The latest round up of recent cybercrime news stories from Phil Ashley, Director of Crossword Labs. A pick of the weird, unexpected and sobering reminders of why we need to work together to stay on top of cyber security.
MICROSOFT BREACHED BY SOCIAL ENGINEERING ATTACK
Microsoft revealed that a single employee’s account was compromised by a hacking group called Lapsus$, granting the attackers “limited access” to Microsoft’s systems and allowing potential access to source code.
No customer data or code was affected, Microsoft says, and the operation was interrupted by its security team. When Lapsus$ bragged that it had hijacked an employee account and stolen source code from the company, Microsoft’s cybersecurity team was already probing the attack and said “This public disclosure expedited our activity, allowing our team to intervene and disrupt the actor mid-operation, minimising broader harm.”
REMOTE CODE EXECUTION VULNERABILITY IN SPRINGCLOUD
A new remote code execution zero-day vulnerability including exploit code in Spring Core, which is a popular framework for building Java-based applications, was leaked online.
The vulnerability, tracked under CVE-2022-22965, impacts Spring MVC and Spring Web Flux applications running on JDK 9 or higher. The specific exploit requires the application to run on Tomcat as WAR and default deployments are not vulnerable. However, the nature of the vulnerability is more general, and whilst some patches have now been released, the full scope of the exploitability is not yet confirmed.
ZERO-DAY GOOGLE CHROME VULNERABILITY EXPLOITED
Google chrome has issued an update for a vulnerability found in the open source v8 JavaScript engine.
Google released an out-of-band security update on Friday 25th March to fix a high-severity vulnerability in its Chrome browser that is being actively exploited in the wild, according to the company. The zero-day weakness, identified as CVE-2022-1096, is a type of confusion vulnerability in the V8 JavaScript engine. On March 23, 2022, an anonymous researcher was credited with disclosing the problem.
If you would like to know more about our cyber security consulting or monitoring services please get in touch. If you have concerns about the increased threat level from Russian cyber warfare, please see our security advisory or contact us for further advice.