Breaches & Vulnerabilities in this week Cyber News...!

1. Security Scorecard’s Security Ratings Overview

Cybersecurity ratings or Security ratings are data-driven statistics, realistic and dynamic measurements of an organization. Security Scorecard also provides security rating solutions, and reports by considering 10 Risk Factors with cybersecurity ratings. You may evaluate your cybersecurity ratings as well as that of your business partners and other relevant firms with the aid of a Security Scorecard. Your company may swiftly evaluate the external security posture of enterprises of interest across 10 major risk indicators using the Security Scorecard dashboard. You can find out about particular problems identified by the Security Scorecard that affect your security posture and those of the businesses in your ecosystem. The 10 Risk factors are; Network Security, DNS Health, Patching Cadence, Application Security, Endpoint Security, Cubit Score, IP Reputation, Hacker Chatter, Information Leak, Social Engineering. Security Rating Solution: On the Security Issues platform, all the issues are listed in one place according to the level of severity as High, Medium, Low, Informational and positive signs. It includes the score impacted by a particular issue on the dashboard. As solutions, it consists of multiple solutions for a single issue. These issues will be listed according to risk factors. Security Rating Report: Online Reporting is the best part of the Security Scorecard. Anybody can easily understand the reporting part by looking at the summary or detailed report. The security scorecard is differentiated into 3 categories like Board View, Third-party monitoring and self-monitoring. (Read More).

2. Microsoft Exchange servers worldwide backdoored with new malware

Attackers used a newly discovered malware to backdoor Microsoft Exchange servers belonging to the government and military organizations from Europe, the Middle East, Asia, and Africa. The malware, dubbed Session Manager by security researchers at Kaspersky, who first spotted it in early 2022, is a malicious native-code module for Microsoft's Internet Information Services (IIS) web server software. "The Session Manager backdoor enables threat actors to keep persistent, update-resistant, and rather stealth access to the IT infrastructure of a targeted organization," Kaspersky?revealed?on Thursday. ?"In the case of Exchange servers, we cannot stress it enough: the past year's vulnerabilities have made them perfect targets, whatever the malicious intent, so they should be carefully audited and monitored for hidden implants if they were not already." Kaspersky uncovered the Session Manager malware while continuing to hunt for IIS backdoors similar to Owowa,?another malicious IIS module?deployed by attackers on Microsoft Exchange Outlook Web Access servers since late 2020 to steal Exchange credentials. (Source).

3. Macmillan shuts down systems after likely ransomware attack

Publishing giant Macmillan was forced to shut down their network and offices while recovering from a security incident that appears to be a ransomware attack. The attack reportedly occurred over the weekend, on Saturday, June 25th, with the company shutting down all of its IT systems to prevent the spread of the attack. Since then,?Macmillan editors have been unusually transparent about the security incident, telling agents and clients that they are not being ignored,?but have lost access to their systems, emails, and files. While Publishers Weekly said that the Macmillan field sales team was warning that the disruption could cause a delay in book shipments, Macmillan has already begun bringing systems back online, with employees now able to access their email. However, ransomware affiliates commonly steal data before encrypting devices for use in double-extortion attacks, where they threaten victims they’ll publish the stolen data if a ransom is not paid. If data was exfiltrated during the attack and a ransom is not paid, we will likely see a ransomware operation publishing the stolen files on their data leak site within a few weeks. (Source).

4. Chromium browsers vulnerable to dangling markup injection

A recently-patched security hole in Chromium browsers allowed attackers to bypass safeguards against dangling markup injection’, an attack that extracts sensitive information from webpages. While?dangling markup injection?is well-known and -addressed in Chromium browsers, the?new attack?took advantage of an unaddressed case in how the browser upgrades unsafe HTTP connections. Dangling markup injection captures data cross-domain in situations where full?cross-site scripting?(XSS) attacks aren’t possible. If an application doesn’t sanitize user-supplied data before integrating it into the markup, an attacker can take advantage to force the page to send some of the page’s markup to their server. Chromium also has another security feature that upgrades unsafe HTTP protocols used in the HTML markup. As a result, if an attacker provides a dangling markup injection string that uses the HTTP scheme, it will not go through the dangling markup injection sanitization process when the URL is upgraded to HTTPS. According to the conversation thread in the Chromium bug report platform, the function that switches the URL protocol to HTTPS causes the dangling markup flag to become false, which in turn bypasses the security checks on the URL string. The bug has been patched in the new version of Chromium-based?browsers. It is also a reminder of the complexities of managing the security of products that have many moving parts. Sometimes, a security fix in one part of the program can break the safeguards in another, as Chromium’s latest dangling markup injection vulnerability shows. (Source).

5. Malicious Messenger chatbots used to steal Facebook accounts

A new phishing attack is using Facebook Messenger chatbots to impersonate the company's support team and steal credentials used to manage Facebook pages. Chatbots are programs that impersonate live support people and are commonly used to provide answers to simple questions or triage customer support cases before they are handed off to a live employee. In a new campaign discovered by Trustwave, threat actors use chatbots to steal credentials for managers of Facebook pages, commonly used by companies to provide support or promote their services. The phishing attack starts with an email informing the recipient that their Facebook page has violated Community Standards, giving them 48 hours to appeal the decision, or their page will be deleted.?The Facebook page associated with the chatbot is a standard business page with zero followers and no posts. However, if a victim checked the profile, they would see a message stating that the profile is "Very responsive to messages," indicating that it is actively used. These types of scams are harder to detect, as many sites utilize AI and chatbots as part of their support pages, making them seem normal when encountered when opening support cases. As always, the best line of defense against phishing attacks is to analyze any URLs for pages requesting login credentials, and if the domains do not match the legitimate site's regular URL, then do not enter any credentials on that site. (Source).

6. Phishing Attacks Using Microsoft’s Cloud CDN Service AFD

A cybersecurity firm has identified a jump in phishing attacks on the content delivered via Azure Front Door (AFD) which is a cloud CDN service, courtesy of Microsoft. Resecurity researchers?found?multiple phishing pages hosted on the azurefd[.]net domain, allowing cybercriminals to steal user login information for business applications and email accounts.?Some of these domains are difficult to distinguish due to their naming and reference to Azure Front Door. The majority of phishing tools were made with clients of SendGrid, Docusign, and Amazon. Security officers revealed that the attackers are likely using an automated way to generate their phishing letters. By doing so they’re able to scale their campaigns to ultimately target a broader number of customers globally, which has previously been observed in spam strains delivered with Emotet and Oakbot. Cybercriminals are expected to continue using these phishing techniques in the days to come because of the phony authenticity and the ability to trick end users. The best method to take precautions is by training employees for phishing and BEC attacks, and also by reporting suspicious domains. (Source).

Visit us for any software related solutions at?TechBag Digital Pvt. Ltd.

All our Solutions and Services are delivered in SaaS Mode.

Free Expert Advices?are available for all the Solutions and before choosing to subscribe.

(TechBag is a software e-commerce marketplace that enables better decision-making for users while navigating through different software, and enabling vendors to reach a wider audience.)