CyberScotland Bulletin

Technical Bulletin May 2022

The CyberScotland Technical Bulletin is designed to provide you with information about updates, exploits and countermeasures.

Please subscribe to our CyberScotland mailing list to be notified by email when a new bulletin is published.

Section Microsoft Patch Tuesday

Microsoft Patch Tuesday

Microsoft released its monthly security update on Tuesday 10th May 2022, patching 74 issues across its suite of products.

This Patch Tuesday, the breakdown of vulnerabilities includes 7 critical issues, with the remaining being labelled as important. Two of these vulnerabilities have been publicly known at the time of release, including one being actively exploited in the wild.

Tracked as CVE-2022-26925, this zero-day vulnerability is a spoofing issue which affects the Windows Local Security Authority. This is a “protected subsystem that authenticated and logs users onto the local system” according to Microsoft. This exploit could allow an attacker to coerce the domain controller to authenticate them, allowing them access to hashes and authentication protocols.

The two publicly known vulnerabilities addressed were:

The former of the two was tagged by Microsoft was “Exploitation More Likely”, meaning affected users should apply this month’s patches as soon as possible.

As reported by The Hacker News, this month’s patches address 24 remote code execution, 21 elevation of privilege, 17 information disclosure, and 6 denial of service vulnerabilities, among others.

A full list of Microsoft’s May 2022 patches can be found here: Microsoft Security Response Center

Section Hacked WordPress Sites Redirect Users to Scam Sites

Hacked WordPress Sites Redirect Users to Scam Sites

Researchers have uncovered a massive WordPress JavaScript Injection Campaign that redirects visitors to scam pages and similar malicious sites.

According to Sucuri Blog, the campaign uses known vulnerabilities in WordPress themes and plugins, and has impacted a large number of websites this year. In April, the campaign affected almost 6,000 different websites.

This campaign has been found to redirect users to advertisements, phishing pages, and even malware. One redirect involves users being taken to a fake CAPTCHA check page, and upon clicking, servers users ads disguised to look like they are popups from the operating system rather than the web browser.

As attackers are targeting multiple known vulnerabilities in WordPress plugins and themes, administrators should ensure WordPress websites, plugins, and themes are updated to their latest versions.

Section Bluetooth Hack Could Allow Hackers to Remotely Unlock Smart Locks

Bluetooth Hack Could Allow Hackers to Remotely Unlock Smart Locks

A Bluetooth relay attack has been found to allow hackers the ability to open smart locks, car doors, and breach secure areas.

This vulnerability has occurred due to a weakness in the current implementation of Bluetooth Low Energy, which is a wireless technology used to authenticate devices located within a physically close range. According to NCC Group, a malicious actor could falsely set the proximity of Bluetooth Low Energy devices to each other using a relay attack, which could allow for unauthorised access to devices in their proximity.

Due to these exploits, the Bluetooth Special Interest Group have acknowledged the possibility of relay attacks and note that the standards body are aiming to implement more accurate ranging mechanisms.

Section Joint Cybersecurity Advisory Publish List of Routinely Exploited Weak Security Controls

Joint Cybersecurity Advisory Publish List of Routinely Exploited Weak Security Controls

This month, the Joint Cybersecurity Advisory have published a advice regarding “weak security controls and practices routinely exploited for initial access”.

The publication identifies commonly exploited controls and includes information on best practices to mitigate such issues. Common poor security practices which hackers often exploit include:

  • Multifactor Authentication (MFA) not being enforced
  • Software not being up to date
  • Using default configurations or default login credentials
  • Strong password policies not being implemented

These issues, along with a host of others, can be found in the full publication. This advisory, along with other useful information, gets shared with those in the CiSP Network. Information on joining the network can be found below.

Section Join the CiSP Network

Join the CiSP Network

The Cyber Security Information Sharing Partnership is a joint initiative between government and industry to share cyber threat information in a secure and confidential environment.

Organisations that are proactive in their approach for the management and handling of cyber security should consider joining CiSP to keep up with emerging threats.

Your organisation can register to join CiSP here. If your organisation is looking for a sponsor please contact the the Scottish Government’s Cyber Resilience Unit at [email protected]

When your organisation has joined, you can register as an individual here.

CiSP – The Cyber Security Information Sharing Partnership

The Cyber Security Information Sharing Partnership (CiSP) is a joint industry and government initiative set up to exchange cyber threat information in real time, in a secure, confidential and dynamic environment, increasing situational awareness and reducing the impact on UK […]

Read more CiSP – The Cyber Security Information Sharing Partnership in modal dialog

Scottish Information Sharing Network (SciNET Group)

SciNet is a community for Scottish Buisnesses to engage on CiSP. The Cyber Security Information Sharing Partnership (CiSP) is a joint industry and government initiative set up to exchange cyber threat information in real time, in a secure, confidential and […]

Read more Scottish Information Sharing Network (SciNET Group) in modal dialog

Early Warning Service

The NCSC provides a free service to organisations to inform them of threats against their network. This service will notify you on all cyber attacks detected by the feed suppliers against your organisation and is designed to compliment your existing […]

Read more Early Warning Service in modal dialog
Scottish Business Resilience Centre
Back to top of the page