Cybersecurity news headlines often report compromised systems, affecting operations and causing a loss of millions of dollars. Such attacks have increased in the recent past; therefore, being abreast of the latest cybersecurity headlines is essential. The following are the top cybersecurity headlines this week:

 

Beware of PayPal-Themed Phishing Kit

PayPal-themed phishing attacks are one of the earliest forms of social engineering attacks we can remember, and now they are back in the form of phishing kits. The adversaries are impersonating PayPal and asking users to verify their usernames and password because there has been “some unusual activity” in their accounts. These kits not only steal the usernames and passwords but also sensitive information such as credit card details, ATM pins, social security numbers, and login credentials which can be easily used to launch multiple attacks. Cyberattacks like money laundering, identity theft, opening fake cryptocurrency accounts, filing phony tax returns, etc., become too easy and common with the details stolen using these phishing kits.

Therefore, cybersecurity experts advise users to always verify links attached to emails by going to the legitimate website before clicking on an embedded link. Users must remember that PayPal never asks for their ATM pin, and if a form requests such information, it must ring the red alarms in your head.

 

CISA Adds High-Severity Flaw to its List of Bugs Abused in the Dark

CISA recently warned about a local privilege escalation vulnerability affecting the Windows Client/Server Runtime Subsystem (CSRSS). The flaw has been actively exploited in the wild and categorized as a high-severity security flaw. Tracked as CVE-2022-22047, the flaw affects both client and server Windows platforms, even in the latest Windows 11 and Windows Server 2022. The flaw was categorized as a zero-day flaw and patched by Microsoft as part of its July 2022 Patch Tuesday.

Agencies have time until 2nd August to get the patch to this actively exploited bug, as it can affect their systems on any given day. CISA mentioned that such vulnerabilities frequently become initial attack vectors for cyberattacks on federal enterprises, so it is important to get these cybersecurity patches on time.

 

Cisco Releases 10 Security Patches

Cisco recently released security patches for ten vulnerabilities, and one of these is a critical severity flaw that can be used to launch absolute path traversal attacks.

The flaws dubbed CVE-2022-20812 and CVE-2022-20813 impact the Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS). They could enable an adversary to conduct null-byte poisoning attacks or overwrite arbitrary files. With a CVSS score of 9.0, CVE-2022-20812 requires admin read-write access over the system to launch path traversal attacks on the victim’s system.

The second bug, CVE-2022-20813, has a CVSS score of 7.4 and has been identified as a null-byte poisoning flaw caused by improper certificate validation. Adversaries can easily use this flaw to launch man-in-the-middle (MitM) attacks. The high-severity flaw patched in this series of patches has been tracked as CVE-2022-20808, and it can be exploited to launch denial of service (DoS) attacks. Users are advised to install the patches at the earliest to ensure better cybersecurity.

 

FBI, CISA & U.S. Treasury Dept. Release Warning Against N.Korean Hackers

The FBI, CISA, and U.S. Treasury Department have issued a combined warning against hackers by the North Korean government. These threat actors are using the Maui ransomware to target public health organizations and other healthcare facilities across the U.S. The FBI discovered the Maui attacks on the healthcare sector in May 2021. It noted that the group encrypts servers related to electronic health record services, diagnostic services, and imaging services and keeps systems interrupted for a long time.

The cybersecurity experts are yet to decipher what acts as the initial access vector for the Maui attacks. Maui is different from other ransomware actors because it does not leave any ransom notes for the victims! The three federal agencies recommend healthcare firms adopt ransomware protection measures.

 

Beware of Fake WhatsApp Applications

Will Cathcart from WhatApp recently warned users to stay wary of fraudsters promoting fake versions of the popular messaging platform WhatsApp. Hackers are distributing malware hidden in these artificial WhatsApp applications that are somehow available on app stores.

The hackers attempt to draw users outside the storefront and make them download the infected app. The lure they used was “new features,” but these fake apps actually aimed to steal users’ personal information. Google Play Protect ensures you are safe from these cybersecurity scams, but those outside the purview of Google Play Store’s protection are still vulnerable.

However, enabling the mobile’s in-built feature of blocking app downs from unknown sources can help ensure protection against these bogus apps. Further, WhatsApp recommends users download the app only from the official stores (Android or iPhone).

 

SAP Released 20 Security Notes and 3 Updates as Part of its July 2022 Security Patch Day

German software maker SAP recently released 20 new security notes and three updates to previous security notes on its July 2022 Security Patch Day. Four of these security notes deal with high-severity vulnerabilities. While three of these flaws affect Business One, the other affects SAP BusinessObjects.

The riskiest of these flaws has been tracked as CVE-2022-35228 and awarded a CVSS score of 8.3. It is an information disclosure vulnerability affecting the central management console of the BusinessObjects Business Intelligence Platform. It enables adversaries to gain token information over the network. The first high severity flaw has been dubbed CVE-2022-32249 – an information disclosure flaw that allows adversaries to access (and steal) sensitive information and user credentials.

The second flaw, CVE-2022-28771, is a missing authorization check enabling attackers to compromise an application using malicious HTTP requests. The third bus is a code injection vulnerability tracked as CVE-2022-31593) that allows hackers to control application behavior. The remaining 17 notes address medium-severity cybersecurity flaws in Business Objects and the NetWeaver Enterprise Portal.

Pin It on Pinterest

Share This