.png)
Take a look at this week’s Cyber Weekly Digest to get up to date with the biggest cyber security news. In this digest, we dive into the latest zero-day vulnerabilities patched by Microsoft as well as why the UK Government is now scanning all internet expose devices in the UK. Keep reading to find out about the latest cyber security news from around the world.
All Internet-exposed devices in the UK are now being scanned by The UK’s National Cyber Security Centre (NCSC) for vulnerabilities. The goal is to assess the UK’s vulnerability to cyber-attacks and to help the owners of Internet-connected systems understand their security posture. “These activities cover any internet-accessible system that is hosted within the UK and vulnerabilities that are common or particularly important due to their high impact. The scans from the NCSC are performed using tools hosted in a dedicated cloud-hosted environment from scanner.scanning.service.ncsc.gov.uk and two IP addresses (18.171.7.246 and 35.177.10.231). British organisations can also opt-out of having their servers scanned by the government by emailing a list of IP addresses that they want to be excluded. In January, the cybersecurity agency also started releasing NMAP Scripting Engine scripts to help defenders scan for and remediate vulnerable systems on their networks. The NCSC plans to release the new NMAP scripts only for critical security vulnerabilities it believes to be at the top of the threat actor’s targeting lists.
Maple Leaf Foods is Canada's largest prepared meats and poultry food producer, operating 21 manufacturing facilities and employing 14,000 people. This week Maple Leaf Foods confirmed that it experienced a cyber security incident causing a system outage and disruption of operations. The Canadian food packaging giant says its IT team took immediate action to respond to the incident. Maple Leaf also released a statement claiming that "The outage is creating some operational and service disruptions that vary by business unit, plant, and site,". Despite the size of Maple Leaf, there has not been any announcements on cybercrime forums or ransomware gang extortion portals listing Maple Leaf Foods as their victim.
The US Department of Justice announced the conviction of James Zhong, a threat actor who stole 50,000 bitcoins from the ‘Silk Road’ darknet marketplace. Zhong pled guilty to money laundering crimes for exploiting a “withdrawal processing flaw” that allowed him to withdraw many times more Bitcoin than he deposited onto the dark web marketplace. The DoJ announcement also provides more details about the seizure of the 51,351.9 Bitcoin, valued at over $3.3 billion at the time of the action, that occurred in November 2021. As the defendant confessed, in September 2021, he stole 50,000 bitcoins from Silk Road by exploiting a flaw in the market’s transaction system. Zhong funded nine different accounts with an initial deposit of 200 to 2,000 bitcoin and then triggered 140 withdrawal transactions in rapid succession. The Bitcoin that he stole from this exploit was valued at over $3.3 billion. Zhong is scheduled to hear his sentence in February 2023, with the maximum potential penalty for wire fraud being 20 years in prison.
VMWare has released security updates to address three critical severity vulnerabilities in the Workspace ONE Assist solution that allows remote attackers to bypass authentication and elevate privileges to admin. Workspace ONE Assist provides remote control, screen sharing, file system management, and remote command execution to help desk and IT staff remotely access and troubleshoot devices in real time from the Workspace ONE console. The exploits in question are tracked as CVE-2022-31685 (authentication bypass), CVE-2022-31686 (broken authentication method), and CVE-2022-31687 (broken authentication control) and have received 9.8/10 CVSS scores. These CVEs allow for non-authenticated threat actors to exploit them in low-complexity attacks that don’t require user interaction for privilege escalation. VMWare patched these vulnerabilities in October, however, the company revealed that a proof-of-concept (PoC) exploit code was released online after the researcher who discovered and reported the vulnerability shared a PoC exploit.
Microsoft released a relatively low number of security updates on Patch Tuesday this week, but six of the CVEs are being actively exploited in the wild. Microsoft fixed a total of 68 vulnerabilities this month, including 11 rated critical. Among these are the so-called “ProxyNotShell” bugs in Microsoft Exchange Server first revealed in September and are actively exploited by Chinese threat actors. The other zero-days patched this month include critical RCE vulnerability CVE-2022-41128, which impacts the JScript9 scripting language, and CVE-2022-41073, which affects Windows Print Spooler.
