Get cracking on Patch Tuesday security fixes.
Welcome to Cyber Security Today. It’s Wednesday, February 14th, 2024. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
Yesterday was Microsoft’s Patch Tuesday for February. Patches for 80 vulnerabilities were released, including five critical ones. And of those, two are being exploited right now. One of the critical holes is in Microsoft Exchange Server and allows an escalation of privileges. The second is in Microsoft Outlook and allows an attacker to bypass the Office Protected View and open a document in editing mode rather than protected mode. The vulnerabilities being currently exploited are in Windows.
According to researchers at Trend Micro, one of them is being used by a group it calls Water Hydra. Other researchers call it DarkCasino. The group uses the vulnerability to bypass Microsoft Defender SmartScreen to infect victims with the DarkMe malware. Typical targets of this group are banks, foreign currency exchanges, stock trading platforms, online casinos and cryptocurrency platforms.
Also releasing security patches was Adobe. They close critical holes in Acrobat and Acrobat Reader, Adobe Commerce, Magento Open Source, Substance 3D Painter and FrameMaker.
Siemens published 15 security advisories for its industrial products. According to SecurityWeek they cover 270 vulnerabilities. More than half of them are in models of Scalance switches.
It’s not been a good month for insurers so far. Insurance provider Prudential Financial says it suffered a breach of security controls last week. In a filing with the U.S. Securities and Exchange Commission the company said the attacker accessed company administrative and user data, including information on employees and contractors.
And the Canadian branch of a French global insurance brokerage suffered a cybersecurity incident. According to CBC News, MSH International Canada detected the attack February 9th. Among its customers is the Public Service Health Care Plan, which offers extra health coverage to Canadian federal employees, including members of Parliament and judges.
All hospitals in Romania unplugged from the internet at the beginning of the week after 21 institutions were hit by ransomware over the weekend. According to the country’s cyber directorate, the attacks started being discovered on Saturday. The malware is a strain of the Phobos ransomware family. Most of the affected hospitals have data backups, the government says.
ExpressVPN has temporarily stopped the ability of administrators to enable split tunneling, or running multiple VPNs at a time. This affects the Windows version of the app. Split tunneling will remain disabled until a vulnerability is fixed. The problem began with a version of the app released almost two years ago. The SANS Institute notes that split tunneling is always dangerous.
Finally, how do threat actors leverage remote monitoring and management tools like AnyDesk, Atera and Splashtop? By tricking employees into downloading them. They send messages pretending to be from IT support saying the employee needs to download an application to help them. This week Malwarebytes published a blog outlining how it works. Security teams may find it useful.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to to your Flash Briefing on your smart speaker