Vulnerability Awareness – New Microsoft Outlook Zero-Day Exploit Does Not Require User Action (Updated May 11, 2023)
May 11, 2023
Previously Patched Microsoft Outlook Zero-Day Can be Bypassed if New Update is not Applied
Cybersecurity
CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – May 11, 2023
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Ransomware Resilience – Report: Organizations Using Backups to Recover from Ransomware See Lower Recovery Costs
Sophos has released its The State of Ransomware 2023 report, which concludes that “independent of revenue, geography, or industry, ransomware continues to be major threat to organizations.” Sophos supports this conclusion with that fact that the number of ransomware victims whose data was encrypted by their victimizer has grown to 76 percent, the highest the report has seen since it began in 2020.
Threat Awareness – Malvertising Campaign Utilizing New Loader to Drop Aurora
Recent analysis by Malwarebytes highlights how threat actors continue leveraging malvertising in various ways to proliferate malware. Malwarebytes posted a blog discussing a recently observed advertising campaign directing victims to download a new loader labeled Invalid Printer, which later delivers Aurora malware as a payload. The attack begins as users click on a potentially risky ad, which redirects them to a full-screen browser window mimicking a Windows security update.
Ransomware Preparedness – Two Years After Colonial Pipeline Attack, U.S. Critical Infrastructure Still Not Prepared for Ransomware
It’s been two years since the ransomware attack on the Colonial Pipeline, which many observers view as a watershed moment in cybersecurity. While many positive strides have been made since the attack, which CISA details in a recent blog post, other analysts argue the threat from ransomware is still growing and impacting critical infrastructure organizations.
Joint Cybersecurity Advisory – Hunting Russian Intelligence “Snake” Malware
WaterISAC regularly provides awareness of recent CISA reporting. While direct relevance to your utility/organization on the details of each report may vary, activity alerts like this are practical for general awareness of active threats and adversary capabilities.
Security Awareness – Microsoft Phishing Attack Redirects Victims to a Catering Voice Recording
Security researchers at Cofense recently observed credential phishing campaigns that use a novel deception technique, directing victims to a voice recording that lures them into a false sense of security after they’ve provided their Microsoft credentials.
Cyber Resilience – Microsoft Universally Enables Number Matching for Microsoft Authenticator
Microsoft announced the implementation of number matching for push notifications via Microsoft Authenticator in an effort to counter the increasing prevalence of multi-factor authentication (MFA) fatigue attacks.
Ransomware Resilience – Federal Government: Low Victim Reporting Hampers Ransomware Response Efforts
CyberScoop has written an article discussing federal concerns over victims’ reluctance to report ransomware attacks to the broader community, as outlined in the Institute for Security and Technology’s Ransomware Task Force May 2023 Progress Report. The FBI and Justice Department have stated that only 20% of victims report if they’ve been infected.
CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – May 9, 2023
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
- Hitachi Energy MSM - Product used in the Energy Sector
- Mitsubishi Electric MELSEC and MELIPC Series (Update F)
Alerts, Updates, and Bulletins:
Pages
