A global cybersecurity firm reported that one-third of suspicious emails marked by employees were indeed malicious ones that may have attempted to phish the users of their PII (Personally Identifiable Information) and other critical organizational information. This indicates how crucial cybersecurity awareness training can prove to be in tackling the global menace of growing cybercrime. Here are this week’s cyber news headlines that cover a tech giant patching critical vulnerabilities, one country blaming another for launching cyberattacks against them, and more.
Beware of MS Office Documents From Scammers
Microsoft has recently released a warning message for users to beware of malicious Office documents that adversaries are circulating by exploiting a zero-day vulnerability in Internet Explorer. The vulnerability has been dubbed CVE-2021-40444 and has a severity score of 8.8. Microsoft is now investigating the remote code execution flaw in MSHTML (the proprietary browser engine for Internet Explorer), which the attackers exploit to create a malicious ActiveX control and embed it in an MS Office document. The vulnerability is more likely to affect user accounts operating with administrative user rights.
Cybersecurity researchers from Mandiant and EXPMON first identified this highly sophisticated zero-day vulnerability. EXPMON tweeted about the same, adding that the adversaries exploited logical flaws that make the malicious documents seem reliable. However, users who run MS Office with default configurations remain unaffected by this flaw because, in such cases, web downloads are opened in Protected View. Once its investigations are over, Microsoft will likely release the patch for the vulnerability either as part of the Patch Tuesday release or as an out-of-band patch. Meanwhile, users must disable ActiveX controls in Internet Explorer to ensure threat protection.
AnaCap Makes Huge Investment In WebID
A significant cybersecurity investment should not go unnoticed, and therefore, AnaCap Financial Partners’ latest investment in WebID must not go unreported. AnaCap is a leading specialist in technology-led financial services who made a major investment in the leading German digital identification provider – WebID. AnaCap’s interest and investments will make WebID product listings reach a broader customer base across industries like eCommerce, eGovernment, eMobility, and eHealth. WebID provides a host of cybersecurity tools for KYC purposes like AI-powered identification, online banking, video call verification, eSigning through qualified electronic signature (QES) solutions, etc.
Being a facilitator of the shift from offline to online functioning, WebID digitalizes people’s lives and makes things convenient and eco-friendly. WebID is already in a thriving position, and AnaCap’s implementation of the buy-and-build strategy promises to manage and support the next stage of WebID’s growth. WebID perceives AnaCap’s investment as a merger of two like-minded entities that shall help WebID enhance and expand its hitherto organic growth.
Tesla’s FSD Beta Software Leaks Among Community Members
Cybersecurity issues with Tesla often make it to the headlines. Despite the preventive measures adopted by them, their Full Self-Driving (FSD) Beta software was recently leaked and circulated among the Tesla hacking community. Fortunately, the malicious actors did not have any malicious intentions and were Tesla car owners who just wanted to try the software. The Tesla FSD Beta software was accessible only to a few customers as part of the early access program. This disappointed some customers as they had paid up to $10,000 to get early access to the Full Self-Driving package.
Reports indicate that the FSD Beta software has leaked and passed on among the Tesla root access community. The root community is trying to limit the access of the Beta software despite people trying to purchase the leak.
Google Patches Forty Vulnerabilities
The system updates are significant to ensure ransomware protection, particularly for our mobile phones, as all our financial and other accounts are logged in here. The September issue of Google’s Android Security Bulletin comes with patches for 40 such vulnerabilities in Android devices of which seven have been rated critical. These include vulnerabilities in:
- Framework component: One critical issue dubbed CVE-2021-0687 was patched in the Framework component. Affecting Android 8.1, 9, 10, and 11, this flaw could cause adversaries to deny service in user devices permanently. Six more high-severity vulnerabilities were also patched in the Framework component.
- Media framework: Patches were released for two high severity vulnerabilities in the media framework causing information disclosure issues.
- System component: The update patched six high-severity and one medium-severity vulnerability in the system component. These were a mix of elevation of privilege and information disclosure issues.
- Other components: The other components which received patches include MediaTek components, Kernel components, Qualcomm closed-source components, Unisoc components, and Qualcomm components. Twenty-three vulnerabilities were patched in all these components combined.
The September patch also fixed an issue in Google Play dubbed CVE-2021-0690. Users who haven’t yet updated their systems need to do so immediately before adversaries exploit any of the vulnerabilities.
Corporate Phishing Emails on The Rise
It is an undisputed fact that emails are the most commonly used means of launching phishing attacks. A recent report by F-Secure shows that over one-third of emails flagged as ‘suspicious’ by employees were indeed phishing emails. Organizations over the globe have been imparting cybersecurity training sessions to ensure email security and prepare their employees to detect phishing emails.
Fortunately, these training sessions are helping, and F-Secure’s report highlights that more than 200,000 emails marked as suspicious by employees were actually malicious. Cybersecurity teams are reportedly receiving a lot more phishing email alerts from employees now than a year ago. The NCSC alone removed 1.4 million malicious links embedded in emails last year, and this figure is higher than the combined total of the previous three years.
The adversaries usually target corporate networks because winning over one employee email account can enable them to access all systems, launch BEC attacks, or deploy ransomware. The F-Secure report also mentioned that some of the most frequently occurring phrases in phishing emails reported by employees include “Your funds have,” “Warning,” or “Message is for a trusted.”
German Government Being Targeted by Russian Threat Actors
The German parliament has called upon the Russian government to take action to end the Russian threat actor-groups-led cybersecurity breaches targeting the German government. Germany accuses Russia of launching a renewed cyber attack on the nation, and this accusation is backed by reliable information.
A group called, Ghostwriter is supposedly behind the nefarious activities to obtain PII of politicians ahead of the federal election later this month to launch identity theft scams against them. Allegedly, state threat actors of Russia or its GRU military intelligence have been said to be behind the attack(s).