Weekly Security News Round-Up for July 9th -15th

Jul 18, 2022

Traditional cybersecurity not cutting it.

Traditional security systems that depend on reactive, detect-and-respond measures and manual procedures can't keep up with modern threats, according to Skybox Security.


https://www.helpnetsecurity.com/2022/07/14/conventional-cybersecurity-approaches/?web_view=true



Attack Can Unmask Anonymous Users on Any Browser

NJIT (New Jersey Institute of Technology( researchers will present their findings at the Usenix Security Symposium in Boston next month. The findings show how an attacker who tricks a visitor into loading a malicious website can determine if the visitor controls a public identifier, like an email address or social media account, thus linking the visitor to potentially personal data.


https://www.wired.com/story/web-deanonymization-side-channel-attack-njit/?&web_view=true



Ransomware Activity hits an uptick in Q2

Digital Shadows said that ransomware activity surged by a fifth last quarter.The organization that monitors dark web data leak sites saw ransomware gangs identify 705 victims in Q2 2022, a 21% rise over Q1's 582. This followed a 25.3% quarterly drop in Q1.


https://www.infosecurity-magazine.com/news/ransomware-activity-resurges-q2/?&web_view=true



Mantis botnet launches most powerful DDoS attacks to date

Cloudflare says Mantis botnet is behind the greatest DDoS assaults, which hit over 1,000 customers in recent weeks, peaking at 26 26 million HTTPS requests per second (rps in June.


https://www.zdnet.com/article/this-tiny-botnet-is-launching-the-most-powerful-ddos-attacks-yet/?web_view=true



The future of SOCs: Automation

Sophisticated assaults, remote work, and evolving technology challenge firms to maintain IT security while reducing expenses and leveraging overloaded labor. SOCs employ automation to manage complexity, increase process performance, and boost staff productivity.


https://www.helpnetsecurity.com/2022/07/14/future-soc-automation/?web_view=true



Microsoft Teams vulnerability via flawed stickers feature

A security researcher observed that attackers may utilize Microsoft Teams' stickers to launch XSS attacks.


https://portswigger.net/daily-swig/microsoft-teams-security-vulnerability-left-users-open-to-xss-via-flawed-stickers-feature?&web_view=true



Nearly 50% of business endpoint devices are insecure.

The typical organization manages 135,000 endpoint devices, according to a recent survey. Despite spending $4,252,500 annually on endpoint security, 48 percent of devices — or 64,800 per firm — are at danger because they are no longer identified by IT or the endpoints' operating systems are obsolete, according to Adaptiva and the Ponemon Institute.


https://www.techrepublic.com/article/enterprise-endpoints-present-risks/?web_view=true



Use-after-free condition in Google Chrome WebGPU

Chromium is the open-source version of Google Chrome that other software developers use to construct own browsers. WebGPU is a JavaScript API for accelerated 3-D graphics and other browser operations.


When Chrome visits a specially constructed web page, TALOS-2022-1508 (CVE-2022-2399) happens. This page might cause a use-after-free situation in the program, allowing an attacker to influence the browser.


https://blog.talosintelligence.com/2022/07/chrome-web-gpu-useafterfree.html?&web_view=true



Adobe releases security updates for Acrobat, Reader, Photoshop and other products

Adobe has released security updates for Acrobat and Reader, RoboHelp, Photoshop, and Character and Animator products.


Vulnerabilities could exploited to take control systems.


https://www.securezoo.com/2022/07/adobe-has-released-security-updates-for-acrobat-and-reader-photoshop-and-other-products/?web_view=true



Microsoft releases PoC exploit for macOS sandbox escape vulnerability

Microsoft revealed exploit code for a macOS vulnerability that might let an attacker circumvent sandbox constraints and execute programs.


Technical details were released for the security issue, currently identified as CVE-2022-26706, and explained how macOS App Sandbox rules could be bypassed to allow malicious macro code in Word documents to execute commands on the machine.


https://www.bleepingcomputer.com/news/security/microsoft-releases-poc-exploit-for-macos-sandbox-escape-vulnerability/



CISA orders agencies to patch new Windows zero-day

CISA has added an actively exploited local privilege escalation vulnerability in the Windows Client/Server Runtime Subsystem (CSRSS) to its list of exploited issues.


CVE-2022-22047 affects server and client Windows systems, including Windows 11 and Windows Server 2022.


https://www.bleepingcomputer.com/news/security/cisa-orders-agencies-to-patch-new-windows-zero-day-used-in-attacks/?&web_view=true



Microsoft 365 patches for Windows 7 to end in 2023

Windows 7 ESU program will end on January 10, 2023, along with support for Windows 8.1, Microsoft 365 apps running on the deprecated code (including Windows Server 2008 R2).


https://www.theregister.com/2022/07/12/microsoft_365_windows_7_eol/?&web_view=true



Microsoft Releases Fix for Zero-Day Flaw in July 2022 Security Patch Rollout

Microsoft's monthly Patch Tuesday upgrades address 84 new security weaknesses across numerous product categories, including a zero-day vulnerability under active assault.


Four of 84 flaws are Critical and 80 are Important. Google also fixed two issues in the Chromium-based Edge browser, one of which plugs a zero-day hole being exploited in real-world assaults.


Top of the list is CVE-2022-22047 (CVSS score: 7.8) which is a privilege escalation in Windows Client Server Runtime Subsystem (CSRSS) that might be leveraged to get SYSTEM rights.


https://thehackernews.com/2022/07/microsoft-releases-fix-for-zero-day.html?&web_view=true



Authomize Discovers PassBleed Password Stealing and Impersonation Risks in Okta

Identity Providers are organizations' trusted management solution for Single Sign-On, Multi-Factor Authentication, directory services, and access provisioning.

https://www.authomize.com/blog/authomize-discovers-password-stealing-and-impersonation-risks-to-in-okta/


Authomize's research lab has found a number of high-impact inherent security issues in Okta, an IdP.


https://www.authomize.com/blog/authomize-discovers-password-stealing-and-impersonation-risks-to-in-okta/