Welcome to the latest edition of the Neu Cyber Threats, a weekly series in which we bring attention to the latest cyber attacks, scams, frauds, malware including Ransomware and DDoS, in order to ensure you stay safe online.

Here are the most prominent threats which you should be aware of:

 

Dropbox

Microsoft warns Europe Cyber winter is coming after DDoS attack disrupts Russian bank

Microsoft has warned people in Europe to be aware of cyber attacks from Russia this winter after attacks hit Russia including one of the country’s largest banks.

The “unprecedented cyber attack from abroad” was the largest DDoS flood in history, says the St Petersburg- VTB financial institution. The Russian media have added the attack was planned and large scale, with its goal to cause disruption and inconvenience its customers.

It has been uncovered that although the attack came largely from foreign parts of the internet, some of it was carried out from Russian IP addresses which is very concerning. All Russian IP addresses will be handed over to law enforcement as participating in a DDoS attack is a criminal offence.

This attack on the bank comes after wiping software was deployed on Russian Mayors’ and Courts’ computers, the wiper poses as ransomware and demands half a million rubles, however regardless of where it is paid or not the files get deleted. This data-deleting malware has been circulating since before Russia invaded Ukraine, with kremlin-backed criminals were using it against Ukraine organisations since January.

Microsoft has therefore warned European nations and the US to brace for Kremlin-backed operations, which could prey on citizens’ concerns about rising energy prices and inflation, with there also being a threat of pro-Russian narratives being pushed

Zero-Day vulnerability discovered in Apple products

Earlier this week security updates were rolled out by Apple addressing an actively exploited Zero-Day vulnerability that could result in malicious code being spread, the update was for IOS, iPadOS, macOS, tvOS, and Safari web browsers.

The vulnerability tracked as CVE-2022-42856, has been described as a type of confusion error in the WebKit browser engine that could be triggered when processing specially crafted content, leading to arbitrary code execution. Although unclear it is thought that the attacks are thought to involve social engineering or a watering hole to infect the devices when visiting a rouge or infected legitimate domain via the browser.

Every third-party web-browser available for IOS or IpadOS is required to use the WebKit rendering engine.

Clément Lecigne of Google’s Threat Analysis Group has been credited with discovering and reporting the issue, the update comes two weeks after Apple patched the same bug in IOS 16.1.2 on November 30th, 2022. This marks the tenth zero-day vulnerability discovered in Apple software this year, and the ninth exploited zero-day flaw.

Keeping devices updated with the latest software is the best way to protect against these vulnerabilities, therefore older devices which can no longer be updated are a security risk and should be replaced as soon as possible.

Microsoft releases its last set of monthly security updates for 2022

Tech giant Microsoft has released its final set of security updates for 2022 which includes 49 fixes for vulnerabilities across its software and products.

Upon the breakdown of these vulnerabilities, six were rated Critical, 40 were rated Important and three were rated moderate in severity. Alongside these updates are the 24 additional vulnerabilities addressed in the Chromium-based Edge browser.

Then patch plugs two zero-day vulnerabilities, one of which is actively exploited and the other that’s listed as publicly disclosed. The former relates to the CVE-2022-44698 which is one of three bypass issues in Windows SmartScreen that could potentially be exploited by a malicious actor to evade mark of the web protections.

Allowing actors to create documents that won’t get tagged with Microsoft’s mark of the web, despite being downloaded for untrusted sites.

Microsoft is also patching multiple remote code execution bugs in Microsoft Dynamics NAV, Microsoft Sharepoint Server, PowerShell, Windows Secure Socket Tunneling Protocol, NET Framework, Contacts and Terminal.

While also resolving 11 remote code execution vulnerabilities in Microsoft Office Graphics, OneNote and Visio.

If you are concerned about any cyber security issues within your business, contact us today on 01283 753 333 or email hello@neuways.com.