- Dec 23, 2022

Cyber Outlook Rundown 12/23/22

Cybersecurity News

A Cybersecurity briefing on noteworthy Cyber Attacks, Vulnerabilities, and InfoSec news.

Noteworthy Cyber Attacks Reported

Update to the LastPass Breach - It was confirmed that customer password vaults were stolen. The passwords themselves were encrypted but anyone that was using a weak password will undoubtedly get exposed with the use of brute force attacks, opening up all the passwords and sensitive information stored in the vault. There is also unencrypted information in the vault, such as the website URLs that were stored, and the user's name and email. This will make it much easier to launch targeted phishing campaigns on these users. For any users impacted, they should go through each account, starting with the most important/sensitive accounts (e.g., password managers, banking, email, file storage, backups, etc.) and reset the passwords following current best practices. Make sure that MFA is setup on every account, ideally using OTP generators. And verify that all account recovery information (for password resets) is accurate. https://www.theverge.com/2022/12/22/23523322/lastpass-data-breach-cloud-encrypted-password-vault-hackers
Comcast Xfinity accounts have been hacked in widespread credential stuffing attacks that bypassed the 2FA security. The compromised accounts enabled attackers to reset passwords for other sites. https://www.bleepingcomputer.com/news/security/comcast-xfinity-accounts-hacked-in-widespread-2fa-bypass-attacks/
The Guardian has been hit by a serious IT incident, which is believed to be a ransomware attack. The incident began late on Tuesday night and has affected parts of the company’s technology infrastructure, with staff told to work from home. There has also been some disruption to behind-the-scenes services. https://www.theguardian.com/media/2022/dec/21/guardian-hit-by-serious-it-incident-believed-to-be-ransomware-attack

Noteworthy Vulnerabilities / Threats Discovered

As we have now come to expect, holiday phishing scams are being seen and reported everywhere, taking many different forms and strategies. Some are more sophisticated than in the past, with convincing images, spoofed domains, and enticing language, but there are still the typical scam emails with poor grammar and spelling that can easily be detected. One thing is for sure, the volume of scams continues to rise each year, and everyone should always read everything with a discerning eye. Never respond or click on anything unless you were expecting it and have verified all the relevant information. https://www.fortinet.com/blog/threat-research/trying-to-steal-christmas-again
Security researcher Eugene Lim uncovered a Zoom bug impacting both the desktop and web versions of its Whiteboard app. The cross-site scripting (XSS) vulnerability in Zoom Whiteboard could let attackers bypass the sanitization check and send arbitrary JavaScript code to other users. https://portswigger.net/daily-swig/zoom-whiteboard-patches-xss-bug
The FIN7 hacking group is leveraging an automated attack system known as Checkmarks to abuse Microsoft Exchange and SQL injection flaws in targeted systems. https://www.bleepingcomputer.com/news/security/fin7-hackers-create-auto-attack-platform-to-breach-exchange-servers/
Zerobot (also called ZeroStresser) is a Go-based botnet that spreads primarily through IoT and web application vulnerabilities, is an example of an evolving threat, with operators continuously adding new exploits and capabilities to the malware. Zerobot is offered as part of a malware as a service scheme and has been updated several times since Microsoft started to track it. This article provides information on the latest version analyzed, Zerobot 1.1. https://www.microsoft.com/en-us/security/blog/2022/12/21/microsoft-research-uncovers-new-zerobot-capabilities/