Cybersecurity researchers have reported an increase in TrueBot infections, primarily targeting Mexico, Brazil, Pakistan, and the U.S.
Cisco Talos said the attackers behind the operation have moved from using malicious emails to alternative delivery methods such as the exploitation of a now-patched remote code execution (RCE) flaw in Netwrix auditor as well as the Raspberry Robin worm.
"

Cybersecurity researchers have reported an increase in **TrueBot** infections, primarily targeting Mexico, Brazil, Pakistan, and the U.S.

Cisco Talos said the attackers behind the operation have moved from using malicious emails to alternative delivery methods such as the exploitation of a now-patched remote code execution (RCE) flaw in Netwrix auditor as well as the Raspberry Robin worm.

"Post-compromise activity included data theft and the execution of Clop ransomware," security researcher Tiago Pereira said in a Thursday report.

TrueBot is a Windows malware downloader that's attributed to a threat actor tracked by Group-IB as Silence, a Russian-speaking crew believed to share associations with Evil Corp (aka DEV-0243) and TA505.

The first-stage module functions as an entry point for subsequent post-exploitation activities, including information theft using a hitherto unknown custom data exfiltration utility dubbed Teleport, the cybersecurity firm said.

The use of Raspberry Robin – a worm mainly spread through infected USB drives – as a delivery vector for TrueBot was highlighted recently by Microsoft, which it said is part of a "complex and interconnected malware ecosystem."

In what's a further sign of enmeshed collaboration with other malware families, Raspberry Robin has also been observed deploying FakeUpdates (aka SocGholish) on compromised systems, ultimately leading to ransomware-like behavior linked to Evil Corp.

Microsoft is tracking the operators of the USB-based malware as DEV-0856 and the Clop ransomware attacks that happen via Raspberry Robin and TrueBot under the emerging threat cluster DEV-0950.

"DEV-0950 traditionally uses phishing to acquire the majority of their victims, so this notable shift to using Raspberry Robin enables them to deliver payloads to existing infections and move their campaigns more quickly to ransomware stages," the Windows maker noted in October 2022.

The latest findings from Cisco Talos show that the Silence APT carried out a small set of attacks between mid-August and September 2022 by abusing a critical RCE vulnerability in Netwrix auditor (CVE-2022-31199, CVSS score: 9.8) to download and run TrueBot.

The fact that the bug was weaponized merely a month after its public disclosure by Bishop Fox in mid-July 2022 suggests that "attackers are not only on the lookout for new infection vectors, but are also able to quickly test them and incorporate them into their workflow," Pereira said.

TrueBot infections in October, however, entailed the use of a different attack vector – i.e., Raspberry Robin – underscoring Microsoft's assessment about the USB worm's central role as a malware distribution platform.

The primary function of TrueBot is to collect information from the host and deploy next-stage payloads such as Cobalt Strike, FlawedGrace, and Teleport. This is followed by the execution of the ransomware binary after harvesting relevant information.

The Teleport data exfiltration tool is also notable for its ability to limit upload speeds and file sizes, thereby causing the transmissions to go undetected by monitoring software. On top of that, it can erase its own presence from the machine.

A closer look at the commands issued via Teleport reveals that the program is being exclusively used to collect files from OneDrive and Downloads folders as well as the victim's Outlook email messages.

"The Raspberry Robin delivery led to the creation of a botnet of over 1,000 systems that is distributed worldwide, but with particular focus on Mexico, Brazil, and Pakistan," Pereira said.

The attackers, however, appear to have switched to an unknown TrueBot distribution mechanism starting in November, with the vector succeeding in co-opting over 500 internet-facing Windows servers located in the U.S., Canada, and Brazil into a botnet.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

New Truebot Malware Variant Leveraging Netwrix Auditor Bug and Raspberry Robin Worm

The Play ransomware group was spotted exploiting another little-known SSRF bug to trigger RCE on affected Exchange servers.

The operators of a ransomware strain called Play have developed a new exploit chain for a critical remote code execution (RCE) vulnerability in Exchange Server that Microsoft patched in November.

The new method bypasses mitigations that Microsoft had provided for the exploit chain, meaning organizations that have only implemented those but have not yet applied the patch for it need to do so immediately.

