Welcome to our weekly cyber news roundup, where we bring you the latest and most important updates from the world of cyber security.
In the latest May 2023 Patch Tuesday, Microsoft issued security fixes for three zero-day vulnerabilities and a total of 38 flaws. This makes it one of the smaller Patch Tuesdays in terms of resolved issues, not counting the eleven Microsoft Edge vulnerabilities addressed on May 5th. Of the resolved vulnerabilities, six are classified as 'Critical', allowing for remote code execution, the most severe category of vulnerability.
The two zero-day vulnerabilities actively exploited and included in this update are:
CVE-2023-29336: Win32k Privilege Escalation Vulnerability
Microsoft has rectified a privilege escalation issue in the Win32k Kernel driver, which enables attackers to obtain SYSTEM privileges, Windows' top user privilege level. Although the bug is actively exploited, no details regarding its abuse have been disclosed.
CVE-2023-24932: Secure Boot Security Feature Circumvention Vulnerability
Microsoft has resolved a Secure Boot bypass vulnerability utilised by threat actors to deploy the BlackLotus UEFI bootkit. An attacker with physical access or administrative rights to a target device could exploit this vulnerability by implementing an impacted boot policy. UEFI bootkits, malware embedded in system firmware, are undetectable by security software operating within the OS. The BlackLotus bootkit has been available on hacker forums since October 2022 and has continued to develop its capabilities.
Besides the actively exploited vulnerabilities, Microsoft also issued a security update for a publicly disclosed zero-day vulnerability that was not being actively exploited.
Other vendors have also released updates or advisories in May 2023, these include:
Keep yourself informed and up-to-date on the newest security updates to safeguard your devices and data from potential threats with our weekly news roundups.
The UK, in collaboration with the FBI, the National Cyber Security Centre (NCSC), GCHQ, and security forces from New Zealand, Australia, and Canada, announced the successful dismantling of Russia's top espionage tool, the Snake malware implant. The joint advisory, released on Tuesday, aims to help organisations understand Snake's operations and provide suggested countermeasures to protect against the threat.
A high-ranking FBI official stated that the operation's success and the subsequent sharing of information with network defenders to strengthen their defences would make it extremely difficult for Russia's Federal Security Service (FSB) to rebuild the tool.
For almost two decades, the Snake malware and its variants have played a central role in Russian espionage activities led by Centre 16 of the FSB. The international intelligence agencies involved in cracking the code identified Snake infrastructure in over 50 countries, including the US and Russia.
The Cyber security and Infrastructure Security Agency in the US reported that the implant had been utilised to gather sensitive information from specific targets, such as government networks, research institutions, and journalists.
UK-based outsourcing company Capita has reported that the financial consequences of a recent cyber-attack will range from £15 million to £20 million as it works to recover the leaked data and strengthen its security measures. According to Capita, data was leaked from less than 0.1% of its servers during the March attack, as revealed by the company's own forensic investigation and third-party providers' analyses.
In a statement on Wednesday, Capita said that it has taken extensive measures to recover and secure the affected customer, supplier, and colleague data and address any issues resulting from the incident. The company expects to incur exceptional costs between £15 million and £20 million, which will cover specialist professional fees, recovery and remediation expenses, and investments to enhance Capita's cyber security environment.
Global cyber security apprehensions are nearing the levels experienced during the pandemic, with 68% of Chief Information Security Officers (CISOs) from 16 countries expressing concerns about a cyberattack within the next 12 months, according to a survey by ProofPoint.
Factors contributing to CISOs feeling more at risk and less prepared this year include an intensified threat landscape, challenges in data protection, strained cyber security budgets, CISO burnout, and concerns about personal liability. The report surveyed 100 CISOs from each of the 16 participating countries: the US, UK, Canada, France, Germany, Italy, Spain, Sweden, the Netherlands, UAE, Saudi Arabia, Australia, Japan, Singapore, South Korea, and Brazil.
The report also highlighted a significant willingness to pay ransoms, as 62% of CISOs expressed readiness to pay in order to restore systems and prevent data exposure in the event of a ransomware attack over the next 12 months. This may be related to the fact that 61% of respondents have cyber security insurance in place to cover various types of attacks.
If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation.
The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.
If you’d like more detailed threat intelligence news, Integrity360 offers this as part of our security monitoring managed services.
We also offer a tailored threat intelligence monitoring service for your organisation that actively monitors for threat actors and campaigns of direct relevance to your organisation, brand damage, copycat & spoofed domains, credential leakage and dark web monitoring.
Join us in Dublin or London for the Security First 2022 conference. We'll be bringing together industry professionals and specialist experts to discuss the latest cyber security trends and offer actionable advice on preparing your business to put security first in 2022.