CyberScotland Bulletin

Technical Bulletin March 2022

The CyberScotland Technical Bulletin is designed to provide you with information about updates, exploits and countermeasures.

Please subscribe to our CyberScotland mailing list to be notified by email when a new bulletin is published.

Section Microsoft Patch Tuesday

Microsoft Patch Tuesday

Microsoft released its monthly security update on Tuesday 8th March 2022, patching 71 issues across its suite of products.

This Patch Tuesday, the breakdown of vulnerabilities includes 3 Critical issues, with the remaining being labelled as Important. No vulnerabilities this time around have been found to be actively exploited, although 3 of them were known publicly at the time of release.

The 3 critical vulnerabilities addressed relate to remote code execution flaws were:

As reported by The Hacker News, this month’s patches address 29 remote code execution vulnerabilities, 6 information disclosure vulnerabilities, 4 denial-of-service vulnerabilities, 3 security feature bypass vulnerabilities, 3 spoofing vulnerabilities, and 1 tampering vulnerability.

A full list of Microsoft’s March 2022 patches can be found here: Microsoft Security Response Center

Section New High Rated Vulnerability in Linux

New High Rated Vulnerability in Linux

According to QNAP, a local privilege escalation vulnerability named DirtyPipe has been found to affect the Linux Kernel on “all QNAP x86-based NAS and some QNAP ARM-based NAS running QTA 5.0.x and QuTS hero h5.0.x”. The organisation also stated that “if exploited, this vulnerability allows an unprivileged user to gain administration privileges and inject malicious code”.

The CVE is being tracked as CVE-2022-0847. According to The Hacker News, the issue is high risk as it allows numerous malicious actions to be conducted on the system. These include tampering with sensitive files like /etc/passwd, adding SSH keys for gaining remote access, and executing arbitrary binaries with the highest privileges.

According to IONOS software developer Max Kellerman, this vulnerability has been fixed in Linux versions 5.16.11, 5.15.25, and 5.10.102.

Section Microsoft & Okta Breached by LAPSUS$ Hackers

Microsoft & Okta Breached by LAPSUS$ Hackers

This Tuesday, Microsoft confirmed the extortion hacking gang LAPSUS$ gain “limited access” to the organisation’s systems. Okta confirmed that “approximately 2.5%” of their customers have been potentially impacted by the breach. As reported by the Microsoft Threat Intelligence Center (MSTIC), none of their customer code or data was involved in the observed actions by the hacking group. Previously, the LAPSUS$ hacker group have compromised other large organisations such as Nvidia and Samsung.

To mitigate these threats for other organisations, Microsoft is recommending that multi-factor authentication is mandated, that organisations make use of authentication options such as OAuth or SAML, review individual sign-ins on systems in search of anomalous activity, and finally, monitor incident response communications for unauthorised attendees.

Further information on the incidents involving Okta and Microsoft can be found here: ThreatPost

Section OpenSSL Patches Infinite-loop Denial-of-Service Issue

OpenSSL Patches Infinite-loop Denial-of-Service Issue

On March 15th, the OpenSSL Security Advisory addressed a high rated vulnerability in a security update, among other general fixes.

The vulnerability, tracked as CVE-2022-0778, relates to a program loop that had the potential to iterate infinitely. This led to hanging up the program using the offending code, which caused a denial-of-service (DoS) condition. This term refers to when systems or servers are overloaded with data or access requests, rendering the service unusable.

To mitigate this issue, upgrade to the latest version of OpenSSL, which fixes this issue. Detailed information on how the vulnerability works, including information on how programmers can avoid this issue, can be found on Naked Security by SOPHOS.

Section Join the CiSP Network

Join the CiSP Network

The Cyber Security Information Sharing Partnership is a joint initiative between government and industry to share cyber threat information in a secure and confidential environment.

Organisations that are proactive in their approach for the management and handling of cyber security should consider joining CiSP to keep up with emerging threats.

Your organisation can register to join CiSP here. If your organisation is looking for a sponsor please contact the the Scottish Government’s Cyber Resilience Unit at [email protected]

When your organisation has joined, you can register as an individual here.

CiSP – The Cyber Security Information Sharing Partnership

The Cyber Security Information Sharing Partnership (CiSP) is a joint industry and government initiative set up to exchange cyber threat information in real time, in a secure, confidential and dynamic environment, increasing situational awareness and reducing the impact on UK […]

Read more CiSP – The Cyber Security Information Sharing Partnership in modal dialog

Scottish Information Sharing Network (SciNET Group)

SciNet is a community for Scottish Buisnesses to engage on CiSP. The Cyber Security Information Sharing Partnership (CiSP) is a joint industry and government initiative set up to exchange cyber threat information in real time, in a secure, confidential and […]

Read more Scottish Information Sharing Network (SciNET Group) in modal dialog

Early Warning Service

The NCSC provides a free service to organisations to inform them of threats against their network. This service will notify you on all cyber attacks detected by the feed suppliers against your organisation and is designed to compliment your existing […]

Read more Early Warning Service in modal dialog
Scottish Business Resilience Centre
Back to top of the page