The RCE vulnerability at issue (CVE-2022-41082) is one of two so-called "ProxyNotShell" flaws in Exchange Server versions 2013, 2016, and 2019 that Vietnamese security company GTSC publicly disclosed in November after observing a threat actor exploiting them. The other ProxyNotShell flaw, tracked as CVE-2022-41040, is a server-side request forgery (SSRF) bug that gives attackers a way to elevate privileges on a compromised system.

In the attack that GTSC reported, the threat actor utilized the CVE-2022-41040 SSRF vulnerability to access the Remote PowerShell service and used it to trigger the RCE flaw on affected systems. In response, Microsoft recommended that organizations apply a blocking rule to prevent attackers from accessing the PowerShell remote service through the Autodiscover endpoint on affected systems. The company claimed — and security researchers agreed — that the blocking rule would help prevent known exploit patterns against the ProxyNotShell vulnerabilities.

**Novel New Exploit Chain**

This week, however, researchers at CrowdStrike said they had observed the threat actors behind Play ransomware use a new method to exploit CVE-2022-41082 that bypasses Microsoft's mitigation measure for ProxyNotShell.

The method involves the attacker exploiting another — and little-known — SSRF bug in Exchange server tracked as CVE-2022-41080 to access the PowerShell remote service via the Outlook Web Access (OWA) front end, instead of the Autodiscover endpoint. Microsoft has assigned the bug the same severity rating (8.8) as it has for the SSRF bug in the original ProxyNotShell exploit chain.

CVE-2020-41080 allows attackers to access the PowerShell remote service and use it to exploit CVE-2022-41082 in exactly the same way as they could when using CVE-2022-41040, CrowdStrike said. The security vendor described the Play ransomware group's new exploit chain as a "previously undocumented way to reach the PowerShell remoting service through the OWA frontend endpoint, instead of leveraging the Autodiscover endpoint."

Because Microsoft's ProxyNotShell mitigation only blocks requests made to the Autodiscover endpoint on Microsoft Exchange server, requests to access the PowerShell remote service via the OWA front end will not be blocked, the security vendor explained. 

CrowdStrike has christened the new exploit chain involving CVE-2022-41080 and CVE-2022-41082 as "OWASSRF."

**Patch Now or Disable OWA**

"Organizations should apply the Nov. 8, 2022, patches for Exchange to prevent exploitation since the URL rewrite mitigations for ProxyNotShell are not effective against this exploit method," CrowdStrike warned. "If you cannot apply the KB5019758 patch immediately, you should disable OWA until the patch can be applied."

Microsoft did not respond immediately to a request for comment.

CrowdStrike said it discovered the new exploit chain when investigating several recent Play ransomware intrusions where the initial access vector was via a Microsoft Exchange Server vulnerability. The researchers quickly found that Play ransomware attackers had exploited the ProxyNotShell RCE vulnerability (CVE-2022-41082) to drop legitimate payloads for maintaining access and performing anti-forensics techniques on compromised Microsoft Exchange Servers. 

However, there was no sign that they had used CVE-2022-41040 as part of the exploit chain. CrowdStrike's further investigation showed that the attackers had used CVE-2022-41080 instead.

The security vendor's recommendations to organizations for reducing their exposure to the new threat includes disabling remote PowerShell for nonadministrative users where possible and using EDR tools to detect Web services spawning PowerShell processes. The company has also provided a script that administrators can use to monitor Exchange servers for signs of exploitation.

Ransomware Attackers Bypass Microsoft's ProxyNotShell Mitigations With Fresh Exploit

By Deeba Ahmed
Cloud Security Shakeup: Experts Urge Caution as OAuth Becomes Hacker Playground.
This is a post from HackRead.com Read the original post: Microsoft: Storm-1283 Sent 927,000 Phishing Emails with Malicious OAuth Apps

Microsoft Warns of OAuth-Fueled Cyber Attacks Exploiting Cloud Infrastructure for Phishing and Cryptocurrency Mining.

Microsoft has discovered a sophisticated cybercrime scheme by Storm-1283 threat actor who infiltrated a user account to hijack digital keys and mine cryptocurrency within the Microsoft cloud platform **Azure**. 

