CyberScotland Bulletin

Technical Bulletin August 2022

The CyberScotland Technical Bulletin is designed to provide you with information about updates, exploits and countermeasures.

Please subscribe to our CyberScotland mailing list to be notified by email when a new bulletin is published.

Section Microsoft Patch Tuesday

Microsoft Patch Tuesday

Microsoft’s most recent round of its monthly security updates included fixes for a record 141 security vulnerabilities, including another Zero-Day in the Microsoft Support Diagnostics Tool (MSDT). This latest bug, tracked as CVE-2022-34713 with a CVSS of 7.8, could be exploited by a malicious hacker to remotely execute arbitrary code on a user’s system. The attack vector involves the victim opening a malicious office file, probably sent over email.

Microsft also released a security update for Exchange Server, fixing a trio of CVEs (1, 2, 3) found in the 2013, 2016, and 2019 versions of the software. Although no in-the-wild exploitation has been identified, Microsoft recommends immediately updating the affected systems. The tech giant has highlighted that administrators are required to enable Windows Extended Protection on affected servers as part of the fix for this patch. These vulnerabilities affect only the local versions of Exchange Server, with no action required from Exchange Online customers.

Section Slack Bug Exposes Hashed Passwords

Slack Bug Exposes Hashed Passwords

Workspace provider Slack has reset the passwords for around 0.5% of its users, after a flaw was discovered which may have disclosed users’ hashed passwords. An unnamed security researcher reported.

Slack explained in a blog that whenever a user created or revoked a workspace invite link, a hashed version of their password was transmitted to other users in their workspace. However, the transmitted hash was not visible to Slack clients, and so to exploit this flaw an attacker would need to be intercepting and reading encrypted network traffic to retrieve the hashed password. Slack reports that due to this they have no reason to believe any plaintext passwords were obtained, and have reset the passwords of approximately 60,000 users as a precaution.

Section Cisco Compromised via Employee's Personal Google Account

Cisco Compromised via Employee's Personal Google Account

Tech giant Cisco has reported that they fell victim to a sophisticated cyber-attack on 24 May 2022, after attackers compromised the personal Google account of one of their employees.

The employee had stored their Cisco credentials in their browser, which had then automatically synced the credentials to their Google account. When this account was compromised, attackers were able to extract the Cisco credentials and log in as this user. This disclosure demonstrates the importance of separating work and personal accounts to prevent these lateral-movement attacks. Also noteworthy is that Cisco did have Multi-factor authentication enabled for this user, however the attackers were able to phish the user’s MFA code to successfully authenticate. 2.8GB of data alleged obtained from this breach has been leaked online.

Section DrayTek Router Unauthenticated RCE

DrayTek Router Unauthenticated RCE

Networking equipment manufacturer DrayTek has released a firmware update to fix an unauthenticated remote code execution vulnerability in its routers’ Web UI login page.

If the login page is exposed to the internet, an attacker could exploit this vulnerability to completely take over the router’s operating system and pivot to the rest of the internal network, and as a result, this has the maximum CVSS score of 10. This vulnerability may affect up to 29 different models of DrayTek routers. DrayTek recommends applying the firmware patches as soon as possible.

CiSP – The Cyber Security Information Sharing Partnership

The Cyber Security Information Sharing Partnership (CiSP) is a joint industry and government initiative set up to exchange cyber threat information in real time, in a secure, confidential and dynamic environment, increasing situational awareness and reducing the impact on UK […]

Read more CiSP – The Cyber Security Information Sharing Partnership in modal dialog

Scottish Information Sharing Network (SciNET Group)

SciNet is a community for Scottish Buisnesses to engage on CiSP. The Cyber Security Information Sharing Partnership (CiSP) is a joint industry and government initiative set up to exchange cyber threat information in real time, in a secure, confidential and […]

Read more Scottish Information Sharing Network (SciNET Group) in modal dialog

Early Warning Service

The NCSC provides a free service to organisations to inform them of threats against their network. This service will notify you on all cyber attacks detected by the feed suppliers against your organisation and is designed to compliment your existing […]

Read more Early Warning Service in modal dialog
Scottish Business Resilience Centre
Back to top of the page