Threat Intel: Thursday, March 21, 2024

Welcome to the first installment of our weekly list of threats.

Threat Intel Thursdays are a chance for you to keep your finger on the pulse of the cybersecurity landscape. Here we share items that are serious but did not rise to the level of an immediate threat intelligence email blast.

Stay safe and stay vigilant out there!

Reminder: The Threat Intelligence email blasts that we emailed this week:

Spear Phishing Campaign actively abuses Document Publishing Sites: This week, we encountered a phishing campaign leveraging popular document sharing services such as Dropbox, Google Drive, OneDrive, DocuSign, and SharePoint to bypass email filtering and land directly in your inbox. From there, the documents steal credentials and spread malware to keep the campaign going. We recommend tightening controls on emails coming from seemingly trusted vendors such as those mentioned above.

Windows Server’s latest Security Update is crashing Domain Controllers: Just yesterday, Microsoft confirmed that a recent security update for Windows Server 2012 R2 – 2022, released on March 12, 2024, has been responsible for crashing domain controllers through a memory leak. Currently, there is no fix, besides rolling back the security update. This can heavily impact the availability of key systems and should be addressed immediately.

Our Thursday threat roundup:

Fujitsu Confirms it was infected by malware: The Japanese technology firm Fujitsu confirmed this week that customer data was stolen after malware was identified on internal systems. As Fujitsu provides products like servers, storage systems, software, printers, scanners, and multi-function devices, this comes a major hit to the confidentiality of MSPs and their clients. Although Fujitsu hasn’t yet stated the full breadth of the breach, we expect to see more on this in the weeks to come.

Over 70 million AT&T customer records leaked online: Data stolen over 2 years ago has finally seen the light of day in a massive data leak impacting at least 71 million people. While security researchers are still combing through the data to confirm the extent of the compromise, we expect to see a marked increase in credential stuffing attacks using this stolen data over the next few months.

Chrome and Firefox patch a rash of serious vulnerabilities: This Tuesday, Chrome version 123 and Firefox 124 patched several high-severity vulnerabilities, and one critical-severity vulnerability. We recommend ensuring your browsers have been updated to the latest version right away.

MacOS 14.4 breaks Java with no workaround: Oracle is warning Apple customers of a flaw in the latest version of MacOS that causes Java to crash on a variety of processors. The crash currently has no workaround, besides rolling back to an earlier version of MacOS. This comes on the heels of a number of issues caused by the latest version of MacOS as reported by the community. We recommend delaying updates until a more stable version is released.

Critical flaws in miniOrange WordPress security plugins allow total site takeover: WordPress admins are warned to uninstall the products known as Malware Scanner and Web Application Firewall, both released as WordPress plugins by the company miniOrange. Both plugins have critical-severity vulnerabilities that would allow an attacker to remotely use the affected sites to host malware or spam. If you or your clients are using miniOrange plugins, please remove them as we expect to see quite a few attacks on vulnerable sites.

Government officials and the EPA warn of vulnerabilities in US water systems: On March 19th, the current administration in cooperation with the Environmental Protection Agency warned of serious national security threats to US drinking and wastewater systems. All US states have been urged to join a meeting to address the issue and a task force has been formed.

That’s all for this week.

Leave a Reply