According to the Microsoft Threat Intelligence unit’s research, the attacker utilized compromised user accounts to establish inbox rules with suspicious names, redirecting emails to the junk folder and marking them as read. Additionally, the malicious OAuth applications created by the actor were responsible for sending over 927,000 phishing emails.

Screenshot of the sample phishing email sent by the malicious OAuth application (Credit: Microsoft)

In this campaign, hackers exploited the OAuth feature, which permits apps to access user data with proper authorization. They pilfer digital keys, enabling them to cause havoc through phishing or brute force—cracking weak passwords or deceiving users into divulging their login credentials. Once inside, they create or modify OAuth applications with elevated access, effectively transforming them into ‘master keys’ for online resources.

These stolen keys are used for cryptocurrency mining, granting hackers lasting access even if passwords are changed. Email and spam sprees are also common, as the master key grants hackers lasting access. 

Storm-1283 breached a user account, gaining access to a virtual private network and tenant domain within Microsoft Entra ID. They created a new “OAuth application” using stolen credentials, allowing them to control resources within the compromised account.

They double-dipped existing OAuth applications, adding secret credentials to these keys. With the keys, Storm-1283 deployed virtual machines (VMs) within the compromised Azure subscription, generating cryptocurrency for their illicit gains. They re-entered the cloud, deploying more VMs to maximize their operation. 

The targeted organizations suffered financial losses ranging from $10,000 to $1.5 million. Microsoft’s security researchers discovered the suspicious activity and exposed the hacker’s tactics, including masking VMs by mimicking the domain name.

Microsoft **analysts also detected** a threat actor who compromised user accounts and created OAuth applications to maintain persistence and launch email phishing activity. The actor used an adversary-in-the-middle **(AiTM) phishing kit** to send a significant number of emails with varying subject lines and URLs to target user accounts in multiple organizations.

Microsoft worked with the Microsoft Entra team to block the OAuth applications involved in the attack and advised further actions. 

The company also observed large-scale spamming activity through OAuth applications by Storm-1286. The actor launched password-spraying attacks to compromise user accounts, most of which did not have multifactor authentication (**MFA**).

The user agent BAV2ROPC was observed in sign-in activities related to the compromised accounts, indicating the use of legacy authentication protocols such as IMAP and SMTP that do not support MFA. 

Microsoft Threat Intelligence has limited the actor’s activity by taking down all malicious OAuth applications related to this campaign, which ran from July to November 2023.

**DoControl**‘s Vice President of Solution Consulting, Tim Davis, also commented on this campaign with Hackread.com, urging for making the cloud platform secure.

“These types of attacks underscore the need for visibility into what both systems and users are doing on any cloud platform. Both limiting of permissions (the least privilege or zero trust model) and robust anomaly detection are critical to protecting resources that are located in the cloud.”

****_RELATED ARTICLES_****

1.  **Chinese Group Storm-0558 Hacked European Govt Emails, Microsoft**
2.  **Storm-0324 Exploits MS Teams Chats to Facilitate Ransomware Attacks**
3.  **Microsoft Outlook Vulnerability Exploited by Russian Forest Blizzard Group**
4.  **EvilProxy Phishing Kit Targets Microsoft Users via Indeed.com Vulnerability**
5.  **Scammers Use Fake Ledger App on Microsoft Store to Steal $800K in Crypto**

Microsoft: Storm-1283 Sent 927,000 Phishing Emails with Malicious OAuth Apps

Microsoft has addressed a total of 48 security flaws spanning its software as part of its Patch Tuesday updates for January 2024.
Of the 48 bugs, two are rated Critical and 46 are rated Important in severity. There is no evidence that any of the issues are publicly known or under active attack at the time of release, making it the second consecutive Patch Tuesday with no zero-days.
The

Vulnerability / Windows Security

Microsoft has addressed a total of 48 security flaws spanning its software as part of its Patch Tuesday updates for January 2024.

Of the 48 bugs, two are rated Critical and 46 are rated Important in severity. There is no evidence that any of the issues are publicly known or under active attack at the time of release, making it the second consecutive Patch Tuesday with no zero-days.

