Security News > 2022 > June

The rate of IT security incidents increases the more Microsoft 365 security features are used, according to Hornetsecurity. They point to the likelihood that organizations with a high number of implemented security features have done so as a result of sustained cyber-attacks over a period of time, in an attempt to mitigate security threats.

As organizations struggle with too many alerts, too few security analysts, and increasingly complex security stacks, they are rapidly upgrading from Managed Security Service Providers and legacy security tools such as SIEMs that aggregate alerts, to action-oriented MDR services. "The perfect storm of too many security tools creating too many alerts for overstretched security teams has created an urgent need for many organizations to move to more advanced managed security services."

Kolide notifies your team via Slack when their devices are insecure and gives them step-by-step instructions on how to solve the problem. For IT admins, Kolide provides a single dashboard that lets you monitor the security of your entire fleet, whether they're running on Mac, Windows, or Linux.

QNAP, Taiwanese maker of network-attached storage devices, on Wednesday said it's in the process of fixing a critical three-year-old PHP vulnerability that could be abused to achieve remote code execution. "A vulnerability has been reported to affect PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24, and 7.3.x below 7.3.11 with improper nginx config," the hardware vendor said in an advisory.

The Computer Emergency Response Team of Ukraine has cautioned of a new set of spear-phishing attacks exploiting the "Follina" flaw in the Windows operating system to deploy password-stealing malware. Attributing the intrusions to a Russian nation-state group tracked as APT28, the agency said the attacks commence with a lure document titled "Nuclear Terrorism A Very Real Threat.rtf" that, when opened, exploits the recently disclosed vulnerability to download and execute a malware called CredoMap.

Europol on Tuesday announced the dismantling of an organized crime group that dabbled in phishing, fraud, scams, and money laundering activities. The cross-border operation, which involved law enforcement authorities from Belgium and the Netherlands, saw the arrests of nine individuals in the Dutch nation.

Nearly five dozen security vulnerabilities have been disclosed in devices from 10 operational technology vendors due to what researchers call are "Insecure-by-design practices." Collectively dubbed OT:ICEFALL by Forescout, the 56 issues span as many as 26 device models from Bently Nevada, Emerson, Honeywell, JTEKT, Motorola, Omron, Phoenix Contact, Siemens, and Yokogawa.

The National Security Agency and cybersecurity partner agencies issued an advisory today recommending system administrators to use PowerShell to prevent and detect malicious activity on Windows machines. "Blocking PowerShell hinders defensive capabilities that current versions of PowerShell can provide, and prevents components of the Windows operating system from running properly. Recent versions of PowerShell with improved capabilities and options can assist defenders in countering abuse of PowerShell".

The paper [PDF], titled "Mega: Malleable Encryption Goes Awry," by ETH cryptography researchers Matilda Backendal and Miro Haller, and computer science professor Kenneth Paterson, identifies "Significant shortcomings in Mega's cryptographic architecture" that allow Mega, or those able to mount a TLS MITM attack on Mega's client software, to access user files. "The first two attacks exploit the lack of integrity protection of ciphertexts containing keys, and allow full compromise of all user keys encrypted with the master key, leading to a complete break of data confidentiality in the MEGA system," the paper explains.

Cisco has alerted customers to four vulnerabilities in its products, including a high-severity flaw in its email and web security appliances. The flaw is present in the web management interface of Cisco's Secure Email and Web Manager and Email Security Appliance in both the virtual and hardware appliances.