Many companies and businesses use Microsoft Teams to communicate [...]
A recent vulnerability has been discovered for Microsoft SharePoint. CVE-2022-30157 was published on 15/06/2022 with a CVSS 3.1 score of 8.8, meaning it is a high rating in criticality. The vulnerability allows for the remote running of arbitrary code on affected Microsoft SharePoint Servers. The vulnerability exists in the processing of charts. They are tampering with the client-side data, which can trigger a serialisation of untrusted data. An attacker can leverage this to execute code. If you are using Microsoft SharePoint, it is highly recommended that you ensure all current patches are installed. For further information about CVE-2022-30157, click here.
Android 10 is set to end security support by the end of this year. It is important to know if your phone is using Android 10 and if you have the capability to upgrade to a newer version of Android. This can easily be checked by navigating to your settings and finding the software information. Within these settings, you should see an Android version. An update is needed if your version is saying 'Android version 10'. To see if your phone is eligible for the upgrade to Android 11 or 12, you will need to see if the update is within software updates. This can be performed by looking in the software update section of your settings for your phone. What do you risk if you don't upgrade your Android? If you do not upgrade to a supported Android version, you will no longer receive security updates for this software once the support for Android runs out. This means any vulnerabilities discovered will not be patched. Your phone becomes a permanent weakness for all your stored data.
The BlackCat Ransomware, which was first seen in November 2021, has since emerged as one of the most active ransomware groups. The group look for active vulnerabilities within organisations and pay in particular favour to the unpatched Microsoft exchange. The group gained access through this vulnerability and applied Rust-based Ransomware. According to the Cyber Security Analyst ANOZR WAY, the BlackCat group is the 3rd most active ransom group behind Lockbit 2.0 & Conti. They were recently targeting the University of Pisa. They held the University to ransom for an alleged $4.5 million. Ensuring a regular patching schedule is in place to apply any security update is the best option to defend against this attack style. It is also an excellent notion to ensure you have a good backup stance which is regularly checked and validated. Other things that can be put in place to secure your organisation against ransomware are to ensure the use of MFA(Multifactor authentication) and the implementation of good endpoint protection. Facilities that offer sandboxing technology can assess files sent in through email and ascertain if they have malicious intent.
In 2022, if your organisation is working remotely and [...]
Whilst there has been no official patch for the Follina vulnerability, Microsoft has provided some workaround that can be implemented to prevent this vulnerability from being exploited. The Follina Zero-day was first discovered on the 30th of May 2022, which was issued the CVE-2022-30190 with regards to the Microsoft Support Diagnostic Tool (MSDT). Mimecast, an email filtering service that utilises sandboxing techniques to analyse links and attachments, had this to say: “Mimecast’s security stack has been updated to cover known IOCs. We are also deploying supplemental detection to identify further and block the technique leveraged by the vulnerability. Mimecast provides a comprehensive layered security approach by leveraging internally developed services combined with third-party partners throughout our stack. This includes heuristic-based machine learning and human analysis practices.” This vulnerability allowed for the remote code execution if an end-user opened a document containing malicious code that exploited Follina. Microsoft is yet to announce if an official patch will be created for this vulnerability, but for more information about this and for guidance on how to utilise the Microsoft’s workaround, updates can be found here: https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/
In our recent articles, we have covered a few [...]
A very dangerous 0-day exploit for Microsoft Office (CVE-2022-30190 aka Follina) was announced earlier this week. This is a 0-day attack that sprung up out of nowhere, and there's currently no patch available. It affects all versions of MS Office. Detonating this malicious code is as simple as opening up an infected Word document —even in preview mode and with Macros disabled. We strongly advise you don't click on any attachments you are not expecting to receive! Further (technical) details can be found here: CVE-2022-30190 - Security Update Guide - Microsoft - Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability Rapid Response: Microsoft Office RCE - “Follina” MSDT Attack (huntress.com) We continue to monitor the situation and will provide further guidance/updates as necessary.
Cloud storage has never been more critical for companies [...]
The energy regulator Ofgem has issued advice after reports of cyber criminals contacting people and trying to access their bank details. Criminals are fraudulently requesting bank details under the guise of offering the council tax rebate currently being issued by the government. The NCSC has guidance advising how to recognise and report phishing emails, texts, websites and adverts or phone calls, which can be found here: Phishing: Spot and report scam emails, texts, websites and... - NCSC.GOV.UK. If you have received an email you’re not quite sure about, forward it to firstname.lastname@example.org. Suspicious texts should be forwarded to 7726.