Category: Cyber Intel Briefs

Critical Google Chrome CVE-2022-1096 Emergency Patch- Not much is known about the vulnerability itself or how great the impact would be if exploited, but the unusual release of this patch, which notably addresses just one vulnerability, means that this update shouldn’t be ignored. https://www.pcmag.com/news/google-patches-this-years-second-actively-exploited-chrome-zero-day CVE-2022-1040- An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older. […]

LAPSUS$ Cyber-Attacks LAPSUS$ is a relatively new threat actor group who is responsible for cyber-attacks on OKTA and Microsoft, as announced this month.  LAPSUS$ is also tied to cyber-attacks against NVIDIA, Samsung, and Vodafone, where the group posted screenshots showing evidence of those successful attacks. A key bit of information provided by the LAPSUS$ attacker group regarding the OKTA breach is that they are looking for credentials and access for […]

Critical CVE-2022-23277 | Microsoft Exchange Server Remote Code Execution Vulnerability- CVE-2022-23277 is a critical RCE vulnerability in Microsoft Exchange Server. An authenticated user can exploit this vulnerability to execute arbitrary code on an affected server. According to Microsoft’s Exploitability Index rating, this vulnerability is rated Exploitation More Likely High CVE-2022-24508 | Windows SMBv3 Client/Server Remote Code Execution Vulnerability- CVE-2022-24508 is a RCE vulnerability in the Microsoft Server Message Block 3.0 […]

Critical A update was released earlier this week for google chrome to address the previously mentioned critical and high vulnerabilities. Current version is 99. CVE-2022-24086- Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution. High CVE-2021-32586- An improper input validation vulnerability […]

Critical CVE-2022-24086- Critical Magento 0-Day Vulnerability- Improper input validation issue that could be weaponized to achieve arbitrary code execution. It’s a pre-auth flaw, which means it could be exploited without requiring credentials. https://thehackernews.com/2022/02/critical-magento-0-day-vulnerability.html High Multiple vulnerabilities in Google Chrome browser CVE-2022-0603- Use after free in File Manager. CVE-2022-0604- Heap buffer overflow in Tab Groups CVE-2022-0605- Use after free in Webstore API These vulnerabilities/bugs affect Stable Channel and Extended stable channel. […]

Cyber / MSP / MSSP Windows Services lay the groundwork for a Midas ransomware attack- An attack on a technology vendor in Decemeber of 2021 used a ransomware known as Midas to leverage at least two different commercial remote access tools and an open source Windows Utility in the process. This poses a threat to MSP’s and other businesses who use many remote access tools as a part of their […]

Cyber / MSP / MSSP No major attacks have occurred this week, however MSPs will continue to remain a top target for attackers. Phishing will remain the top attack vector throughout 2022. 94% of all malware gets delivered by email — using social engineering techniques to trick users into opening malicious attachments or links. Phishing attacks still continue to grow rapidly: just this year, Acronis reported blocking 23% more phishing […]