News – Page 3 – BU-CERT

Microsoft Graph API Emerges as a Top Attacker Tool to Plot Data Theft

Posted on 2 May 2024

From darkreading.com

Nation-state espionage operations are increasingly using native Microsoft services to host their command-and-control (C2) needs.

A number of unrelated groups in recent years have all come to the same realization: Rather than building and maintaining their own infrastructure, it’s more economical and effective to simply use Microsoft’s own services against their targets. Besides the costs and headaches saved from not having to set up and maintain their own infrastructure, using legitimate services allows attackers’ malicious behavior to more subtly mix in with legitimate network traffic.

This is where Microsoft Graph comes in handy. Graph offers an application programming interface (API) that developers use to connect to a wide range of data — email, calendar events, files, etc. — across Microsoft cloud services. Harmless on its own, it provides an easy means for hackers to run C2 infrastructure using those same cloud services.

Apple’s iPadOS will have to comply with EU’s Digital Markets Act too

Posted on 29 April 2024

From techcrunch.com

The European Union will apply its flagship market fairness and contestability rules to Apple’s iPadOS, the Commission announced today — expanding the number of Apple-owned platforms regulated under the Digital Markets Act (DMA) to four and amping up regulatory risk for the tech giant by bringing its tablet ecosystem in scope.

Apple has six months to ensure iPadOS is compliant with the DMA.

The development could force significant changes on how it operates the tablet platform in the EU as Apple will have to ensure it’s complying with a sweep of DMA mandates, such as a ban on so-called “gatekeepers” being able to self-preference their own services and requirements to allow third party app stores, the sideloading of apps and support for third party payment options.

Apple will also need to open up access to non-WebKit versions of Safari to iPadOS in the next six months, as it has already done on iOS in another DMA compliance step. While business users reaching customers via the tablet platform will have a legal right to FRAND (fair, reasonable and non-discriminatory) terms.

Okta Warns of Credential Stuffing Attacks Using Tor, Residential Proxies

Posted on 29 April 2024

From securityweek.com

Okta over the weekend warned of a spike in credential stuffing attacks that use various anonymizing services, such as The Onion Router (Tor) network.

In credential stuffing attacks, usernames and passwords obtained from previous data breaches at third-parties, phishing, and other types of attacks are used to compromise valid accounts at the targeted organizations.

“Over the last month, Okta has observed an increase in the frequency and scale of credential stuffing attacks targeting online services, facilitated by the broad availability of residential proxy services, lists of previously stolen credentials, and scripting tools,” Okta says.

PoC Exploit Released For Windows Kernel EoP Vulnerability

Posted on 29 April 2024

From gbhackers.com

Microsoft released multiple product security patches on their April 2024 Patch Tuesday updates.

One of the vulnerabilities addressed was CVE-2024-26218, associated with the Windows Kernel Privilege Escalation vulnerability, which had a severity of 7.8 (High).

This vulnerability relates to a TOCTOU (Time-of-Check Time-of-Use)Race Condition that could be exploited.

Successful exploitation of this vulnerability could allow a threat actor to gain SYSTEM privileges.

This vulnerability existed in multiple versions of Windows 10, Windows 11, and Windows Server (2019, 2022).

However, Microsoft has patched this vulnerability, and users are advised to update their Operating Systems accordingly.

MULTIPLE BROCADE SANNAV SAN MANAGEMENT SW FLAWS ALLOW DEVICE COMPROMISE

Posted on 29 April 2024

From securityaffairs.com

Multiple flaws in Brocade SANnav storage area network (SAN) management application can allow to compromise impacted appliances.

Multiple vulnerabilities found in the Brocade SANnav storage area network (SAN) management application could potentially compromise affected appliances.

Closing the cybersecurity skills gap with upskilling programs

Posted on 29 April 2024

From helpnetsecurity.com

The list of skills technologists and organizations need to succeed grows with each new tech advancement, according to Pluralsight. But for many organizations, budgets and staff continue to shrink.

This survey asked 1,400 executives and IT professionals how organizations can leverage technology to drive business value in a world where budgets and headcount are decreasing and technology is evolving at a rapid pace.

Discord dismantles Spy.pet site that snooped on millions of users

Posted on 29 April 2024

From theregister.com

INFOSEC IN BRIEF They say sunlight is the best disinfectant, and that appears to have been true in the case of Discord data harvesting site Spy.pet – as it was recently and swiftly dismantled after its existence and purpose became known.

The site, which has been slurping up public data on Discord users since November of last year, was outed to the world last week after it was discovered the platform contained messages belonging to nearly 620 million users from more than 14,000 Discord servers.

Any and all of the data was available for a price – Spy.pet offered to help law enforcement, people spying on their friends, or even those training AI models.

When Spy.pet was discovered, Discord told us that it was working to take action against anyone that’s violated its terms of service, but that it couldn’t share more.

Things are a bit clearer now.