The fixes are in addition to nine security vulnerabilities that have been resolved in the Chromium-based Edge browser since the release of December 2023 Patch Tuesday updates. This also includes a fix for a zero-day (CVE-2023-7024, CVSS score: 8.8) that Google said has been actively exploited in the wild.

The most critical among flaws patched this month are as follows -

*   **CVE-2024-20674** (CVSS score: 9.0) - Windows Kerberos Security Feature Bypass Vulnerability
*   **CVE-2024-20700** (CVSS score: 7.5) - Windows Hyper-V Remote Code Execution Vulnerability

"The authentication feature could be bypassed as this vulnerability allows impersonation," Microsoft said in an advisory for CVE-2024-20674.

"An authenticated attacker could exploit this vulnerability by establishing a machine-in-the-middle (MitM) attack or other local network spoofing technique, then sending a malicious Kerberos message to the client victim machine to spoof itself as the Kerberos authentication server."

However, the company noted that successful exploitation requires an attacker to gain access to the restricted network first. Security researcher ldwilmore34 has been credited with discovering and reporting the flaw.

CVE-2024-20700, on the other hand, neither requires authentication nor user interaction to achieve remote code execution, although winning a race condition is a prerequisite to staging an attack.

"It isn't clear exactly where the attacker must be located — the LAN on which the hypervisor resides, or a virtual network created and managed by the hypervisor — or in what context the remote code execution would occur," Adam Barnett, lead software engineer at Rapid7, told The Hacker News.

Other notable flaws include CVE-2024-20653 (CVSS score: 7.8), a privilege escalation flaw impacting the Common Log File System (CLFS) driver, and CVE-2024-0056 (CVSS score: 8.7), a security bypass affecting System.Data.SqlClient and Microsoft.Data.SqlClient.

"An attacker who successfully exploited this vulnerability could carry out a machine-in-the-middle (MitM) attack and could decrypt and read or modify TLS traffic between the client and server," Redmond said.

Microsoft further noted that it's disabling the ability to insert FBX files in Word, Excel, PowerPoint, and Outlook in Windows by default due to a security flaw (CVE-2024-20677, CVSS score: 7.8) that could lead to remote code execution.

"3D models in Office documents that were previously inserted from an FBX file will continue to work as expected unless the 'Link to File' option was chosen at the insert time," Microsoft said in a separate alert. "GLB (Binary GL Transmission Format) is the recommended substitute 3D file format for use in Office."

It's worth noting that Microsoft took a similar step of disabling the SketchUp (SKP) file format in Office following ZScaler's discovery of 117 security flaws in Microsoft 365 applications.

**Software Patches from Other Vendors**

In addition to Microsoft, security updates have also been released by other vendors over the past few weeks to rectify several vulnerabilities, including -

*   Adobe
*   AMD
*   Android
*   Arm
*   ASUS
*   Bosch
*   Cisco
*   Dell
*   F5
*   Fortinet
*   Google Chrome
*   Google Cloud
*   HP
*   IBM
*   Intel
*   Lenovo
*   Linux distributions Debian, Oracle Linux, Red Hat, SUSE, and Ubuntu
*   MediaTek
*   NETGEAR
*   Qualcomm
*   Samsung
*   SAP
*   Schneider Electric
*   Siemens
*   Splunk
*   Synology
*   Trend Micro
*   Zimbra, and
*   Zoom

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Microsoft's January 2024 Windows Update Patches 48 New Vulnerabilities

By Waqas
Polish authorities and FortiGuard Labs have issued a warning to customers about a new wave of cyberattacks associated with TeamCity.
This is a post from HackRead.com Read the original post: Russian APT29 Hacked US Biomedical Giant in TeamCity-Linked Breach

According to cybersecurity researchers at FortiGuard Labs, the Russian intelligence-linked APT29 group exploited a critical TeamCity vulnerability, which had initially been patched in September 2023.

Polish Military Counterintelligence Service (SKW) has released an advisory revealing that Russian Foreign Intelligence Service (SVR) affiliated threat actors are utilizing JetBrains CVE in global targeting. 

