously viewed information on their PC through periodic screenshots. Microsoft attempted to downplay the significance by claiming that the data is processed locally and requires physical access and valid credentials to obtain, but researchers have refuted this claim. Specifically, Marc-André
Moreau showed how a password can be easily recovered from an unencrypted SQLite database. Alexander Hagenah created TotalRecall, an open-source tool that extracts data from Recall. Also, Kevin Beaumont warned that infostealers can be modified to steal Recall data, demonstrating that commercial malware can exfiltrate information before it is detected by Microsoft Defender.
◾ This newsletter is one of the deliverables of our Operational and Strategic Intelligence service. If you are interested in knowing the rest of the Operational and Strategic Intelligence contents included in the service, please contact us →
