BRANDEFENSE BRANDEFENSE
  • Platform
    How It Works?
    Platform Overview
    Cyber Intelligence
    Brand & Reputation Protection
    Exposure Management
    By Use Case
    Preventing Data Leakage
    Phishing Monitoring
    Account Takeover Detection
    Stolen Credit Cards
    Dark Web Monitoring
    Remediation and Takedown
    Q1 | 2023
    Explore the Ransomware Attacks
  • Solutions
    Threat Intelligence Service
    Brand Protection
    Vulnerability Management
    Attack Surface Management
    Fraud Protection
    VIP Security
    Vulnerability Intelligence
  • Resources
    Blog
    Infographics
    Datasheets
    Security News
    Threat Intelligence Researches
    Digital Risk Protection – FAQ
    Cybersecurity Glossary
    Events
  • Partners
    About the Partner Program
    Become a Partner
    Partner Portal
  • Company
    About Us
    Join Us!
    We in the Press
    Privacy Policy
    Terms of Use
    Contact Us
Request a Demo
Login

BRANDEFENSE

  • Platform
    How It Works?
    Platform Overview
    Cyber Intelligence
    Brand & Reputation Protection
    Exposure Management
    By Use Case
    Preventing Data Leakage
    Phishing Monitoring
    Account Takeover Detection
    Stolen Credit Cards
    Dark Web Monitoring
    Remediation and Takedown
    Q1 | 2023
    Explore the Ransomware Attacks
  • Solutions
    Threat Intelligence Service
    Brand Protection
    Vulnerability Management
    Attack Surface Management
    Fraud Protection
    VIP Security
    Vulnerability Intelligence
  • Resources
    Blog
    Infographics
    Datasheets
    Security News
    Threat Intelligence Researches
    Digital Risk Protection – FAQ
    Cybersecurity Glossary
    Events
  • Partners
    About the Partner Program
    Become a Partner
    Partner Portal
  • Company
    About Us
    Join Us!
    We in the Press
    Privacy Policy
    Terms of Use
    Contact Us
Security News – Week 41

Security News – Week 41

BRANDEFENSE
Weekly Newsletter
13/10/2022
microsoft security pacthes zeroday

Table of Contents

  • Microsoft Released Critical Security Updates
  • Toyota Confirms a Security Vulnerability Affecting Customer Data
  • More than 400 Mobile Apps Detected to Hijack Facebook Login Credentials

Microsoft Released Critical Security Updates

As part of the October security updates, Microsoft has released updates for 85 security vulnerabilities, including 0-day vulnerabilities known to be actively exploited by threat actors. The criticality ratings of the vulnerabilities are 15 critical, 69 high, and one medium. In addition, it is stated that the published updates do not cover the “ProxyNotShell” vulnerabilities (CVE-2022-41040, CVE-2022-41082) recently detected in Microsoft Exchange Server.

Some of the critical vulnerabilities fixed by the updates are as follows;

  • The vulnerability, tracked as CVE-2022-41033, is caused by a buffer overflow affecting the Windows COM+ Event System Service. The vulnerability, which affects all versions of Windows starting with Windows 7 and Windows Server 2008, allows a local user to execute code with SYSTEM privileges on a vulnerable system.
  • The security vulnerability, tracked as CVE-2022-37979, is caused by a Race Condition bug in Windows Hyper-V. A local user can exploit the vulnerability to gain unauthorized access to sensitive information and elevate their privileges in the system.
  • The security vulnerability, tracked as CVE-2022-37976, is caused by improper enforcement of security restrictions in Active Directory Certificate Services.
  • The vulnerability, tracked as CVE-2022-37978, exists because the security features in Active Directory Certificate Services are bypassed. As a result, a remote user can exploit the vulnerability to perform man-in-the-middle (MitM) attacks and gain access to network communications.
  • The vulnerability, tracked as CVE-2022-41043, exists due to excessive data output by Microsoft Office applications. As a result, a local user can gain unauthorized access to sensitive information in the system by exploiting the vulnerability.

Updates that fix vulnerabilities affect the following Microsoft products and versions;

microsoft product's vulnerability list
It is recommended that users using the products and versions mentioned above immediately apply the published updates in order not to be the target of attacks that can be carried out using vulnerabilities.
apt33 threat actors
APT Groups
APT33 Threat Actors
18/08/2022

Read more
toyota t-connect security vulnerability

Toyota Confirms a Security Vulnerability Affecting Customer Data

Toyota has stated that a security vulnerability has been identified that compromises the 296,019 email addresses and customer management numbers of registered persons on the T-Connect help platform. T-Connect is a support platform for unlocking Toyota vehicles that offers features such as smartphone-based digital keys, navigation services, and remote start.

The vulnerability is due to a developer tasked with building the T-Connect platform uploading the site’s source code to a GitHub public repository in December 2017. Upon inspection of the publicly available source code by Toyota officials, it was discovered that the source code contained an access key to a server that stores customer data. Immediately after the vulnerable GitHub repository was discovered, Toyota officials made it private, and the exposed access key was replaced.

