{"id":95,"date":"2022-07-14T20:35:16","date_gmt":"2022-07-14T20:35:16","guid":{"rendered":"https:\/\/gcsecurity.us\/?p=95"},"modified":"2023-01-27T19:58:14","modified_gmt":"2023-01-27T19:58:14","slug":"security-bulletin-bypassing-mfa-spectre-attacks-and-impersonations","status":"publish","type":"post","link":"https:\/\/gcsecurity.us\/?p=95","title":{"rendered":"Threat Intelligence Bulletin &#8211; Spectre Attacks, Impersonations, and Bypassing MFA"},"content":{"rendered":"\n<p>Phishing campaign leveraging Follina vulnerability to deploy backdoor on Windows systems<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/thehackernews.com\/2022\/07\/hackers-exploiting-follina-bug-to.html\">https:\/\/thehackernews.com\/2022\/07\/hackers-exploiting-follina-bug-to.html<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>Details on modus operandi of current phishing campaign<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/new-luna-moth-hackers-breach-orgs-via-fake-subscription-renewals\/\">https:\/\/www.bleepingcomputer.com\/news\/security\/new-luna-moth-hackers-breach-orgs-via-fake-subscription-renewals\/<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>Microsoft temporarily removes automatic blocking of VBA macros in downloaded Office documents<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/microsoft-says-decision-to-unblock-office-macros-is-temporary\/\">https:\/\/www.bleepingcomputer.com\/news\/microsoft\/microsoft-says-decision-to-unblock-office-macros-is-temporary\/<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>Large-scale phishing campaign that bypasses MFA has attacked over 10,000 organizations<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/thehackernews.com\/2022\/07\/microsoft-warns-of-large-scale-aitm.html\">https:\/\/thehackernews.com\/2022\/07\/microsoft-warns-of-large-scale-aitm.html<\/a><\/li><li><a href=\"https:\/\/www.helpnetsecurity.com\/2022\/07\/13\/office-365-phishing-mfa\/\">https:\/\/www.helpnetsecurity.com\/2022\/07\/13\/office-365-phishing-mfa\/<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>Qakbot malware transforms delivery method to evade detection by using both common and unknown extensions, code obfuscation, and multiple URLs<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/thehackernews.com\/2022\/07\/researchers-uncover-new-attempts-by.html\">https:\/\/thehackernews.com\/2022\/07\/researchers-uncover-new-attempts-by.html<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>Older AMD and Intel microprocessors vulnerable to Retbleed speculative execution attack<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/thehackernews.com\/2022\/07\/new-retbleed-speculative-execution.html\">https:\/\/thehackernews.com\/2022\/07\/new-retbleed-speculative-execution.html<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>Sandbox escape bug affecting Apple OS\u2019s with potential for privilege escalation<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/thehackernews.com\/2022\/07\/microsoft-details-app-sandbox-escape.html\">https:\/\/thehackernews.com\/2022\/07\/microsoft-details-app-sandbox-escape.html<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>Orbit Linux malware creates backdoor to steal passwords and log terminal commands<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/www.zdnet.com\/article\/this-new-evasive-and-persistent-linux-malware-creates-a-backdoor-to-steal-usernames-passwords-and-more\/\">https:\/\/www.zdnet.com\/article\/this-new-evasive-and-persistent-linux-malware-creates-a-backdoor-to-steal-usernames-passwords-and-more\/<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>Threat actors posing as cybersecurity companies (including CrowdStrike) to phish users and compromise symptoms<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/www.zdnet.com\/article\/brazen-crooks-are-now-posing-as-cybersecurity-companies-to-trick-you-into-installing-malware\/\">https:\/\/www.zdnet.com\/article\/brazen-crooks-are-now-posing-as-cybersecurity-companies-to-trick-you-into-installing-malware\/<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>UEFI firmware in several Lenovo laptops vulnerable to buffer overflow vulnerabilities<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/new-uefi-firmware-flaws-impact-over-70-lenovo-laptop-models\/\">https:\/\/www.bleepingcomputer.com\/news\/security\/new-uefi-firmware-flaws-impact-over-70-lenovo-laptop-models\/<\/a><\/li><\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Phishing campaign leveraging Follina vulnerability to deploy backdoor on Windows systems https:\/\/thehackernews.com\/2022\/07\/hackers-exploiting-follina-bug-to.html Details on modus operandi of current phishing campaign https:\/\/www.bleepingcomputer.com\/news\/security\/new-luna-moth-hackers-breach-orgs-via-fake-subscription-renewals\/ Microsoft temporarily removes automatic blocking of VBA macros in downloaded Office documents https:\/\/www.bleepingcomputer.com\/news\/microsoft\/microsoft-says-decision-to-unblock-office-macros-is-temporary\/ Large-scale phishing campaign that bypasses MFA has attacked over 10,000 organizations https:\/\/thehackernews.com\/2022\/07\/microsoft-warns-of-large-scale-aitm.html https:\/\/www.helpnetsecurity.com\/2022\/07\/13\/office-365-phishing-mfa\/ Qakbot malware transforms delivery method to evade detection [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[15,14],"class_list":["post-95","post","type-post","status-publish","format-standard","hentry","category-news","tag-cybersecurity","tag-news"],"_links":{"self":[{"href":"https:\/\/gcsecurity.us\/index.php?rest_route=\/wp\/v2\/posts\/95","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/gcsecurity.us\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gcsecurity.us\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gcsecurity.us\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/gcsecurity.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=95"}],"version-history":[{"count":4,"href":"https:\/\/gcsecurity.us\/index.php?rest_route=\/wp\/v2\/posts\/95\/revisions"}],"predecessor-version":[{"id":110,"href":"https:\/\/gcsecurity.us\/index.php?rest_route=\/wp\/v2\/posts\/95\/revisions\/110"}],"wp:attachment":[{"href":"https:\/\/gcsecurity.us\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=95"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gcsecurity.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=95"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gcsecurity.us\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=95"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}