June 7, 2022

Good morning, everyone!

The latest critical vulnerabilities: Cisco has released an update to its Open Automation Software fixing 8 critical vulnerabilities Aruba has released updates to ClearPass Policy Manager that address multiple security vulnerabilities Patch All the Things!

Microsoft Office zero day vulnerability discovered (Follina)

This one is really bad, folks, so please pay attention:

users should be vigilant about opening any attachments and should be made aware that this exploit can be triggered with “a hover-preview of a downloaded file that does not require any clicks (post download).”

This exploit bypasses Windows Defender, and there is no patch available, so you literally have no protection from this type of attack – it’s an entirely new beast. (Note: Microsoft has issued guidance on a workaround, but it's pretty technical and could have unforseen consequences.)

“It’s also particularly dangerous in that Microsoft Macro’s are the typical focus for code execution payloads via Microsoft Office products, so user awareness training on “Not Enabling Macros” doesn’t mitigate the risk,” he says.

If you have the slightest suspicion about any Office document (not just Word, but Excel, PPT, anything) – do NOT open it, don’t even preview it. Call the person who emailed it to you and ask if it’s legit, or just delete it without touching it.

ChromeLoader Malware Hijacks Browsers With ISO Files

As more applications become browser-based, the browser is gaining the attention of cyber criminals. Added to that, most organizations don’t manage or monitor browser application changes the way they do standard business apps, and many endpoint management tools don’t scan browser extensions. It’s the pefect recipe for an attack.

"By infecting the browser, the attacker gets around a number of security measures, such as traffic encryption, that would otherwise impede their attack," Parkin says. "It's like adding a malicious hard drive to your system." […] "Most security tools don't detect it," says Talon's Bobrov. "The fact that ChromeLoader abuses PowerShell makes it incredibly dangerous, since this can allow for more advanced attacks, such as ransomware, fileless malware, and malicious code memory injections."

How do you protect yourself? Basic cyber hygiene. Don’t download and install software unless you need it AND you know that you can trust it. Download only from original sources, not from popups or sponsored links. Spending most of your time logged in as a standard (not administrative) user is a great way to stop unintentional installation of malware. When that box pops up asking for admin credentials to continue, stop and ask yourself “Why does this need admin credentials? Do I need to do this?”

Stay safe and Cyber Aware this week!

Remember, you can read past editions of this newsletter on our website, along with tons more information under the Resources tab.

Talk to you again soon!

Glenda R. Snodgrass
grs@theneteffect.com
(251) 433-0196 x107
https://www.theneteffect.com
For information security news & tips, follow me!

Security Awareness Training Available Here, There, Everywhere!

Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Live training made a comeback a few months ago, but many organizations are retreating. No worries. Wherever you and your employees may be, I can deliver an interesting and informative training session in whatever format you prefer.

Contact me to schedule your employee training sessions. They're fun! ☺