Welcome to the latest edition of the Neu Cyber Threats, a weekly series in which we bring attention to the latest cyber attacks, scams, frauds, malware including Ransomware and DDoS, in order to ensure you stay safe online.

Here are the most prominent threats which you should be aware of:

 

Dropbox

Ethical hacker receives $70,000 for uncovering a way to bypass Google Pixel phones lock screens 

An ethical hacker uncovered a high-severity issue that could be exploited to unlock all Pixel phones. The vulnerability at hand, tracked as CVE-2022-20465 allowed hackers with physical access to a Pixel phone to bypass lock screen protections such as fingerprint, PIN etc. 

Upon analysis of the source code commits intending to patch the flaw, it was discovered it was caused by an “incorrect system state,” which wrongly interprets the SIM card exchange event. 

The hacker reported the lock screen protection could be completely defeated when using specific steps. Once those steps are complete, the device automatically unlocks. This simple hack leaves the phone logged in and with that, the attacker can access all apps installed on the mobile device, including banking. That is why it is important to use the auto-log out for apps such as Online Banking to keep all data as secure as possible.  

Even brand-new phones have vulnerabilities, and it is crucial to stay on top of all the latest updates. The Last patch for the devices will resolve this vulnerability so it is important to enable automatic updates or ensure updates are installed sooner rather than later.

Windows release update, including patches for 6 Zero-Days 

Microsoft Windows users are urged to immediately install the latest Windows update containing 68 vulnerabilities, including 6 patches for 6 actively exploited Zero-Day vulnerabilities, with 12 rated Critical, 2 rated High and 55 rated important in severity. The update also includes the weaknesses closed out in OpenSSL last week.

Two older zero-day CVEs affecting Exchange Server have also been fixed. All customers are urged to update their Exchange Server systems, even if previously recommended mitigation steps were taken, as these are no longer advised once systems have been patched.

The exploited vulnerabilities are:

-         CVE-2022-41040 (CVSS score: 8.8) – Microsoft Exchange Server Elevation of Privilege Vulnerability (aka ProxyNotShell)

-         CVE-2022-41082 (CVSS score: 8.8) – Microsoft Exchange Server Elevation of Privilege Vulnerability (aka ProxyNotShell)

-         CVE-2022-41128 (CVSS score: 8.8) – Windows Scripting Languages Remote Code Execution Vulnerability

-         CVE-2022-41125 (CVSS score: 7.8) – Windows CNG Key Isolation Service Elevation of Privilege Vulnerability

-         CVE-2022-41073 (CVSS score: 7.8) – Windows Print Spooler Elevation of Privilege Vulnerability

-         CVE-2022-41091 (CVSS score: 5.4) – Windows Mark of the Web Security Feature Bypass Vulnerability

As well as these issues, the update also resolves multiple remote code execution flaws in Microsoft Excel, Word, ODBC Driver, Office Graphics, SharePoint Server, and Visual Studio, along with some privilege escalation bugs in Win32k, Overlay Filter, and Group Policy.

A leaked Telegram message reveals more details about a potential FTX hack 

Days after cryptocurrency exchange FTX filed for bankruptcy, the company indicated it had fallen victim to a cyber attack losing millions of dollars. A statement was shared on Twitter from new FTX CEO John Ray claiming unauthorised access to certain assets has occurred and that immediate steps to control the damage have been taken. 

Elliptic crypto risk management firm reports within a day of FTX filing its bankruptcy papers, a message circulated in the FTX Telegram channel warning its users about an ongoing cyber attack. A total of $663 million is said to have been taken from FTX wallets, with $477 million stolen and the rest put in cold storage when the attack was confirmed. 

$278 million of assets were in the form of Ethereum, the rest being Solana, Binance Smart Chain (BSC), and Avalanche tokens. The chief security officer at crypto exchange Kraken has claimed to know the identity of the user who moved the stolen funds. 

It did look like that owner was taking the coins through a backdoor that he created to hide from internal and external personnel, and it’s believed he has taken around $1 Billion worth. Any applications or software created for your company or used by your company should be checked and secured. Ensuring all applications follow things like The Open Web Application Security Project (OWASP) will ensure they a protected against common attacks. It is also important to ensure security support is in place for any applications or software and that these are implemented in a timely fashion.

If you are concerned about any cyber security issues within your business, contact us today on 01283 753 333 or email hello@neuways.com.