Here, it is worth noting that TeamCity and JetBrains are closely linked, with TeamCity being a continuous integration (CI) server developed and maintained by JetBrains.

As **reported by Hackread**.com, the vulnerability, which scored 9.8 by CVSS, was patched in September 2023. However, authorities particularly identified the notorious advanced persistent threat group called APT29, aka the Dukes, CozyBear, and NOBELIUM/Midnight Blizzard, to be exploiting CVE-2023-42793.

The threat actor used Scheduled Tasks to execute GraphicalProton payloads, using rundll32 proxy execution as a defence evasion method. They also used legitimate third-party binaries vulnerable to search order hijacking.

“If compromised, access to a TeamCity server would provide malicious actors with access to that software developer’s source code, signing certificates, and the ability to subvert software compilation and deployment processes—access a malicious actor could further use to conduct supply chain operations” the **advisory** read.

SKW’s findings are supported by the FortiGuard Labs team of researchers. In their latest **blog post**, FortiGuard reports that APT29 has targeted a US-based biomedical manufacturing organization (_the name of which has not been shared with the media or public_) and revealed the threat actor’s TTPs. The report discusses the intrusion of this vulnerability found in TeamCity, a Windows server, by **APT29**.

Researchers noted that on 6 September 2023, Sonar’s cybersecurity experts discovered a critical TeamCity On-Premises vulnerability (tracked as **CVE-2023-42793**). This vulnerability was assigned a CVSS score of 9.8 due to its ability to be deployed without authentication. CISA added it to its ‘Known Exploited Vulnerabilities Catalog’ on October 4, 2023.

The FortiGuard Incident Response team reports that in October 2023, a US-based biomedical manufacturing organization was compromised due to this vulnerability exploited by APT29. The attack was initially exploited using a custom-built Python script, matching the GraphicalProton malware used by APT29. 

Analysis of application and system logs revealed evidence of successful exploitation, but some threat actors were unsuccessful at running **Linux system** commands on the victim Windows Server. APT29 likely employed Nuclei to identify potential victims and began executing additional discovery commands to gather system and privilege information.

The US-based tertiary education organization was targeted by APT29 with a C2 IP address discovered by the FortiGuard IR team. They discovered the organization’s infrastructure was compromised and identified an exploitation of their vulnerable TeamCity server. 

The threat actor used the TeamCity exploit to install an SSH certificate, which they used to maintain access to another victim’s environment. The actor downloaded a DLL file, ‘AclNumsInvertHost.dll,’ on the TeamCity host and used the TeamCity RCE vulnerability to create a Windows-scheduled task referencing the DLL file for persistence.

The screenshot shows the attack timeline of TeamCity intrusion (Credit: Fortinet Labs)

Despite a patch, the attacker persisted on the compromised host, leveraging their GraphicalProton implant. FortiGuard believes this attack was part of a **new APT29 campaign**. Significant OPSEC considerations included compromised infrastructure, search order hijacking with legitimate DLLs added, quality of masquerading, and single-use infrastructure components.

Researchers recommend containment and eradication actions, including blocking IP addresses, removing TeamCity software accounts, removing Windows accounts, removing backdoors, and removing malicious files dropped by threat actors to stay protected against threats like GraphicalProton.

****_RELATED ARTICLES_****

1.  **Russian Midnight Blizzard Hackers Hit MS Teams in Precision Attack**
2.  **Russian Hackers Employ Telekopye Toolkit in Broad Phishing Attacks**
3.  **Microsoft warns of rising NOBELIUM credential attacks on defence sector**
4.  **Microsoft Outlook Vulnerability Exploited by Russian Forest Blizzard Group**
5.  **Russia Hackers Abusing BRc4 Red Team Penetration Tool in Recent Attacks**

Russian APT29 Hacked US Biomedical Giant in TeamCity-Linked Breach

**PRESS RELEASE**

**MEXICO CITY and NEW YORK; Oct. 23, 2023 –** Accenture (NYSE: ACN) has acquired MNEMO Mexico, a privately held company specializing in managed cybersecurity services. Financial terms were not disclosed. 

