CyberScotland Bulletin

Technical Bulletin October 2021

The CyberScotland Technical Bulletin is designed to provide you with information about updates, exploits and countermeasures.

Please subscribe to our CyberScotland mailing list to be notified by email when a new bulletin is published.

Microsoft Patch Tuesday

Microsoft released its monthly security update Tuesday 12th October 2021, disclosing 71 vulnerabilities across its suite of products.

This Patch Tuesday, 4 zero-days were mentioned, the first of which Microsoft has detected active exploitation:

  • CVE-2021-40449 – Win32k Elevation of Privilege Vulnerability
  • CVE-2021-41338 – Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability
  • CVE-2021-40469 – Windows DNS Server Remote Code Execution Vulnerability
  • CVE-2021-41335 – Windows Kernel Elevation of Privilege Vulnerability

One of the zero-day vulnerabilities is being actively exploited. CVE-2021-40449, which was originally reported to Microsoft by Boris Lorin with Kaspersky, uses a previously unknown vulnerability, and impacts the Win32k Kernel driver. The remaining zero-days involve a Windows AppContainer Firewall issue which allows attackers to bypass security features, a remote code execution in Windows DNS Server, and an elevation of privilege vulnerability in the Windows Kernel.

As reported by zdnet.com, the products affected by these vulnerabilities are Microsoft Office, Exchange Server, MSHTML, Visual Studio, and the Edge Browser.

Apple Urgent Zero-Day Fix

Apple has pushed a security update to iOS 15.0.2 and iPadOS 15.0.2 in response to a remote code execution vulnerability being actively exploited.

With a memory-corruption bug in the IOMobileFrameBuffer Kernel extension, used for managing the screen framebuffer, it may be possible for an application to execute arbitrary code with Kernel privileges and gain full control of an iOS device. This exploit has been tracked as CVE-2021-30883.

As reported by threatpost.com, within hours a security researcher was able to pick apart the bug and publish a proof-of-concept code alongside an explanation of the vulnerability. The proof-of-concept was confirmed to work on iOS 15 and 14.7.1. The researcher noted the flaw can be used for jailbreaks and local privilege escalation.

Apple users are being urged to apply the necessary updates to their devices as soon as possible.

New Ransomware Threatens to Launch DDoS Attacks as well as Encrypting Data

A new ransomware variant, known as Yanluowang, also makes threats of launching distributed denial of service attacks (DDoS) if ransoms aren’t paid.

Zdnet.com has reported that the ransomware first leaves a note to tell the victim they’ve been infected with ransomware, and a warning to not contact the authorities or a cybersecurity company. The threats seem to go further, with the cybercriminals suggesting that if the victim calls for help, DDoS attacks would be launched against them.

Yanluowang ransomware was discovered by cybersecurity researchers during an investigation of an attempted cyber-attack against a large organisation. The attack was unsuccessful and provided insight into this ransomware variant. It appears to not yet be fully developed, meaning it could become more effective in the future.

Guidance for mitigating ransomware attacks can be found on the NCSC website.

Ransomware Group Targeting Healthcare Networks

A hacker group known as FIN12 have been found to be targeting healthcare organisations across North America, Europe, and the Asia Pacific.

Thehackernews.com reports that hacker group FIN12 have been attributed to a string of RYUK ransomware attacks since October 2018. The group seem to have a focus on healthcare organisations, among others. Unlike many intrusion threat actors, FIN12 have been found to rarely engage in data theft extortion. This is when stolen data is leaked after victims refuse to pay the ransom. Mandiant, a cybersecurity firm, note that this is likely due to FIN12’s desire to strike quickly with minimal negotiation. This factor could explain the group’s interest in healthcare networks.

The hacker group are known to use publicly available tools, like Cobalt Strike Beacon, to carry out their attacks and interact with their victim’s networks.

CiSP – The Cyber Security Information Sharing Partnership

The Cyber Security Information Sharing Partnership (CiSP) is a joint industry and government initiative set up to exchange cyber threat information in real time, in a secure, confidential and dynamic environment, increasing situational awareness and reducing the impact on UK […]

Read more

Scottish Information Sharing Network (SciNET Group)

SciNet is a community for Scottish Buisnesses to engage on CiSP. The Cyber Security Information Sharing Partnership (CiSP) is a joint industry and government initiative set up to exchange cyber threat information in real time, in a secure, confidential and […]

Read more
Scottish Business Resilience Centre

Related content

Technical Bulletin – June 2021

The CyberScotland Technical Bulletin will provide you with information about updates, exploits and countermeasures.

This month’s topics include:

• Microsoft Patch Tuesday

• Apple Zero-Day Urgent Patches

• Google Chrome Urgent Update for Exploited Zero-Day

• Linux Users Urged To Update After Root Level Security Flaw Found

Technical Bulletin September 2021

The CyberScotland Technical Bulletin will provide you with information about updates, exploits and countermeasures.

This month’s topics include:

• Microsoft Patch Tuesday

• REvil/Sodinokibi Ransomware Decryptor

• Google Patches Zero-Days

• Apple Patches Zero-Days

Technical Bulletin – May 2021

The CyberScotland Technical Bulletin
will provide you with information about updates, exploits and countermeasures.

This month’s topics include:

• Microsoft Patch Tuesday

• Adobe Patches

• AutoHotKey Malware Attacks

• Android Patching Zero-Day Exploits

Technical Bulletin – August 2021

The CyberScotland Technical Bulletin will provide you with information about updates, exploits and countermeasures.

This month’s topics include:

• Microsoft Patch Tuesday

• Cisco Patches Critical Vulnerabilities

• Realtek Warns of Vulnerabilities

• Diavol Ransomware Linked to TrickBot Gang

Technical Bulletin – July 2021

The CyberScotland Technical Bulletin will provide you with information about updates, exploits and countermeasures.

This month’s topics include:

• Microsoft Patch Tuesday

• NSO Group’s Pegasus Spyware

• Oracle Issues Patch for Critical Vulnerabilities

• Microsoft Advises On Vulnerability Affecting Windows 10 And The Upcoming Windows 11

Technical Bulletin November 2021

The CyberScotland Technical Bulletin will provide you with information about updates, exploits and countermeasures.

This month’s topics include:

• Microsoft Patch Tuesday

• Ransomware Update

• Apple Security Updates

• Palo Alto Global Protect VPN Security Update

Back to top of the page