This Month in Cybersecurity - July

Microsoft and Apple Squash Some Security Bugs

This last Tuesday, July 11th, Microsoft took aim at closing out some security loopholes and bugs found within its operating system and other services. A few of these were acknowledged to be undergoing active exploitation. Four of these exploits were considered to have a high CVSS score, which indicates the severity, or “badness”, of the exploits. One notable exploit that had been discovered through outside sources seems to be missing from this update, and experts advise to expect an out of cycle update from Microsoft that users should be ready to implement.

On the Apple side of things, one of the newer security measures instituted by the company, the Rapid Security Response system, pushed an update that was aimed at some zero day exploits the company had found. The update was, however, pulled when a bug was noticed that caused some websites not to load correctly. Just a few days later, the Rapid Security Response pushed another update, this one remaining, and as of now, has not shown to contain the original bug.


WordPress Targeted Through External Plugin

WordPress hosted websites have been undergoing a series of attacks by threat agents who are taking advantage of a security vulnerability via a payment plugin, known as WooCommerce. The plugin, that has been developed by Automattic and that has more than 600,000 active installations, has been patched, but numerous versions of the plugin are still susceptible to the exploit.

A third party has noted that over 157,000 sites were targeted over 1.3 million times in what is being noted as demonstrating “significantly more sophistication than similar attacks. Users of the WooCommerce plugin via WordPress are being urged to immediately update to the latest version of the plugin, 5.6.2.


Adobe Dealing With Another Critical Flaw, this time for ColdFusion

Adobe ColdFusion has been the target of ongoing attacks by threat agents in attempts to gain remote access to devices via webshells, malicious scripts designed to penetrate servers. The attacks have been executed via two exploits that were found to work in tandem to give the threat agents access to the servers.

Adobe has rolled out a patch that addresses one of the two exploits, but assures that both are needed in order for the threat agents to execute the attack, so updating one cripples the other as an exploit. They also suggest locking down installations of ColdFusions via admins to increase security and defense against similar attacks.

 

Defensible Strategies

Learn from those who have been attacked

Linux Under Growing Ransomware Attacks

Linux has never had a large presence within the the office or home side of workstations, making it not as popular of a target for threat agents when it comes to attacks. Linux, however, does make up a very large portion of web servers and other device types that most users are not dealing with on a daily basis.

In 2022, ransomware attacks to Linux, however, increased by 75% as threat agents realize that disrupting these devices causes many pain points for users and companies that utilize web services hosted by Linux servers. Organizations are being encouraged to take steps now to step up the security for Linux based equipment such as:

  • Endpoint protection

  • Patch management

  • Data backups

  • Access control

  • Awareness

  • Resilience testing

  • Procedure testing

Disruptions to Linux operations have the potential to be beyond the scale of what has been seen so far, so security of these devices are imperative.


Microsoft Discloses Email Breached by Chinese Hackers

On July 11th, Microsoft announced via a blog post that it had discovered that certain customers’ email systems, including unspecified government agencies, had been breached by Chinese threat agents to gather intelligence. Microsoft noted that they had been investigating unusual activity, but the threat agents were still able to manipulate credentials to gain access to accounts.

The U.S. Department of Homeland Security noticed the activity as well and notified both Microsoft and CISA to have the issues patched by Microsoft and close out the security vulnerabilities. Both CISA and Microsoft noted that while these attacks were well resourced and seemed to be more focused on espionage, these are still things that can affect regular end users.