Patching a Patch, Microsoft Rolls Out Fix
After rolling out a fix in March, Microsoft has pushed another patch that directly addresses a fix to an issue that the earlier patch did not completely solve. The vulnerability involved sending an email with a custom notification sound, which could contain a URL pointing to a remote server. When Outlook processed the email, it could inadvertently send the user's credentials to the remote server, potentially enabling unauthorized access to other resources and compromising the victim's data.
The patch was found to be incomplete, allowing for threat agents to bypass the protection. Specialists say that while releasing the patch, it brought more attention to the existing issue and allowed for others to find ways to manipulate and exploit the vulnerability. Microsoft is now suggesting that both patches be downloaded and installed as to shore up the vulnerabilities created in Outlook and the Windows API.
Apple Rolls Out New Style Update to Error
Apple released its first rapid security fix for iPhones and Macs. This type of patch is meant to be downloaded and applied automatically to protect devices from attacks without relying on users to update their systems. However, some users experienced issues downloading the update. Apple hasn't provided details about the specific vulnerabilities addressed or whether they were already being exploited.
The rapid security response is a new release type aimed at delivering important security improvements between regular software updates. By default, these fixes are applied automatically, but users can choose to receive them with regular OS updates instead. Apple suggests to download these updates as soon as possible, even if they have received the error.
WordPress being Targeted by Threat Agents
Threat agents have started to take advantage of a vulnerability found on May 2nd. The vulnerability allows attackers to steal sensitive information and gain higher privileges on affected WordPress sites. The flaw was discovered by Patchstack and publicly disclosed with a proof-of-concept exploit shortly after the plugin vendor released a security update. The exploit targets logged-in users with access to the plugin and can bypass default configurations, increasing its chances of success.
The Akamai Security Intelligence Group observed significant scanning and exploitation activity using the provided sample code. With over 1.4 million websites that have not upgraded to the latest version, the threat agents have a large selection of targets to pull from. It is being recommended to update to version 5.12.6 (backported) and 6.1.6
Defensible Strategies
Learn from those who have been attacked
Data Breach of Info over 10 Years Disclosed by Toyota
Toyota Motors has notified the public of a data breach that occurred that allowed for data including vehicle identification numbers, chassis numbers, and vehicle location information to be exposed. The breach was caused by a misconfigured database that was accessible without authentication.
Toyota has assured the information that was made available cannot be used to identify owner’s personal information and that they are unaware of any current abuse using this information. This is the second incident with Toyota within the last year; in October, Toyota notified users that personal information may have been leaked due to an access code being public on GitHub.
Hikers Info Exposed as Data Leak Affects French Company
La Malle Postale, a transportation company for hikers in France, announced that personal information and private messages of their clients were exposed. The leaked data included names, phone numbers, emails, SMS messages, passwords, and employee credentials. The leak was discovered by the Cybernews research team, and the company's data was accessible to the public.
Around 70,000 customer passwords and employee credentials were leaked. The passwords were encoded using easily crackable algorithms. The data breach poses risks such as identity theft, phishing scams, and social engineering attacks. La Malle Postale has since closed the data leak, but it is suggested that clients who could have been potentially affected change their account passwords, enable two-factor authorization, and monitor financial information for any unusual activity.