CyberScotland Bulletin

Microsoft released its monthly security update on Tuesday 10^th May 2022, patching 74 issues across its suite of products.

This Patch Tuesday, the breakdown of vulnerabilities includes 7 critical issues, with the remaining being labelled as important. Two of these vulnerabilities have been publicly known at the time of release, including one being actively exploited in the wild.

Tracked as CVE-2022-26925, this zero-day vulnerability is a spoofing issue which affects the Windows Local Security Authority. This is a “protected subsystem that authenticated and logs users onto the local system” according to Microsoft. This exploit could allow an attacker to coerce the domain controller to authenticate them, allowing them access to hashes and authentication protocols.

The two publicly known vulnerabilities addressed were:

• CVE-2022-29972 – Magnitude Simba Amazon Redshift ODBC Driver
• CVE-2022-22713 – Windows Hyper-V Denial of Service Vulnerability

The former of the two was tagged by Microsoft was “Exploitation More Likely”, meaning affected users should apply this month’s patches as soon as possible.

As reported by The Hacker News, this month’s patches address 24 remote code execution, 21 elevation of privilege, 17 information disclosure, and 6 denial of service vulnerabilities, among others.

A full list of Microsoft’s May 2022 patches can be found here: Microsoft Security Response Center

Researchers have uncovered a massive WordPress JavaScript Injection Campaign that redirects visitors to scam pages and similar malicious sites.

According to Sucuri Blog, the campaign uses known vulnerabilities in WordPress themes and plugins, and has impacted a large number of websites this year. In April, the campaign affected almost 6,000 different websites.

This campaign has been found to redirect users to advertisements, phishing pages, and even malware. One redirect involves users being taken to a fake CAPTCHA check page, and upon clicking, servers users ads disguised to look like they are popups from the operating system rather than the web browser.

As attackers are targeting multiple known vulnerabilities in WordPress plugins and themes, administrators should ensure WordPress websites, plugins, and themes are updated to their latest versions.

A Bluetooth relay attack has been found to allow hackers the ability to open smart locks, car doors, and breach secure areas.

This vulnerability has occurred due to a weakness in the current implementation of Bluetooth Low Energy, which is a wireless technology used to authenticate devices located within a physically close range. According to NCC Group, a malicious actor could falsely set the proximity of Bluetooth Low Energy devices to each other using a relay attack, which could allow for unauthorised access to devices in their proximity.

Due to these exploits, the Bluetooth Special Interest Group have acknowledged the possibility of relay attacks and note that the standards body are aiming to implement more accurate ranging mechanisms.

This month, the Joint Cybersecurity Advisory have published a advice regarding “weak security controls and practices routinely exploited for initial access”.

The publication identifies commonly exploited controls and includes information on best practices to mitigate such issues. Common poor security practices which hackers often exploit include:

• Multifactor Authentication (MFA) not being enforced
• Software not being up to date
• Using default configurations or default login credentials
• Strong password policies not being implemented

These issues, along with a host of others, can be found in the full publication. This advisory, along with other useful information, gets shared with those in the CiSP Network. Information on joining the network can be found below.

The Cyber Security Information Sharing Partnership is a joint initiative between government and industry to share cyber threat information in a secure and confidential environment.

Organisations that are proactive in their approach for the management and handling of cyber security should consider joining CiSP to keep up with emerging threats.

Your organisation can register to join CiSP here. If your organisation is looking for a sponsor please contact the the Scottish Government’s Cyber Resilience Unit at cyberresilience@gov.scot

When your organisation has joined, you can register as an individual here.