Welcome to Ironshare’s Cyber Round-up, where we look back at the events of that last week to cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
A new phishing campaign exploits the Windows Search protocol via HTML attachments in emails. These attachments use the search-ms URI to initiate Windows searches for malicious files on remote servers. The phishing emails contain ZIP files with HTML documents that automatically redirect to these malicious URLs, posing as legitimate invoices. The Windows Search protocol displays a fake "Downloads" interface, leading victims to execute harmful batch scripts. To mitigate this threat, users are recommended to delete specific registry entries associated with the search-ms protocol, however Trustwave are advising that doing so will also impact legitimate applications that use the Windows search protocol.
For more details, read the full article here.
By bleepingcomputer.com
AWS Identity and Access Management (IAM) now supports passkeys for multi-factor authentication (MFA), enhancing security and usability. Based on FIDO standards, passkeys use public key cryptography, providing strong, phishing-resistant authentication. Users can now secure their AWS accounts using passkeys with built-in authenticators like Touch ID and Windows Hello, or hardware security keys. This feature is available in all AWS regions except China, allowing seamless, secure sign-ins across devices. For more details, visit the AWS announcement.
In addition to this, starting in mid-2024, AWS will require multi-factor authentication (MFA) for root users of AWS Organizations management accounts. Customers affected by this change will be notified when signing in to the console.
This requirement will expand to additional scenarios throughout 2024, with AWS planning to mandate MFA for standalone accounts as well. This initiative aims to strengthen account security by adding an extra layer of protection to prevent unauthorized access. AWS are also providing resources and guides to help customers implement MFA effectively.
By aws.amazon.com
Google has issued a warning about a critical security flaw in Pixel firmware, identified as CVE-2024-32896, which has been exploited as a zero-day vulnerability. This flaw allows for privilege escalation and has been “under limited, targeted exploitation.”. An update is now available for all supported Pixel devices, which will address this critical vulnerability. Affected users are advised to apply the latest updates at the earliest opportunity.
By thehackernews.com
Apple has released visionOS 1.2 to patch a significant vulnerability, CVE-2024-27812, in its Vision Pro virtual reality headset. This flaw, potentially the first specific to spatial computing, could be exploited via specially crafted web content, leading to denial-of-service (DoS). The update addresses nearly two dozen vulnerabilities, most of which are common across other Apple operating systems. Cybersecurity researcher Ryan Pickren, who reported the issue, notes it as a groundbreaking spatial computing hack. Further details are pending Apple’s approval for disclosure.
By securityweek.com
Microsoft has decided to disable the Windows Recall feature by default on Copilot+ PCs following public outcry over privacy and security concerns. The feature, which creates a searchable digital memory of user activity, was criticized for its potential vulnerability to malware and inadequate data protection. In response, Microsoft will now require users to opt-in explicitly and has enhanced security measures, including requiring Windows Hello enrollment for access and adding encryption to the search index database.
“If you don’t proactively choose to turn it on, it will be off by default,” Microsoft stated.
By securityweek.com
Microsoft's Patch Tuesday instalment for June 2024 includes patches for 51 vulnerabilities, a decrease from the 61 fixes seen in May. This batch of security updates addresses fewer vulnerabilities compared to the previous month, with only 1 critical, and 1 publicly disclosed flaw patched.
Stay Safe, Secure and Healthy!
Edition #278 – 14th June 2024
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
