*Yawn*….. Morning everybody, and welcome to another edition of Threat Thur….. wait, what day is it? Friday?! How long had I slept for?!
Yes, Threat Thursday has this week become Threat Friday, a title that only just manages to alliterate with itself. Our presence at the CRN Awards (which we won, humblebrag) has left us a little delayed, we admit. But we’re here, better late than never, and we couldn’t let a week go past without alerting you to some of the latest cyber threats. This week, Windows’ latest update fixes a wealth of vulnerabilities, Ryuk is giving us yet more reasons to angrily shake our fists, and why that WebEx invite might not be what it seems.
Windows ‘Patch Tuesday’ Fixes Multiple Vulnerabilities, Also Fails to Alliterate
The latest Windows Patch, released as part of Microsoft’s monthly ‘Patch Tuesday’, eliminates a number of vulnerabilities, including a security bypass exploit in Microsoft Office for Mac and a Remote Code Execution (RCE) vulnerability in Internet Explorer; both of which could allow malicious attackers to enter systems and spread malicious code. Now’s the time to check for Windows updates and get yours installed – simply click the start menu, search for ‘Update’ and the option to check should be the first thing Windows finds. Simples.
The update also fixes more than 70 other known vulnerabilities, and adds some quality-of-life improvements to the Windows 10 experience, including changes to the Start Menu, calendar functions and notification settings. Well, I guess not every update needs to be a game changer.
Ryuk Ruining Everything, Still Won’t Go Away Forever
Well, the sun went down again last night, which means it’s time to once again check on Ryuk’s latest chicanery. 2019’s most hated Ransomware, distributed by the Russian fincrime syndicate Wizard Spider, has been given another shot in the arm with its Wake-on-LAN (WoL) capabilities. Essentially, this allows Ryuk to wake up any system that’s hibernating, sleeping or powered off from any other WoL client on a Local Area Network.
Currently, this delightful new ability is ever-so-slightly hamstrung by some restrictions. The technique isn’t foolproof, as targeted devices need a number of conditions for the technique to work, including configurations to the BIOS and network card, as well as a working setup for WoL in the first place. Still, this is an uncomfortable development in an already awful Ransomware, and I dare say it’s not the end of Ryuk’s ever-expanding list of nasties.
Have to admit, though; ‘Wizard Spider’ is kind of a cool name. It’s like something I’d encounter in my teenage Dungeons and Dragons sessions.
WebEx Invites Used in New Phishing Technique
An open redirect vulnerability found in WebEx’s website is allowing hackers to redirect users to malicious web pages, it has been discovered.
Victims typically receive a highly convincing email, purportedly directing them to an important WebEx conference. When clicked, however, the email abuses an open redirect vulnerability on the Cisco website URL, sending the hapless victim to a site containing malicious code.
The code in question is the charmingly titled WarZone, a Remote Access trojan that affects all Windows versions from 7 upwards. It can control the victim’s systems using admin privileges, root out passwords from all major web browsers, and even log key presses. You don’t want it.
As always, double and triple check any emails you receive, especially those you aren’t expecting; one of our recent blogs shows you everything you need to look out for.
Let Mirus do some of that work for you. Subscribe to our weekly Threat Thursday blog, and you’ll be kept up to date every week on the threats to you and your business.
We also offer FREE Cyber Security Health Checks for businesses, so if your security is up for review, get in touch for impartial advice that won’t cost a thing.