New PDF MalDoc allows evasion of antivirus
Researchers from Japanese cybersecurity research firm JPCERT/CC have identified a new technique for evading antivirus technology that is achieved by embedding a Microsoft Word file into a PDF. Called MalDoc in PDF by the researchers, this polyglot has already been seen in the wild. They are quoted in The Hacker News saying, “A file created with MalDoc in PDF can be opened in Word even though it has magic numbers and file structure of PDF […] If the file has a configured macro, by opening it in Word, VBS runs and performs malicious behaviors.”
MinIO Storage system being used to compromise servers
The exploits are being performed by an unknown threat actor with the goal of achieving code execution on affected servers. This is according to a report from cybersecurity and incident response firm Security Joes, who stated, “the intrusion leveraged a publicly available exploit chain to backdoor the MinIO instance.” The vulnerabilities in question are numbered CVE-2023-28432 (CVSS score: 7.5) and CVE-2023-28434 (CVSS score: 8.8). This second CVE was added to the CISA Known Exploited Vulnerabilities catalog on April 21.
Okta warns of IT help desk attacks
Okta, an identity and access management company, has issued a warning about a new wave of social engineering attacks aimed at IT service desk agents at some of its US-based customers. The company says these attacks are aimed at Okta Super Administrator accounts in order to get them to reset MFAs for power users. According to Bleeping Computer, “Okta has provided indicators of compromise for attacks observed between July 29 and August 19” and has also provided a list of IP addresses associated with these attacks, as well as security measures that should be taken.
Germany anticipates a cybercrime cost of $224 billion
This number was presented by Bitkom, a German digital association, and is based on their survey of more than one thousand companies, of which three quarters had been affected by cyberattacks in the past year. That number is actually down from 84 percent the year prior, an indicator, the organization says, of improved awareness and protective measures. Germany’s economy is considered among the strongest in the EU.
Huge thanks to our sponsor, DataBee, from Comcast Technology Solutions
British high school suffers cyberattack, goes offline
Just in time for back to school, the Church of England Debenham High School, a private high school in the eastern county of Suffolk in the UK, suffered the attack last week, although representatives from the school state that thanks to up-to-date safeguards, no personal information was lost, and that restoration is happening quickly. Although this is an isolated occurrence, it serves as a reminder that schools and hospitals remain in the crosshairs of many cyberattack groups, especially those that lack the resources or collective awareness to institute protections such as DMARC for emails.
University of Sydney suffers breach
In another school related cyberattack story, this attack has been described by university representatives as breach “suffered by a third-party service provider [that] exposed the personal information of recently applied and enrolled international applicants.” The school says the breach affected only a small number of applicants and did not affect local students, staff, alumni, or donors. The school has not elaborated on the type of information exposed, or the nature of the attack, but did say that it affected only a single platform within the University’s systems.
The Windows 11 23H2 update is almost here
Microsoft has released the most anticipated features of its upcoming mid-year update to Windows 11 to testers in the Beta channel. According to Bleeping Computer, these are: Copilot, an AI assistant that works with Bing Chat, an updated File Explorer interface that allows for faster and more intuitive access to files, and an improved power use energy report, including a “battery usage per app” feature that monitors energy consumption on an app-by-app basis.
Windows will disable insecure TLS soon
In additional Windows news, Microsoft will be disabling insecure Transport Layer Security (TLS) 1.0 and 1.1 protocols by default in future releases, but the option to re-enable them manually will exist. The two protocols were replaced by TLS 1.3. in March 2018.