Security News > 2022 > August

Over a dozen military-industrial complex enterprises and public institutions in Afghanistan and Europe have come under a wave of targeted attacks since January 2022 to steal confidential data by simultaneously making use of six different backdoors. Attack chains entail penetrating the enterprise IT networks using carefully crafted phishing emails, including some that referenced non-public information pertaining to the organizations, to trick recipients into opening rogue Microsoft Word documents.

In this video interview with Help Net Security, Stephanie Aceves, Sr. Director of Threat Response, Product Management at Tanium, talks about what organizations are doing wrong when it comes to threat response. Aceves illustrates interesting situations she encountered during ethical hacking engagements, and offers advice to CISOs that want to hire a red team.

Compromising an organization's cloud infrastructure is like sitting on a gold mine for attackers. Sometimes, a simple misconfiguration or a vulnerability in web applications, is all an attacker needs to compromise the entire infrastructure.

It is context that represents today's perimeter, with identity providing the killer context. Their location, the device they are using and details of the data they are trying to access also provide useful contextual information which can be used to deny access whenever an account behaves unusually.

In this interview for Help Net Security, Kunal Modasiya, VP of Product Management at Qualys, discusses how the new component, integrated into CyberSecurity Asset Management 2.0, adds the external attacker view to identify previously unknown internet-facing assets for a complete and accurate picture of the enterprise attack surface. The new component adds the outside-in external attacker view to identify previously unknown internet-facing assets for a complete and accurate picture of the enterprise attack surface.

A significant percentage of organizations expose insecure or highly sensitive protocols, including SMB, SSH, and Telnet, to the public internet, the ExtraHop Benchmarking Cyber Risk and Readiness report has shown. Sixty-four percent of organizations have at least one device exposing this protocol to the public internet.

The U.S. Cybersecurity and Infrastructure Security Agency has added two more flaws to its catalog of Known Exploited Vulnerabilities, based on evidence of active exploitation. Officially tracked as CVE-2022-34713 and informally referred to as DogWalk, the security flaw in MSDT allows an attacker to place a malicious executable into the Windows Startup folder.

Of the 121 Microsoft bugs, 17 are considered critical. First, CVE-2022-34713, a remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool that's under active attack.

A new credit card stealing campaign is underway in Singapore, snatching the payment details of sellers on classifieds sites through an elaborate phishing trick. Classicscam is a fully-automated "Scam as a service" platform that targets users of classifieds sites attempting to sell or buy something listed on the pages.

Microsoft says that some of the Exchange Server flaws addressed as part of the August 2022 Patch Tuesday also require admins to manually enable Extended Protection on affected servers to fully block attacks. Remote attackers can exploit these Exchange bugs to escalate privileges in low-complexity attacks after tricking targets into visiting a malicious server using phishing emails or chat messages.