Insights

Security Update (Updated 28/3/2022 15.50)

The Integrity360 Cyber Threat Response team are currently tracking a new Zero-day vulnerability, CVE-2022-1096, found within Google's web browser Chrome. Google published an advisory on Friday 25th March, noting they are aware of the exploit and it exists in the wild. Currently, the details regarding the exploit have not been revealed by Google, however we are aware the exploit involves the leveraging of a weakness in the Chrome V8 JavaScript engine, which allows attackers to execute arbitrary code.

Security Update (Updated 04/3/2022 17.20)

Since our initial statement last week, Integrity360 has been closely monitoring the ongoing Ukraine / Russia conflict and the security and business risks this brings. Our dedicated Threat Intelligence team have continued to actively monitor for any new indicators of compromise relating to the conflict and disseminate this intelligence throughout our the business. Our SOC Analysts are working closely with the Intelligence teams to protect our Managed Security Service customers.

As the situation continues to evolve, we are keeping a close eye on the risk level posed to our customers, notifying them and reacting accordingly. We would also like to remind our customers to remain vigilant and to take action if they notice anything suspicious in their environment. We are proactively working with various teams across Integrity360 to provide our customers with the latest threat intelligence. The below roundup has been updated as part of our investigations so far. Should you require more information, please don’t hesitate to reach out to us.

Security Update (Updated 14/12/2021 15.30)

On 10th December 2021, Apache announced a new critical vulnerability and fix for Log4j, CVE-2021-44228 dubbed ‘Log4Shell’. This vulnerability affects any organisation that utilises Log4J or has software with underlying Log4J dependencies. Apache is strongly recommending Log4j systems be updated to fixed versions as soon as possible.

Security Update (14/09/2021)

Microsoft’s “Patch Tuesday” has included a fix for CVE-2021-40444. You can find the patch details for each Operating System version here. This round of updates also fixes 85 other vulnerabilities as shown here.

This week, Microsoft disclosed a newly discovered remote code execution vulnerability in MSHTML that affects Microsoft Windows. Integrity360 can confirm that it is actively being exploited in the wild.

Yesterday, it was announced that Fortinet discovered a breach, resulting in the disclosure of almost 500,000 FortiGate SSL-VPN credentials from 87,000 FortiGate SSL-VPN Devices. The attack vector was identified as a system unpatched against CVE-2018-13379.

A month ago, Ponemon and IBM released the Cost of a Data Breach 2021 report, an annual study on the cost of data breaches and the modern threat landscape. The report not only highlighted that the cost of data breaches is on the rise but also showed that enterprises are taking longer to contain security incidents. 

Microsoft has disclosed yet another critical vulnerability not long since PrintNightmare was disclosed. This privilege elevation vulnerability lies in the overly permissive Access Control Lists (ACLs) on the important and sensitive Security Accounts Manager (SAM) database, SYSTEM and SECURITY registry hives. This means that an attacker with a standard non-administrative account can in theory achieve local privilege escalation, masquerade as other users and/or achieve the following:

TrickBot is a banking trojan that was first detected in September 2016 and since that time had been developed to incorporate the targeting of multiple geographies and online services. The malware was developed to gain unauthorized access to customer bank accounts to facilitate fraudulent transactions, but also targeted users of online services such as Salesforce and cryptocurrency services. The malware was reportedly delivered via spam emails containing malicious attachments, including those distributed by the Necurs botnet, and via the RIG exploit kit. In some cases, TrickBot used an exploit called EternalBlue (affects CVE-2017-0144) or Windows API calls to propagate in a local network. The functions and activities of TrickBot are reportedly very similar to the Dyre banking trojan, and it was assessed by researchers to be linked to this trojan, including that at least one of the developers of Dyre was involved in the development of TrickBot.

Relevant CVE: CVE-2021-21985

Last Updated: 17/05/21 12:00

Integrity360 has deployed our Incident Response Team to support a number of clients who may be affected by the ransomware attack widely reported on in Irish media.

Our teams are committed to supporting the wider health community, as well as our clients and advise all organisations of the need to increase vigilance within your own environment in relation to this attack.

Relevant CVE: CVE-2021-23008

Security breaches are part and parcel of running a modern organisation. Research completed by the Clark School at the University of Maryland showed that hackers attack every 39 seconds. With organisations exposed to such a high volume of threats, Incident Response has become just as important, if not more important than threat prevention.