The Briefing – WK01 2021

 In Briefing
caribsoc-badge-title-the-briefing-w-med

Curated for business leaders, owners and security staffers; The Briefing is a concise weekly summary of security headlines impacting global business sectors and industries that are prevalent across the Caribbean Region.

BRIEFING HEADLINES

New Zero-Day, Malware Indicate Second Group May Have Targeted SolarWinds: 

A piece of malware named Supernova and a zero-day vulnerability exploited to deliver this malware indicate that SolarWinds may have been targeted by a second, unrelated threat actor.

CISA Issues ICS Advisory for New Vulnerabilities in Treck TCP/IP Stack: 

The Treck TCP/IP stack is affected by two newly disclosed critical vulnerabilities leading to code execution and denial of service. The Treck TCP/IP stack is used globally by manufacturers for embedded systems because of its small footprint. Two vulnerabilities tracked under CVE-2020-25066 & CVE-2020-27337 can result in remote code execution and denial of service respectively.

FBI: Home Surveillance Devices Hacked to Record Swatting Attacks: 

The FBI has warned that individuals who launch swatting attacks have been hacking smart home devices to see and sometimes live-stream their pranks.

The FBI Stated “Smart home device manufacturers recently notified law enforcement that offenders have been using stolen e-mail passwords to access smart devices with cameras and voice capabilities and carry out swatting attacks.”

Microsoft Failed Patch Exploited In 0Day Windows Vulnerability – Operation PowerFall: 

Google’s Project Zero says Microsoft’s improper fix for Elevation of Privilege vulnerability CVE-2020-0986 targeting GDI / Print Spooler API; led to a new 0Day tracked as CVE-2020-17008 simply by changing the exploitation method. Little detail exists on CVE-2020-17008 but expect it to be referenced in Microsoft’s January Patch Tuesday release.

CISA releases Free Compromise detection tool for Azure/M365 Environments:

CISA has created a free tool for detecting unusual and potentially malicious activity that threatens users and applications in an Azure/Microsoft O365 environment. The tool named Sparrow, is intended for use by incident responders and is narrowly focused on activity that is endemic to the recent identity and authentication-based attacks seen in multiple sectors. Sparrow can be found here – Sparrow.

 

BRIEFING ARCHIVE

CARIBSOC advises organisations to corroborate all data and information as a matter of course when determining impacts to their staff & infrastructure.

Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Not readable? Change text. captcha txt