CyberScotland Bulletin

Technical Bulletin June 2022

The CyberScotland Technical Bulletin is designed to provide you with information about updates, exploits and countermeasures.

Please subscribe to our CyberScotland mailing list to be notified by email when a new bulletin is published.

Section Microsoft Patch Tuesday

Microsoft Patch Tuesday

On Tuesday Microsoft released its monthly round of patches, addressing a total of 56 flaws, including the actively exploited critical vulnerability dubbed Follina (CVE-2022-30190).

A zero-day bug in the Windows Support Diagnostic Tool (MSDT), an attacker could exploit the Follina vulnerability to remotely execute code by loading a malicious HTML file through Microsoft Word’s remote template feature. Follina is unique in that it does not require Office macros, and so will run as soon as a malicious Office file is opened rather than requiring the user to enable them. Various threat actors have been observed exploiting Follina to spread malware as far back at 12 April 2022.

Also fixed in this round of patches was CVE-2022-30147, a privilege escalation vulnerability in Windows Installer. This could be leveraged in particular by ransomware operators to encrypt more sensitive data normally only accessible to users with higher privileges.

Section How Attackers Can Hijack Your Accounts Before You Even Create Them

How Attackers Can Hijack Your Accounts Before You Even Create Them

New research has found a novel way for attackers to hijack online accounts and steal sensitive data, by exploiting flaws in account creation processes.

The research identified a total of 5 related “pre-hijacking” techniques in which an attacker pre-registers an account for their target on a new service, using the target’s username or email address. The attacker implements one of several techniques to ensure they can regain access to the account – even after the real user has reset the password and begun using the service, often adding their personal and financial details. The attacker can then steal this sensitive data, or abuse their access to the account in other ways, for example by making fraudulent purchases.

Section Firefox Implements Total Cookie Protection

Firefox Implements Total Cookie Protection

On 14 June, Firefox rolled out Total Cookie Protection by default to all users.

These protections ensure that when a website you are visiting creates a cookie in your browser, that cookie can only be accessed by the site which created it. This prevents tracking cookies which collect data on your web activities from following you between sites, effectively rendering these tracking cookies obsolete, and greatly improving the privacy of users. The data gathered by third-party tracking cookies are typically sold to advertising agencies and used to generate targeted ads and content.

Section So Long, Internet Explorer. The Browser Goes into Retirement

So Long, Internet Explorer. The Browser Goes into Retirement

After 27 years of Internet Explorer being used across the world and coming pre-installed on many Windows machines, it was officially retired* on the 15th June 2022.

In an article in Security Weekly, it was highlighted that Microsoft’s latest ‘Edge Browser’ was more secure, faster, provided a better browsing experience but was also compatible with legacy websites and applications, a concern that some businesses may have had who had been slower to transition to the newer browser.

  • Note: This retirement does not affect in-market Windows 10 LTSC or Server Internet Explorer 11 desktop applications. It also does not affect the MSHTML (Trident) engine. For a full list of what is in scope for this announcement, and for other technical questions, please see these FAQ.
Section Panchan: A New Golang-based Peer-To-Peer Botnet Targeting Linux Servers

Panchan: A New Golang-based Peer-To-Peer Botnet Targeting Linux Servers

Hacker News have reported that a new Golang-based peer-to-peer botnet has been identified which appears to be targeting Linux server primarily within the education sector.  This was reported earlier in the year across various forums.

Dubbed Panchan by Akamai Security Research, the malware “utilizes its built-in concurrency features to maximize spreadability and execute malware modules” and “harvests SSH keys to perform lateral movement.”

More details on the attack vectors and the original article can be found at here

CiSP – The Cyber Security Information Sharing Partnership

The Cyber Security Information Sharing Partnership (CiSP) is a joint industry and government initiative set up to exchange cyber threat information in real time, in a secure, confidential and dynamic environment, increasing situational awareness and reducing the impact on UK […]

Read more CiSP – The Cyber Security Information Sharing Partnership in modal dialog

Scottish Information Sharing Network (SciNET Group)

SciNet is a community for Scottish Buisnesses to engage on CiSP. The Cyber Security Information Sharing Partnership (CiSP) is a joint industry and government initiative set up to exchange cyber threat information in real time, in a secure, confidential and […]

Read more Scottish Information Sharing Network (SciNET Group) in modal dialog

Early Warning Service

The NCSC provides a free service to organisations to inform them of threats against their network. This service will notify you on all cyber attacks detected by the feed suppliers against your organisation and is designed to compliment your existing […]

Read more Early Warning Service in modal dialog
Scottish Business Resilience Centre
Back to top of the page