Toyota has launched an investigation into the vulnerability, but there is no evidence yet whether threat actors used the vulnerability to capture data from the server. It is recommended that T-Connect users with the potential to be affected by the breach be aware of the data that may be leaked to the internet regarding spear-phishing/Social engineering attacks and change the login information registered to the platform by applying strong password policies.

facebook credentials hijack

More than 400 Mobile Apps Detected to Hijack Facebook Login Credentials

More than 400 malicious Android and iOS apps have been identified by meta security researchers on the official Apple and Google app stores, aiming to hijack Facebook users’ login information. It has been observed that these malicious applications are disguised as photo editors, games, VPN services, business applications, and other utilities.

malicious apps' categories
Source: Facebook
The campaign chain starts with malware developers creating malicious mobile apps disguised as apps with fun or useful functions. Threat actors, who have begun publishing developed malicious applications on official application stores, may publish fake reviews and comments to cover up the negative comments of people who detect that the applications are malicious. With the installation of any of these applications, users are faced with a “Facebook Login” request before using the promised features. If users log in with their login information, the malicious application captures the entered user name, e-mail, and password information. It can use login information obtained by threat actors for various activities such as providing full access to people’s Facebook accounts, sending fake/spam messages to one’s friends, accessing private information, and fraud.
malicious applications tried to hijack facebook login credentials
Figure 2: Some of the malicious applications

There are also many legitimate apps that offer the features listed above and require you to securely log into Facebook. In order to distinguish malicious apps from legitimate apps, there are a few important things to consider before logging into a mobile app with your Facebook account;

  • If social media credentials are requested to use the application, it is important for users to check whether the application can be used without providing their Facebook information. For example, a photo editing app that requires your Facebook login and password before allowing you to use it has the potential to be harmful.
  • App reputation, though imprecise, provides insight into whether the app is malicious before it is downloaded. Therefore, app reviews, downloads, and ratings, including negative ones, should be checked.
  • It should be checked whether the application provides the promised functionality before or after login.

Considering these issues, users who suspect they have been affected by a malicious mobile application with the above features should take the following steps immediately.

  • The app should uninstall from the device.
  • Login information of social media accounts used in the application should be changed by applying strong password policies.
  • Two-factor authentication mechanisms must be enabled.
  • Login alerts should be enabled to detect unauthorized access attempts by unknown parties.
more than 400 mobile apps detected to hijack facebook login credentials
Security News
More than 400 Mobile Apps Detected to Hijack Facebook Login Credentials
10/10/2022

Read more
Share on Facebook Share on X
Search
Categories
APT GroupsBlogDark WebDRPSFraudRansomwareSector AnalysisSecurity NewsVIP SecurityWe in the PressWeekly Newsletter
Recent Posts
  • What is Supply Chain Security?
    What is Supply Chain Security?
  • Godfather Android Banking Trojan Technical Analysis
    Godfather Android Banking Trojan Technical Analysis
  • Celebrating a Milestone: Brandefense Earns a Spot on Fast Company Turkey’s Top 100 Start-Up List
    Celebrating a Milestone: Brandefense Earns a Spot on Fast Company Turkey’s Top 100 Start-Up List
  • Perspective of the Month | Anonymous Sudan | June – July 2023
    Perspective of the Month | Anonymous Sudan | June – July 2023
Ransomware Trends Report | Q2 2023
Ransomware Attack Trends in the Second Quarter of 2023
Report

Ransomware Attack Trends in the Second Quarter of 2023

Download Report
Follow us!

Continue Reading

Previous post

Microsoft Released Critical Security Updates

microsoft security pacthes zeroday
npm timing attacks
Next post

Timing Attacks Via Npm API Discloses Custom Package Names

We know what hackers know about you

Our cyber threat intelligence and security research team is ready to help you.
image link

Brandefense is solving SOC’s complex challenges. We are here to help Brandefense customers to protect their brands and reputations against cyber threats.

United States:

300 Delaware Ave. Ste 210 #328 Wilmington, DE 19801 / USA

Republic of Turkey:

Üniversiteler, 1605 Cd. Cyberpark Vakıf Binası Kat: -1 No: B25, 06800 Çankaya/Ankara

© 2022 Brandefense. All rights reserved.

Solutions
Threat IntelligenceBrand ProtectionVulnerability ManagementFraud ProtectionVIP SecurityAttack Surface ManagementVulnerability Intelligence
Use Case
Data LeakagePhishing MonitoringAccount Takeover DetectionStolen Credit CardsDark Web MonitoringRemediation / Takedown
Partners
About the Partner ProgramBecome a Partner
Company
AboutCareerPrivacy PolicyTerms Of UseContact
Close
Search

Hit enter to search or ESC to close

cookie By using this website, you agree to our cookie policy. Close