According to Microsoft, a lack of multi-factor authentication led to a company’s email system being hacked.
Welcome to Cyber Security Today. It’s Friday September 23rd, 2022. I’m Howard Solomon, a cybersecurity reporter for ITWorldCanada.com.
Here’s more evidence of the risks of not using multi-factor authentication: According to Microsoft, a threat actor was recently able to compromise global administrator accounts of an Azure Active Directory at an unnamed organization using credential stuffing attacks. The accounts were not protected with multifactor authentication, which Microsoft says would have stopped the attack. After gaining access, the hacker created a malicious OAuth application to take control of the organization’s Exchange email system. From there, the attacker sent out spam emails that looked like they came from the victim organization. According to an image in the Microsoft report, the emails pretended to be from Walmart. The fake message said the recipient had been selected for the retailer’s loyalty program and promised a free iPhone 14 Max for completing a survey. The victim only had to provide credit card details. The fine print said the victim would be charged fees for entering a sweepstakes for the prize.
Multifactor authentication can be bypassed, but if properly monitored, it offers good protection for logins. According to Microsoft, other techniques, including Conditional Access policies, would have also mitigated this type of attack.
A critical template vulnerability in the Magento 2 e-commerce platform is increasingly being exploited. This warning comes from researchers at Sansec. They urge admins of sites using Magento to quickly patch this vulnerability if they have not already done so. Adobe released this patch in February when this vulnerability became known.
The crooks behind BlackCat/AlphV ransomware uses new tactics, tools and procedures, researchers at Symantec say. In a report published Thursday, researchers say this group is using a new version of the Exmatter data exfiltration tool, as well as EM-FO [[Eamfo]], information-stealing malware that searches for passwords stored by Veeam backup software. A link to the full report and indicators of compromise is included in the text version of this podcast on ITWorldCanada.com.
Attention Windows administrators: Microsoft has released an out-of-band security update to address a spoofing vulnerability in newer versions of Endpoint Configuration Manager. This tool is used to deploy apps, software updates and operating systems. An attacker could exploit this vulnerability to obtain confidential information. The US Agency for Cybersecurity and Infrastructure Security encourages users and administrators to review Microsoft’s security advisory for this vulnerability and apply the necessary updates.
Attention Red Hat Linux Administrators: The company has released security advisories to address vulnerabilities in several products. These include Red Hat Enterprise Linux, Red Hat Enterprise Linux Server, and Red Hat CodeReady Linux Builder. The Canadian Center for Cyber Security encourages users and administrators to apply the necessary updates.
That’s it for this morning. But later today, the week’s recap edition will be available. Guest commentator David Shipley of Beauceron Security will discuss Insider Threat Month, the latest Uber hack and the $35 million fine for Morgan Stanley’s investment division.
Remember, links to podcast story details are included in the text version on ITWorldCanada.com.
You can follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.