Security News > 2022 > July

Microsoft on Tuesday disclosed that a large-scale phishing campaign targeted over 10,000 organizations since September 2021 by hijacking Office 365's authentication process even on accounts secured with multi-factor authentication. The intrusions entailed setting up adversary-in-the-middle phishing sites, wherein the adversary deploys a proxy server between a potential victim and the targeted website so that recipients of a phishing email are redirected to lookalike landing pages designed to capture credentials and MFA information.

Consumer electronics maker Lenovo on Tuesday rolled out fixes to contain three security flaws in its UEFI firmware affecting over 70 product models. "The vulnerabilities can be exploited to achieve arbitrary code execution in the early phases of the platform boot, possibly allowing the attackers to hijack the OS execution flow and disable some important security features," Slovak cybersecurity firm ESET said in a series of tweets.

Retbleed is also the latest addition to a class of Spectre attacks known as Spectre-BTI, which exploit the side effects of an optimization technique called speculative execution by means of a timing side channel to trick a program into accessing arbitrary locations in its memory space and leak private information. Speculative execution attempts to fill the instruction pipeline of a program by predicting which instruction will be executed next in order to gain a performance boost, while also undoing the results of the execution should the guess turn out to be wrong.

Most IT infrastructures evolve over time as the needs of the business and its users change to meet fresh demands and comply with updated organizational policies and regulatory requirements. Because IT staff rarely have the time to orchestrate root and branch transformations, they generally end up layering additional tools and applications on top of, or alongside, the ones they already have to smooth the transition.

51% of industrial organizations believe that the number of cyber attacks on smart factories is likely to increase over the next 12 months, according to the Capgemini Research Institute. 47% of manufacturers say cybersecurity in their smart factories is not a C-level concern.

Security researchers have discovered a new speculative execution attack called Retbleed that affects processors from both Intel and AMD and could be used to extract sensitive information. Retpoline was released a software-based solution to mitigate speculative execution attacks by using return operations to isolate indirect branches.

Like Microsoft's new security patch technology, SOC automation intends to both improve an enterprise's security posture and reduce the burden on security engineers and security analysts. The real work of the SOC continues to be handled by security engineers who maintain the tools and the security analysts who have the insights that can assess attacks and determine what the organization should do to address threats.

INKY researchers disclosed the latest variant of the tried-and-true phone scam, a low-tech phone scam where attackers extract personal information by sending out spoofed emails from what appears to be a legitimate source, with no suspicious links or malware attachments, just a pitch and a phone number. In this Help Net Security video, Roger Kay, VP of Security Strategy, INKY, talks about how this time around, attackers impersonated reputable retail brands such as Amazon, Apple, and Paypal, to send out legitimate notifications from QuickBooks, an accounting software package used primarily by small business and midmarket customers who lack in-house expertise in finance and accounting.

Despite $4,252,500 of annual budget spent on endpoint protection, an average of 48 percent of devices - or 64,800 per enterprise - are at risk because they are no longer detected by the organization's IT department or the endpoints' operating systems have become outdated. 63 percent of respondents find that the lack of visibility into their endpoints is the most significant barrier to achieving a strong security posture.

"The clear implication is that, however pernicious external threats have become, cybersecurity teams still have the power to repel them. And that's the good news: With the right practices and tools - including automation to maximize efficiency and get the most out of limited staff - breaches can be prevented." The study surveyed executives and analyzed the cybersecurity investments, practices, and performance of 1,200 companies and public-sector organizations in 16 countries and a wide range of industries.