Headlines
- Microsoft Patches Zero-Day Vulnerability and 71 Other Flaws in December 2024 Update
- Europol Targets DDoS-for-Hire Services Ahead of Holiday Attacks
- Hackers Exploit Visual Studio Code Tunnels in Advanced Cyberattacks
- Deloitte Denies Data Breach Allegations Despite Ransomware Claims
- Microsoft 365 Outage Disrupts Key Services Due to Cache Issues
- International Crackdown on Phishing Gang in Belgium and Netherlands
- MTU Prank Email Incident Highlights Ongoing Cybersecurity Vigilance
- NTLM Zero-Day Vulnerability Exposes Windows to Credential Theft Risks
- Lynx Ransomware Targets Romanian Energy Supplier Electrica in Cyberattack
Microsoft Patches Zero-Day Vulnerability and 71 Other Flaws in December 2024 Update
Microsoft’s December 2024 Patch Tuesday update addresses 71 security vulnerabilities across its products, including one actively exploited zero-day vulnerability. The exploited flaw, a Windows Privilege Escalation vulnerability (CVE-2024-20244), allows attackers to gain higher-level access to compromised systems.
The update also fixes other severe issues, including remote code execution vulnerabilities in Microsoft Office, Edge, and SQL Server. Users are urged to prioritiswe installing these updates to mitigate potential risks, especially given the increasing exploitation of known flaws in attacks
View SourceEuropol Targets DDoS-for-Hire Services Ahead of Holiday Attacks
In a coordinated operation, Europol dismantled 27 DDoS-for-hire platforms, commonly known as “booter” services, to mitigate a surge in cyberattacks often observed during the holiday season. These services, which allow users to launch distributed denial-of-service (DDoS) attacks with minimal technical skills, pose significant risks to individuals and businesses.
The takedown involved law enforcement agencies across multiple countries, targeting platforms that facilitated cybercriminal activities under the guise of stress-testing services.
Europol emphasised that such actions disrupt the infrastructure enabling cybercriminals while raising awareness about the risks associated with using these illegal services.
View SourceHackers Exploit Visual Studio Code Tunnels in Advanced Cyberattacks
Chinese threat actors have been observed exploiting Visual Studio Code’s (VSCode) remote development tunnels to maintain stealthy access to compromised systems.
This method, identified as part of the “Operation Digital Eye” campaign, leverages Microsoft’s secure infrastructure, making detection challenging. Attackers gain initial access through automated SQL injection tools and deploy web shells to execute commands remotely.
By using legitimate VSCode tools configured with persistence mechanisms, the attackers establish backdoors to maintain control via encrypted tunnels.
Organisations are advised to monitor unusual VSCode activity, restrict the use of remote tunnels, and implement strict application allowlisting to mitigate potential threats.
View SourceDeloitte Denies Data Breach Allegations Despite Ransomware Claims
The Brain Cipher ransomware group has claimed to have breached Deloitte UK, allegedly stealing over 1 terabyte of sensitive information, including client contracts, monitoring tools, and other internal data.
Despite these claims, Deloitte has denied any breach of its systems, asserting that the issue is isolated to a client’s external environment.
The group has threatened to release evidence of the breach, but Deloitte maintains its systems remain secure.
View SourceMicrosoft 365 Outage Disrupts Key Services Due to Cache Issues
Microsoft experienced a widespread outage affecting its Microsoft 365 suite, including web apps such as Excel Online, SharePoint Online, Microsoft Teams, and the Admin Center.
The disruption, which impacted users’ ability to access or utilise services, was attributed to performance degradation in caching infrastructure and Azure Active Directory systems. This led to high timeout exceptions and access errors.
Microsoft identified the root cause as underperforming telemetry in caching systems and has since resolved the issue, restoring services globally. Temporary workarounds included direct URLs for accessing applications.
As a follow-up, the company is implementing measures to enhance system resilience and monitoring to prevent similar issues in the future
View SourceInternational Crackdown on Phishing Gang in Belgium and Netherlands
A coordinated operation by Belgian and Dutch authorities, supported by Europol and Eurojust, dismantled a sophisticated phone phishing gang responsible for defrauding victims of millions of euros. The investigation culminated in eight arrests and 17 searches across both countries.
The gang used phishing emails and fake phone calls to impersonate trusted entities, convincing victims to share personal banking information. Authorities seized critical digital evidence and cash during the operation.
Europol continues to emphasise the importance of international collaboration in tackling cybercrime and safeguarding financial systems
View SourceMTU Prank Email Incident Highlights Ongoing Cybersecurity Vigilance
Munster Technological University (MTU) confirmed that students on its Cork campuses received prank emails on Monday night from a spoofed address. The incident, which did not involve malicious content, was swiftly managed by MTU’s IT team, with emails removed by 5 a.m. on Tuesday.
While not linked to a breach, the spoofing follows a February 2023 ransomware attack on MTU that disrupted operations and incurred €3.5 million in costs.
MTU urged students and staff to remain vigilant against suspicious messages, particularly during the holiday season. This incident mirrors recent cyber challenges faced by other institutions, such as the Waterford campus of the South-East Technological University, which suffered an IT system attack during its graduation ceremonies.
View SourceNTLM Zero-Day Vulnerability Exposes Windows to Credential Theft Risks
A newly discovered NTLM hash disclosure zero-day affects all versions of Windows Workstation and Server, from Windows 7 to Windows 11, allowing attackers to capture NTLM credentials by tricking users into viewing malicious files via Windows Explorer.
Reported by ACROS Security, the bug does not yet have a CVE or patch, with fixes expected in April. This vulnerability highlights ongoing risks associated with NTLM, a legacy authentication protocol.
Microsoft has issued guidance on mitigating NTLM relay attacks by enabling Extended Protection for Authentication (EPA) on critical services like LDAP, AD CS, and Exchange Server.
Organisations are urged to implement these measures to protect against NTLM-based identity compromise, which remains a popular attack vector for threat actors.
View SourceLynx Ransomware Targets Romanian Energy Supplier Electrica in Cyberattack
Romanian energy supplier Electrica, serving over 3.8 million users, recently fell victim to a ransomware attack attributed to the Lynx ransomware group. While critical systems, including SCADA, remain unaffected, the company implemented protective measures to secure its infrastructure.
Investigations by Romania’s National Cybersecurity Directorate (DNSC) and other authorities are ongoing, with warnings issued against paying the ransom. Electrica has advised customers to remain cautious of phishing attempts impersonating the company.
View SourceIf you would like to discover how Secora Consulting can assist you in keeping your business secure, please get in touch by filling out the form below 👇
