Emotet Phishing Ransomware

CloudSEK Daily Threat Bulletin – 13th February 2020

Round Up of Major Cyber Security News

JailCore App exposes inmates’ details on unsecured S3 bucket

JailCore, a cloud-based correctional facility management and compliance application, has left inmate details exposed on an unsecured Amazon S3 bucket. Wherein, 36,000 exposed PDF files could be accessed without a password. The files contained inmates’ information, including personal identifiers and prescription records. This exposed data could be potentially used to design phishing attacks and stigmatize prisoners.

Microsoft previews feature that protects docs opened outside ‘Protected View’

Microsoft has released ‘Safe Docs’ feature for public preview. Safe Docs is an Office 365 ProPlus security feature that will detect malware even if the office document is opened outside the Protected View sandbox. This feature aims to address the security risk to documents, when they are opened outside the Protected View, to perform activities such as printing. Thus, exposing the organization’s network to threats. Since this feature uses the Microsoft Defender antivirus backend, documents will be checked for all known threats.

Round Up of Major Malware and Ransomware Incidents

Microsoft advises admins to disable SMBv1 protocol to avoid malware

In a recent post, Microsoft has advised administrators to disable the 30-year-old SMBv1 network communication protocol on Exchange servers, since it does not have the security features that been updated in later versions of the SMB protocol. This is necessary to avoid it vulnerabilities, such as EternalBlue and EternalRomance, from being exploited by malware, such as TrickBotEmotetWannaCryRetefe,  NotPetya, and the Olympic Destroyer, that will infect other machines and steal login credentials.

2016 ransomware attack, on Florida county election office, ha been confirmed

It has come to light that an election office in a Florida county was targeted by a ransomware attack, weeks before the 2016 US presidential elections. The election office’s computer systems were infected and encrypted by the malware.

Round Up of Major Vulnerabilities and Patches

Patch to address critical flaw in WordPress GDPR Cookie Consent Plugin

WordPress GDPR Cookie Consent plugin, that is used to display cookie banners to show a website’s EU Cookie Law (GDPR) compliance, was found to have critical bugs. The 700,000 sites that use the plugin were rendered vulnerable to unauthorized content modification and malicious code injection, due to an improper access control. The vulnerability affects version 1.8.2, but has been patched in the version 1.8.3, that was released on the 10th of February.

Intel warns against a severe security flaw in the CSME subsystem

Intel has put out an advisory, warning against a severe security vulnerability in the CSME subsystem. This flaw could allow escalation of privilege, denial of service, and information disclosure. Intel has recommended that all CSME versions before 12.0.49 should be updated to versions 12.0.49, 13.0.21, and 14.0.11 or later, in which this issue has been addressed.

Leave a Reply

Your email address will not be published. Required fields are marked *