Cybersecurity Weekly Briefing September 5-11

ElevenPaths    11 September, 2020
Cybersecurity Weekly Briefing September 5-11

Microsoft Patch Tuesday

Microsoft published on Tuesday its newsletter with updates for the month of September. In this new bulletin a total of 129 vulnerabilities have been corrected in 15 of its products, of which 23 are considered critical, 105 important and 1 severe. Among the critical vulnerabilities, 11 of them stand out, which would allow remote code execution in Windows (CVE-2020-1252), in Microsoft SharePoint (CVE-2020-1200 / 1210 / 1452 / 1453 / 1576 / 1595) and Microsoft SharePoint Server (CVE-2020-1460), as well as in Microsoft Dynamics 365 (CVE-2020-16857, CVE-2020-16862) and Microsoft Exchange (CVE-2020-16875). For this last vulnerability, there could be exploits according to some users. It is recommended that the latest Microsoft patches are installed as soon as possible.

More details: https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Sep

Emotet campaign in France

The French National Agency for Information Systems Security (ANSSI) issued an alert on monday warning of increasing Emotet activity in France. Since its return to activity in July, after five months absence, Emotet has been distributed in phishing campaigns all over the world. While ANSSI has observed how these campaigns have been paying special attention in companies and the French public administration in recent days. In the alert a series of recommendations and means of detection of Emotet are issued, due to the added risk that this malware carries, which once downloaded it installs other Trojans like TrickBot or QakBot. The warning from the French authorities is in addition to those already issued by agencies in New Zealand or Japan regarding this same malware.

All the info: https://www.cert.ssi.gouv.fr/alerte/CERTFR-2020-ALE-019/

New impersonation of the Tax Office to distribute malware

The National Institute of Cybersecurity (INCIBE) has warned of a new malware distribution campaign via emails impersonating the Tax Agency (AEAT). The emails, distributed this tuesday, are sent under the subject “AEAT – Notification Warning (random numbers)”. These emails inform the user about an alleged claim against their company for an undeclared invoice and inform that within the next 3 days a representative of the Tax Office will contact to arrange a meeting. The emails encourage the victim to open the attached Excel file (with AEAT password) where it is supposedly possible to find more information about the claim. When this file is opened, a request is made to activate it, and at this point is when the Trojan is downloaded.

More: https://www.incibe.es/protege-tu-empresa/avisos-seguridad/campana-distribucion-malware-traves-email-suplanta-aeat

Cyber-attacks affecting the US presidential elections

In recent weeks Microsoft has detected a new wave of cyberattacks targeting the US presidential elections. These attacks come from foreign groups such as Stronium, Zirconium and Phosphorus.

  • Regarding Stronium (Russia), the Microsoft Threat Intelligence Center (MSTIC) has linked them to a newly discovered theft pattern of Office365 credentials aimed at US and UK organisations directly involved in the elections. Credential collection is a well-known technique used by Strontium to enable future surveillance or intrusion operations. Their activity would have been monitored since April 2020 and, on this occasion, the group has used brute force and password spraying tools for the collection. Between September 2019 and June 2020, Stronium launched credential collection attacks against thousands of accounts in over 200 organisations. From 18 August to 3 September, the same attacks targeted 6,912 accounts belonging to 28 organisations. None of these accounts were successfully compromised.
  • Regarding Zirconium (China), their attacks have focused on prominent individuals in the international affairs community, as well as on campaigners and candidates, with almost 150 email commitments reached.
  • Finally, Phosphorus (Iran) has attempted to access personal and work accounts of people directly and indirectly involved with the elections.

More: https://blogs.microsoft.com/on-the-issues/2020/09/10/cyberattacks-us-elections-trump-biden/

Leave a Reply

Your email address will not be published. Required fields are marked *