CyberScotland Bulletin

Technical Bulletin September 2022

The CyberScotland Technical Bulletin is designed to provide you with information about updates, exploits and countermeasures.

Please subscribe to our CyberScotland mailing list to be notified by email when a new bulletin is published.

Section Microsoft Patch Tuesday

Microsoft Patch Tuesday

On Tuesday 13th, Microsoft released its monthly round of security updates, this time fixing 64 new flaws across its suite of software products, including 5 vulnerabilities rated “critical”. This includes an actively exploited privilege escalation flaw in the Windows Common Log File System (CLFS) driver. Attackers are exploiting this flaw (CVE-2022-37969) to escalate to SYSTEM privileges on an existing compromised device.

Also fixed was CVE-2022-34718, a critical remote-code-execution vulnerability, rated 9.8, in which an unauthenticated attacker sends a custom IPv6 packet to the IPSec service. This vulnerability only affects systems accepting IPv6 connections with IPSec enabled.

Section WPGateway Wordpress Plugin Zero-Day

WPGateway Wordpress Plugin Zero-Day

A zero-day vulnerability in the WordPress plugin WPGateway is being actively exploited by attackers to add an admin user to WordPress sites.

Exact details of this vulnerability (CVE-2022-3180) have not yet been disclosed, however WordPress security company WordFence state they have blocked over 4.6 million attacks using this exploit, and have released indicators of compromise. At time of writing no patch is available.

Section iOS Zero-day Actively Exploited

iOS Zero-day Actively Exploited

On 12 September Apple released a round of security updates to address several flaws in its iOS and macOS operating systems.

This includes the actively exploited zero-day CVE-2022-32917, a flaw in the devices’ Kernel component, could allow a malicious app to execute arbitrary code with Kernel privileges. Users are advised to update Apple devices as soon as possible.

Section EvilProxy Phish Toolkit Bypassing MFA

EvilProxy Phish Toolkit Bypassing MFA

A new Phishing toolkit known as EvilProxy is using an innovative technique to capture multi-factor authentication keys.

According to researchers from Resecurity, the phishing webpage acts as a proxy between the user and the real page. The victim enters their credentials, which are passed on to the real page. The MFA page is then returned to the user via the proxy. By essentially proxying the entire login process, attackers can steal the victims sessions cookie, fully bypassing MFA. EvilProxy has been offered on the dark web under a subscription model since May 2022, one of the latest kits to appear in the rise of Phishing As A Service (PhaaS) models.

CiSP – The Cyber Security Information Sharing Partnership

The Cyber Security Information Sharing Partnership (CiSP) is a joint industry and government initiative set up to exchange cyber threat information in real time, in a secure, confidential and dynamic environment, increasing situational awareness and reducing the impact on UK […]

Read more CiSP – The Cyber Security Information Sharing Partnership in modal dialog

Scottish Information Sharing Network (SciNET Group)

SciNet is a community for Scottish Buisnesses to engage on CiSP. The Cyber Security Information Sharing Partnership (CiSP) is a joint industry and government initiative set up to exchange cyber threat information in real time, in a secure, confidential and […]

Read more Scottish Information Sharing Network (SciNET Group) in modal dialog

Early Warning Service

The NCSC provides a free service to organisations to inform them of threats against their network. This service will notify you on all cyber attacks detected by the feed suppliers against your organisation and is designed to compliment your existing […]

Read more Early Warning Service in modal dialog
Scottish Business Resilience Centre
Back to top of the page