Cyber Bites

Office 365 customers have been warned by Microsoft of an ongoing phishing campaign that abuses open redirects, an email sales and marketing tool that redirects a visitor to an untrusted site. An http parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. Because...

Researchers at cybersecurity vendor Upguard have discovered multiple data leaks resulting from Microsoft Power Apps portals configured to allow public access - a new vector of data exposure. The types of data exposed varied between portals, including personal information used for COVID-19 contact tracing, COVID-19 vaccination appointments, social security numbers for job applicants, employee IDs, and millions of names and email addresses. UpGuard notified 47 entities of exposures involving personal information, including governmental bodies like...

According to a report by Abnormal Security, on August 12, 2021, their team identified and blocked a number of emails sent to customers soliciting them to become accomplices in an insider threat scheme. The goal was for them to infect their companies’ networks with ransomware. These emails allege to come from someone with ties to the DemonWare ransomware group. DemonWare—also known as Black Kingdom and DEMON—has been around for a few years. Earlier this year,...

A new class of DNS vulnerabilities has been discovered, which impacts major DNS-as-a-Service (DNSaaS) providers. It could give hackers the ability to access sensitive information on corporate networks and the power for 'nation-state level spying'. The flaws provide potential hackers with intelligence harvesting abilities by using a simple domain registration. The research explained: "We found a simple loophole that allowed us to intercept a portion of worldwide dynamic DNS traffic going through managed DNS providers...

The Cybersecurity and Infrastructure Security Agency (CISA) has unveiled a new initiative, in which it will partner with several tech companies to bolster the U.S.'s defences against cyber threats. Named the Joint Cyber Defense Collaborative, the effort aims to combat ransomware and cyberattacks on critical infrastructure. The announcement comes after a string of high-profile attacks, such as those on the Colonial Pipeline, JBS Food and Kaseya. Jen Easterly, director of the agency, which is part...

Kya Supa, security consultant at LEXFO, inadvertently found a series of security bugs in IoT devices within connected hotel rooms. These vulnerabilities allowed him to take control of the amenities in multiple capsule hotel rooms (tiny rooms stacked side-by-side). Supa presented his findings on Wednesday at the Black Hat Conference 2021. The rooms are controlled using an iPod touch, which visitors receive at check-in, allowing them to control lights, change position of their beds and...

The Isle of Wight Education Federation disclosed that its IT systems were shut down last week as a result of a ransomware attack. The attackers encrypted the school data of Carisbrooke College, Island 6th Form, Medina College, Barton Prymary, Hunnyhill Primary and Lanesend Primary. The police have been informed and are working with the schools to track down the hackers. A spokesman for the federation said in a statement: "There are obviously some significant implications...

On Wednesday, cybersecurity researchers disclosed 14 vulnerabilities that affect a common TCP/IP stack, which is used in a large amount of OT devices. These devices are manufactured by less than 200 vendors and utilised in manufacturing plants, power generation, water treatment and critical infrastructure sectors. The vulnerabilities have been labelled "INFRA:HALT" and target NicheStack. If exploited, they could allow attackers to accomplish remote code execution, denial of service, information leaks, TCP spoofing as well as...

On Sunday morning, Italy's Lazio region suffered a ransomware attack, disabling its IT systems and disrupting the COVID-19 vaccination registration portal. The attackers reportedly encrypted every file in the portal's data centre and shut down its IT network. President of the Lazio region, Nicola Zingaretti issued a statement, in which she said: "On the night between Saturday and Sunday the Regione Lazio suffered a first cyber attack of criminal matrix. We don't know who is...

Ransomware attacks have sky-rocketed this year, with H1 2021 already surpassing last year's total of 304.6 million. Attackers are continuously targeting established technology, infrastructure, innocent people and vulnerable institutions, resulting in a 151% year-to-date increase. April and May of this year reached a new record high while June saw 78.4 recorded ransomware attacks. Both the UK and the US have seen massive spikes in incidents with 144% and 185% increases respectively. 64% of all recorded...