Title: Microsoft Reveals Cause Behind this Week’s Microsoft 365 Outage
Date Published: June 22, 2022
Excerpt: “Microsoft has revealed that this week’s Microsoft 365 worldwide outage was caused by an infrastructure power outage that led to traffic management servicing failovers in multiple regions. Starting on Monday, June 20, at 11:00 PM UTC, customers began experiencing and reporting several issues while trying to access and use Microsoft 365 services. According to Microsoft, problems encountered during the incident included delays and failures when accessing some Microsoft 365 services.”
Title: Critical PHP Flaw Exposes QNAP NAS Devices to RCE Attacks
Date Published: June 22, 2022
Excerpt: “QNAP has warned customers today that most of its Network Attached Storage (NAS) devices are vulnerable to attacks that would exploit a three-year-old critical PHP vulnerability allowing remote code execution. The Taiwanese hardware vendor has already patched the security flaw (CVE-2019-11043) for some operating system versions exposed to attacks (QTS 5.0.1.2034 build 20220515 or later and QuTS hero h5.0.0.2069 build 20220614 or later).”
Title: Yodel Parcel Company Confirms Cyberattack is Disrupting Delivery
Date Published: June 21, 2022
Excerpt: “Services for the U.K.-based Yodel delivery service company have been disrupted due to a cyberattack that caused delays in parcel distribution and tracking orders online. The company has not published any details about the incident, such as when it occurred or its nature but implies that customer payment information has not been affected since it is neither stored on its systems nor processed by them. According to customers waiting package delivery, Yodel’s tracking and customer services went down over the weekend, some of them claiming that they’ve had no information on packages for at least four days.Cybersecurity researcher Kevin Beaumont today said that there are rumors about Yodel being hit by a ransomware attack, a plausible theory considering that these threat actors typically avoid to encrypt victim computers on weekdays, when the process is more likely to be discovered.”
Title: Russian Govt Hackers Hit Ukraine with Cobalt Strike, CredoMap Malware
Date Published: June 21, 2022
Excerpt: “The Ukrainian Computer Emergency Response Team (CERT) is warning that Russian hacking groups are exploiting the Follina code execution vulnerability in new phishing campaigns to install the CredoMap malware and Cobalt Strike beacons. The APT28 hacking group is believed to be sending emails containing a malicious document name “Nuclear Terrorism A Very Real Threat.rtf.”. The threat actors selected the topic of this email to entice recipients to open it, exploiting the fear that’s spread among Ukrainians about a potential nuclear attack. Threat actors also used a similar tactic in May 2022, when CERT-UA identified the dissemination of malicious documents warning about a chemical attack. The RTF document used in the APT28 campaign attempts to exploit CVE-2022-30190, aka “Follina,” to download and launch the CredoMap malware (docx.exe) on a target’s device.”
Title: Adobe Acrobat May Block Antivirus Tools from Monitoring PDF Files
Date Published: June 21, 2022
Excerpt: “Security researchers found that Adobe Acrobat is trying to block security software from having visibility into the PDF files it opens, creating a security risk for the users. Adobe’s product is checking if components from 30 security products are loaded into its processes and likely blocks them, essentially denying them from monitoring for malicious activity.”
Title: Crooks are Using RIG Exploit Kit to Push Dridex Instead of Raccoon Stealer
Date Published: June 22, 2022
https://securityaffairs.co/wordpress/132498/malware/rig-exploit-kit-dridex.html
Excerpt: “The switch occurred in February when Raccoon Stealer temporarily halted its activity as one of its developers was killed in the Russian invasion of Ukraine. The Raccoon stealer was first spotted in April 2019, it was designed to steal victims’ credit card data, email credentials, cryptocurrency wallets, and other sensitive data. Raccoon Stealer is offered for sale as a malware-as-a-service (MaaS) that implements an easy-to-use automated backend panel, operators also offer bulletproof hosting and 24/7 customer support in both Russian and English.”
Title: Flagstar Bank Discloses a Data Breach that Impacted 1.5 Million Individuals
Date Published: June 22, 2022
https://securityaffairs.co/wordpress/132490/data-breach/flagstar-bank-data-breach.html
Excerpt: “US-based Flagstar Bank disclosed a data breach that impacted roughly 1.5 million individuals, but the company did not share details about the attack. The security breach took place in early December 2021, and the investigation that was concluded early this month confirmed that actors had access to files containing the personal information of 1.5 million individuals. According to a data breach notification published by the financial institution, the attackers has access to the social security numbers of some of the impacted individuals. The company is notifying the affected individuals.”
Title: Euro Cops Dismantle Multimillion-Dollar Phishing Gang
Date Published: June 22, 2022
https://www.infosecurity-magazine.com/news/cops-dismantle-phishing-gang/
Excerpt: “Police across Belgium and the Netherlands are claiming to have dismantled an organized crime group responsible for stealing millions of euros from phishing victims. An action day on June 21 led to the arrests of nine individuals and 24 house searches in the Netherlands. Police also seized firearms, ammunition, jewelry, electronic devices, cash and cryptocurrency, according to Europol.”
Title: NIST SP 800-161r1: What You Need to Know
Date Published: June 21, 2022
Excerpt: “Modern goods and services rely on a supply chain ecosystem, which are interconnected networks of manufacturers, software developers, and other service providers. This ecosystem provides cost savings, interoperability, quick innovation, product feature diversity, and the freedom to pick between rival providers. However, due to the many sources of components and software that often form a final product, supply chains carry inherent cybersecurity risks. Organizations need to be aware of the risks associated with goods and services that may include potentially harmful functionality, counterfeiting, or susceptibility to other vulnerabilities as a result of poor manufacturing and development procedures throughout the supply chain. The National Institute of Standards and Technology (NIST) has revised its Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations publication. The document, found under the heading, Special Publication 800-161r1SP revises the guidelines for recognizing, analyzing, and reacting to cybersecurity threats across the supply chain at all organizational levels. It helps NIST meet its duties under the 2021 Executive Order on Improving the Nation’s Cybersecurity, which tackles the rise of software security vulnerabilities across the supply chain.”
Title: Discovery of 56 OT Device Flaws Blamed on Lackluster Security Culture
Date Published: June 22, 2022
https://threatpost.com/discovery-of-56-ot-device-flaws-blamed-on-lackluster-security-culture/180035/
Excerpt: “Researchers discovered 56 vulnerabilities affecting devices from 10 operational technology (OT) vendors, most of which they’ve attributed to inherent design flaws in equipment and a lax approach to security and risk management that have been plaguing the industry for decades, they said. The vulnerabilities–found in devices by reputed vendors Honeywell, Emerson, Motorola, Siemens, JTEKT, Bentley Nevada, Phoenix Contact, Omron, Yogogawa as well as an unnamed manufacturer–vary in terms of their characteristics and what they allow threat actors to do, according to the research from Forescout’s Vedere Labs. Among the activities that threat actors can engage in by exploiting the flaws on an affected device include: remote code execution (RCE), with code executed in different specialized processors and different contexts within a processor; denial of service (DoS) that can take a device completely offline or block access to a certain function; file/firmware/configuration manipulation that allows an attacker to change important aspects of a device; credential compromise allowing access to device functions; or authentication bypass that allows an attacker to invoke desired functionality on the target device, researchers said.”