The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends and indicators, curated by our intelligence specialists.
- Critical vulnerabilities in popular products. Cisco and VMware release the necessary patches.
- Drones hack a Tesla. Researchers used drones to compromise a Tesla’s infotainment system.
- DDoS in Belgium. Attackers take down Belgian government services with a DDoS attack.
- Dell drivers down. A driver pushed to Dell devices for 12 years contains multiple vulnerabilities.
- A so-phish-sticated campaign. A global phishing campaign delivered novel malware strains.
- MFA not always a silver bullet. Innovative phishing attacks bypass Multi Factor Authentication.
- Steady your Apple cart. Patches released for two actively exploited iOS zero-day vulnerabilities.
Vulnerabilities in Cisco and VMware products. Patches available.
- Various critical vulnerabilities in popular Cisco and VMware products have been disclosed. They are present in Cisco’s SD-WAN vManage and HyperFlex HX software, and VMware’s vRealize Business for Cloud
- The vulnerabilities all allow for remote code execution and other exploits. Both organisations have released patches for the affected products.
SO WHAT? Patch management is an integral part of a mature cyber security posture and organisations need to ensure they are patching software and hardware as soon as reasonably possible.
Drones open doors for Tesla on the fly
- Researchers discovered vulnerabilities in an embedded device used in Tesla cars. The vulnerable component is not exclusive to Tesla so similar attacks could potentially be launched against other smart cars.
- The researchers were able to exploit the vulnerabilities by using drones, up to 100 meters away from the car. Using Wi-Fi, they gained access to the car’s infotainment system, allowing them to control various functions, including doors, music, and air conditioning.
SO WHAT? Companies are reminded that IoT devices are notoriously insecure and their use drastically increases a company’s attack surface and exposure to risk. Tesla have patched the vulnerabilities.
Not so fast: DDoS attack targets ISP for Belgian government services
- On Tuesday, a targeted distributed denial of service (DDoS) attack took down the Belgian government’s websites and internal IT networks. The service outage also impacted parliament, as well as university and research organisations.
- The perpetrators altered their attack techniques throughout the incident. This made it more difficult to neutralise the attack, thus exacerbating the duration and disruptiveness of the outage.
SO WHAT? DDoS attacks continue to remain an effective attack method, with attacker tactics evolving to make attacks more damaging. Successful attacks can bring down public and private infrastructure alike.
Vulnerabilities in Dell driver affecting hundreds of millions of devices
- A driver for various Dell computing devices contains multiple vulnerabilities. The five flaws, tracked collectively as CVE-2021-21551, are believed to affect hundreds of millions of Dell devices.
- The affected driver has been pushed to Dell devices for the last 12 years. The vulnerability can be exploited to escalate privileges and allow an attacker to gain persistence on an already compromised system.
SO WHAT? While there are no indications that CVE-2021-21551 is being actively exploited in the wild, this is likely to change, and it is vital that organisations and individuals alike apply the relevant patch as soon as possible.
So-phish-sticated campaign targeted organisations globally
- A phishing campaign that delivered malware to organisations worldwide in December 2020 was recently disclosed. At least 50 organisations from various industries were targeted by the sophisticated campaign, which was likely backed by considerable resources.
- New malware strains were deployed by the threat group, whose identity is yet to be determined. Obfuscated and file-less malware was used to evade detection and the phishing emails were highly tailored.
SO WHAT? As the sophistication of phishing campaigns increase, it is imperative that organisations tailor simulated phishing attacks to match the maturity of their security awareness programmes.
Not Always the Silver Bullet: Malicious Office 365 apps used to bypass MFA
- A global phishing campaign is using fake Office 365 apps to bypass MFA. The phishing email takes a user to their legitimate email login page; however, after logging in the user is prompted to install a malicious application, which grants persistent, password-free, access to an attacker.
- Because the app is approved by the user after logging in, it can bypass MFA. The app will remain in the user’s Office 365 account until removed and even survives account password resets.
SO WHAT? MFA remains an effective and important security control but needs to be properly configured. Furthermore, organisations should utilise multiple controls to achieve defence in depth.
Apple zero-day vulnerabilities, updates available now.
- Newly discovered exploits in the browser engine for iOS devices allow for remote code execution. CVE-2021-30665 and CVE-2021-30663 expose vulnerable devices if they simply visit a malicious website. Apple Watch, macOS Big Sur, iPad and iPhone are all vulnerable.
- Updates released on 3 May provide fixes. Apple users should not hesitate to update iPads, iPhones, laptops and desktops, and watches.
SO WHAT? Recently, Apple has seen an uptick in actively exploited zero-day vulnerabilities. Apple users must be just as effective in monitoring and installing updates as Windows users.