Welcome to the latest edition of the Neu Cyber Threats, a weekly series in which we bring attention to the latest cyber attacks, scams, frauds, malware including Ransomware and DDoS, in order to ensure you stay safe online.

Here are the most prominent threats which you should be aware of:


Update on the Follina Vulnerability (CVE-2022-30190)

Whilst there has been no official patch for the Follina vulnerability, Microsoft has provided some workaround that can be implemented to prevent this vulnerability from being exploited. The Follina Zero-day was first discovered on the 30th of May 2022, which was issued the CVE-2022-30190 with regards to the Microsoft Support Diagnostic Tool (MSDT).

Mimecast, an email filtering service that utilises sandboxing techniques to analyse links and attachments, had this to say: “Mimecast’s security stack has been updated to cover known IOCs. We are also deploying supplemental detection to identify further and block the technique leveraged by the vulnerability.

Mimecast provides a comprehensive layered security approach by leveraging internally developed services combined with third-party partners throughout our stack. This includes heuristic-based machine learning and human analysis practices.”

This vulnerability allowed for the remote code execution if an end-user opened a document containing malicious code that exploited Follina. Microsoft is yet to announce if an official patch will be created for this vulnerability, but for more information about this and for guidance on how to utilise the Microsoft’s workaround, updates can be found here: https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/

Ransomware for IoT Devices can target IT and OT Networks

A new generation of Ransomware has been under research that can run through IoT devices to target central IT and OT (Operational Technology) Networks.

OT uses hardware and software to monitor and control physical processes, devices or infrastructure. OT networks can be found within many industries, including manufacturing, oil and gas, aviation, rail etc.

Forescout has researched the Ransomware called R4IoT. The proof of concept shows that using exploits with IoT devices, the use of lateral movement allows for the ability to conduct the Ransomware attack.

It’s essential to ensure that all devices within a network are patched with the latest security updates and that automatic updates are enabled.

Implementation of network segmentation will also restrict the ability of the attacker to move around devices.

Exploitable zero Day vulnerability with Confluence now patched

Atlassian has warned of a critical unpatched remote code execution vulnerability impacting Confluence Server and Data Centre products that it said is being actively exploited in the wild.

Confluence, which is a Team workspace developed by Atlassian, saw a critical vulnerability be exploited. The vulnerability (CVE-2022-26134) allowed the ability to inject arbitrary code through the Object-Graph Navigation Language. This vulnerability is similar to a previous vulnerability (CVE-2021-26084).

For up to date advice on security fixes and guidance for Confluence refer to their website below: https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html

If you are concerned about any cyber security issues within your business, contact us today on 01283 753 333 or email hello@neuways.com.