Microsoft: Office 2013 will reach end of support in April 2023
Microsoft reminded customers earlier this week that Office 2013 is approaching its end of support next year on April 11, 2023. It advises them to switch to a newer version to reduce their exposure to security risks. This means no new security updates, and the continued use of Office 2013 after April 2023 may increase an organization’s exposure to security risks or impact their ability to meet compliance obligations.” Also, connecting Office 2013 clients to Microsoft 365 might lead to performance or reliability issues.
Stolen OAuth tokens used to download data from dozens of organizations, GitHub warns
Threat actors abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including npm. GitHub denies that the attacker obtained these tokens via a compromise of GitHub or its systems, the company explained that the stolen tokens used to access the repositories are not stored by GitHub in their original, usable formats. The Microsoft-owned firm is still investigating the compromise and is notifying affected organizations.
Mute button in conferencing apps may not actually mute your mic
A new study, conducted by a team of researchers at the University of Wisconsin-Madison and the Loyola University in Chicago, shows that pressing the mute button on popular video conferencing apps may not actually work like you think it should, with apps still listening in on your microphone. More specifically, pressing mute does not prevent audio from being transmitted to the apps’ servers. The apps tested in this phase of the study included Zoom, Slack, MS Teams/Skype, Google Meet, Cisco Webex, GoToMeeting, Discord and others. Zoom, was found to actively track if the user is talking even while they were in mute mode. The worst case, according to the study, was Cisco Webex, which continued to receive raw audio data from the user’s microphone and transmitted it to the vendor’s servers in precisely the same way it did when unmuted.
Enemybot, a new DDoS botnet appears on the threat landscape
Researchers from Fortinet discovered a new DDoS botnet, tracked as Enemybot, that has targeted several routers and web servers by exploiting known vulnerabilities. The botnet targets multiple architectures, including arm, bsd, x64, and x86. The researchers attribute the botnet to the cybercrime group Keksec which focuses on DDoS-based extortion. Borrowing code in part from the infamous Mirai botnet, Enemybot uses a list of hardcoded username/password combinations to login into devices in the attempt to access systems using weak or default credentials.
Thanks to our episode sponsor, Votiro
Cisco vulnerability lets hackers craft their own login credentials
Cisco has released a security advisory to warn about a critical vulnerability (CVSS v3 score: 10.0), tracked as CVE-2022-20695, impacting the Wireless LAN Controller (WLC) software. The security flaw allows remote attackers to log in to target devices through the management interface without using a valid password. The bug involves the improper implementation of the password validation algorithm, making it possible to bypass the standard authentication procedure on non-default device configurations. According to Cisco’s advisory, the products affected by this flaw are those that run Cisco WLC Software 8.10.151.0 or Release 8.10.162.0 and have “macfilter radius compatibility” configured as “Other.”
Lazarus Group behind Axie Infinity crypto hack
The U.S. Treasury Department has implicated the North Korea-backed Lazarus Group in the theft of $540 million from video game Axie Infinity’s Ronin Network, that we reported on last month. On Thursday, the Treasury tied the Ethereum wallet address that received the stolen funds to the threat actor, and sanctioned the funds by adding the address to the Office of Foreign Assets Control’s (OFAC) Specially Designated Nationals (SDN) List. The cryptocurrency heist, the second-largest cyber-enabled theft to date, involved the siphoning of 173,600 Ether (ETH) and 25.5 million USD Coins from the Ronin cross-chain bridge, which allows users to transfer their digital assets from one crypto network to another, on March 23, 2022. “The attacker used hacked private keys in order to forge fake withdrawals,” the Ronin Network explained in its disclosure report a week later after the incident came to light.
Sophisticated spyware attack targets top EU legal officials’ iPhones
The NSO spyware story continues with reports from Reuters that the phones of at least five EU officials were hacked with invasive malware between February and September of 2021. One of the targeted officials was Belgian politician Didier Reynders, the EU’s European Justice Commissioner since 2019, equivalent to the Attorney General in the United States. At least four other members of the Justice and Consumers commission, were also spied on, the outlet says. NSO has denied that it had any involvement in this case—telling Reuters that the hacking of the EU officials “could not have happened with NSO’s tools.”
(Gizmodo)
Several vulnerabilities allow disabling of Palo Alto Networks products
Palo Alto Networks has informed customers about several vulnerabilities that could allow a malicious actor to disable its products. This according to security researcher “mr.d0x” informed the company that its Cortex XDR Agent can be bypassed by an attacker with elevated privileges by modifying a registry key, leaving the endpoint exposed to attacks. The product’s anti-tampering feature is unable to prevent the use of this method. Mr.d0x also discovered that there is a default “uninstall password” that — if it hasn’t been changed by the admin — can also be used to disable the XDR agent. Several cybersecurity vendors have been assessing the impact of this flaw on their products.