14th October, 2022
Microsoft Releases October 2022 Updates – 84 flaws fixed
Microsoft has released updates to address 39 privilege escalation, 2 security bypass, 20 RCE, 11 information disclosure, 8 DoS, and 4 spoofing vulnerabilities, 13 of which are rated as critical. Fixes include two publicly disclosed zero days, one of which is being actively exploited with no previous official fix available (CVE-2022-41033) which allows escalation to SYSTEM level privileges if successfully exploited. It’s worth noting that patches for the two actively exploited Exchange vulnerabilities we discussed last week (CVE-2022-41040 and CVE-2022-41082) have not yet been released. Latest mitigations released by Microsoft are available here.
Critical Vulnerability Discovered in vm2 Sandbox
Caffeine – The phishing-as-a-service platform
Researchers at Mandiant have been investigating a phishing-as-a-service platform called Caffeine, which provides malicious actors with all the tools necessary for a phishing campaign. The uniqueness of this platform is that just about anyone with an email can sign up to this service which is very uncommon for this type of service. Caffeine is generally low cost and provides potential threat actors with self-service mechanisms to craft customised phishing kits, dynamically generate URLs for malicious payloads, manage intermediary redirect pages, and track campaign email activity. This service has made it even easier for unskilled threat actors to harvest data, cause denial of services and penetrate secure networks without needing to know that much about phishing at all. Phishing is routinely the most common threat vector for businesses year on year and it is crucial to have phishing awareness training as part of an effective cyber security strategy.
Critical Bug in Siemens SIMATIC PLCs Could Let Attackers Steal Cryptographic Keys
Claroty have released a report in which they detail multiple vulnerabilities found in Siemens SIMATIC programmable logical controller (PLC). This vulnerability has the ability to allow the attacker read and write privileges as well as stealing cryptographical keys. There are multiple versions that have been affected that can be found in the documentation for CVE-2022-38465. PLC’s can largely be found in industrial settings and power the vast majority of assembly lines, machines and robotic devices. If the PLC is compromised, then this can cause costly denial of service attacks and possibly affect the health and safety for employees. Siemens is recommending customers to use legacy PG/PC and HMI communications only in trusted network environments and secure access to TIA Portal and CPU to prevent unauthorized connections.