AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 07/22/2022

Windows 11 is getting a new security setting to block ransomware attacks

Microsoft is rolling out a new security default for Windows 11 that will go a long way to preventing ransomware attacks that begin with password-guessing attacks and compromised credentials. The new account security default on account credentials should help thwart ransomware attacks that are initiated after using compromised credentials or brute-force password attacks to access remote desktop protocol (RDP) endpoints, which are often exposed on the internet. 


Cyber criminals attack Ukrainian radio network, broadcast fake message about Zelensky’s health

Cyber criminals attacked a Ukrainian company that operates nine “major” radio stations to spread a message that Ukrainian President Volodymyr Zelensky was in critical condition and under intensive care, Ukrainian officials announced Thursday. “Cyber criminals have spread the news suggesting that the President of Ukraine Volodymyr Zelenskyy is allegedly in critical condition under intensive care and the Chairperson of the Verkhovna Rada of Ukraine Ruslan Stefanchuk acts in his stead,” a spokesperson for the State Service of Special Communications and Information Protection told reporters. The company, TAVR Media, wrote on its Facebook page that the information about Zelensky “does not correspond to reality.” Zelensky posted a video to his Instagram page Thursday afternoon Ukrainian time saying he has “never felt as strong as I am now” and blames Russia for the attack.


Authentication weakness responsible for 80% of financial breaches

Despite the ongoing move to multi-factor authentication (MFA), the financial sector still faces a significant problem when it comes to breaches related to identification compromise, according to one recent research report. Released July 13, the authentication in financial services study discovered that U.S. and European financial institutions experienced an average of 3.4 significant breaches within the past year, costing these banks, credit unions and investment firms on average $2.19 million annually in losses and remediation (which does not even account for so-called “intangible and hidden costs”). However, more troubling is that the report found that 8 in 10 of these breaches were related to a “weakness in authentication.” Hypr commissioned Vanson Bourne for the research included in “The State of Authentication in the Finance Industry 2022.” The research alleges that at the heart of this problem, financial firms have become too “complacent” about authentication practices in the face of an exponential rise (in some cases) of cyberattacks and a rising level of sophistication from cybercriminals. “Findings uncover the burden that current authentication practices are leaving on financial organizations globally, specifically the high-risk cracks in security, strain on budgets and overall operational disruption,” according to a press release announcing the report. “More importantly,” it continued, “the results identify the discrepancies around ‘perceived’ and ‘actual’ authentication security.” An “alarming” (if not shocking — given recent headlines) 85% of the financial organization respondents faced a cyber breach in the past 12 months, according to findings. However, perhaps more astonishing, more than 7 out of 10 (72%) experienced multiple breaches within the same timeframe. And yet, 9 out of 10 of these breached enterprises still insist that their existing authentication approach is secure, “despite data proving otherwise.”


Atlassian fixes critical Confluence hardcoded credentials flaw

Atlassian has patched a critical hardcoded credentials vulnerability in Confluence Server and Data Center that could let remote, unauthenticated attackers log into vulnerable, unpatched servers. The hardcoded password is added after installing the Questions for Confluence app (versions 2.7.34, 2.7.35, and 3.0.2) for a user account with the username disabledsystemuser — designed to help admins with the migration of data from the app to the Confluence Cloud. According to Atlassian, the app helps improve communication with the organization’s internal Q&A team and is currently installed on over 8,000 Confluence servers. “The disabledsystemuser account is created with a hardcoded password and is added to the confluence-users group, which allows viewing and editing all non-restricted pages within Confluence by default,” the company explained in a security advisory published on Wednesday. “A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access any pages the confluence-users group has access to.” Atlassian says it has no evidence and is yet to receive reports that the vulnerability (tracked as CVE-2022-26138) is being exploited in the wild.


Why You Should Update Google Chrome Right Now: 11 New Security Issues Confirmed

Google has just confirmed the second clutch of security updates for the Chrome browser in July. Version 103.0.5060.134 for all Windows, Mac, and Linux users will become available in the coming days. While this update will roll out automatically, users who don’t restart their browser regularly are advised to check manually and force the security patch activation.

Related Posts