Founded in Mexico City in 2012, MNEMO Mexico has 229 cybersecurity professionals and 180 cybersecurity industry certifications with key ecosystem partners. The company’s portfolio includes advanced cyber defense and response capabilities, a cyber intelligence platform powered by generative AI and other advanced technologies and a 24/7/365 security operations center in Mexico City. Its client base spans multiple industries, including telecommunications, banking and insurance.

“The combination of MNEMO Mexico’s managed cybersecurity services, extensive industry expertise and strong client base makes them an ideal partner to complement our existing capabilities. The addition of MNEMO Mexico’s team will help us grow our business in Mexico, expand our presence in Latin America and support our North America business,” said Paolo Dal Cin, who leads Accenture Security globally. “Together, we will help organizations build more cyber-resilient businesses and secure their digital cores, technologies and supply chains.”

MNEMO Mexico’s cybersecurity professionals will join Accenture Security’s workforce of more than 19,500 professionals globally, extending Accenture’s local resources and capabilities in Mexico / Latin America while addressing the growing regional demand for managed security services.

“The constantly shifting digital world is both a source of opportunity and risk, making it essential to have a well-trained and proficient cybersecurity team,” said Julian Garrido, General Director of MNEMO Mexico. “For more than 20 years our clients have counted on us to safeguard them against destructive cyberattacks. We are excited to join Accenture Security so we can collaborate across industries to help clients in Mexico and around the world build a secure future.” 

Mexico consistently ranks among the top countries in Latin America hardest hit by cyberattacks. Additionally, a report in collaboration with the World Economic Forum’s Global Cybersecurity Outlook 2023 and Accenture revealed that 59% of business leaders and 64% of cyber leaders ranked talent recruitment and retention as a key challenge for managing cyber resilience. And less than half of respondents reported having the people and skills needed today to respond to cyberattacks.

"We are proud to welcome the MNEMO Mexico team to Accenture. Their robust cybersecurity capabilities and commitment to a collaborative work culture are essential as we look to meet the increasing demand for managed security services in the market," said Andre Fleury, who leads Accenture Security in Latin America. "We are confident that we will bring tremendous talent and capability to our clients."

Accenture recently ranked No. 1 in managed security services (MSS) market share by revenue in the Gartner® Market Share: Managed Security Services, Worldwide, 2022 report, 18 April 2023 \*. **Last year, Accenture** was recognized **as a leader in strategic security services and MSS in Brazil by ISG.**

Since 2015, Accenture Security has made 17 acquisitions. Following its January 2020 acquisition of Symantec’s Cyber Security Services business, Accenture became one of the leading global providers of MSS. Accenture further strengthened its cyber defense and MSS capabilities in Latin America through the acquisition of Brazil-based Morphus earlier this year and its 2021 acquisition of Real Protect.

**Forward-Looking Statements**

Except for the historical information and discussions contained herein, statements in this news release may constitute forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. Words such as “may,” “will,” “should,” “likely,” “anticipates,” “aspires,” “expects,” “intends,” “plans,” “projects,” “believes,” “estimates,” “positioned,” “outlook,” “goal,” “target” and similar expressions are used to identify these forward-looking statements. These statements are not guarantees of future performance nor promises that goals or targets will be met, and involve a number of risks, uncertainties and other factors that are difficult to predict and could cause actual results to differ materially from those expressed or implied. These risks include, without limitation, risks that: the transaction might not achieve the anticipated benefits for Accenture; Accenture’s results of operations have been, and may in the future be, adversely affected by volatile, negative or uncertain economic and political conditions and the effects of these conditions on the company’s clients’ businesses and levels of business activity; Accenture’s business depends on generating and maintaining client demand for the company’s services and solutions including through the adaptation and expansion of its services and solutions in response to ongoing changes in technology and offerings, and a significant reduction in such demand or an inability to respond to the evolving technological environment could materially affect the company’s results of operations; if Accenture is unable to match people and their skills with client demand around the world and attract and retain professionals with strong leadership skills, the company’s business, the utilization rate of the company’s professionals and the company’s results of operations may be materially adversely affected; Accenture faces legal, reputational and financial risks from any failure to protect client and/or company data from security incidents or cyberattacks; the markets in which Accenture operates are highly competitive, and Accenture might not be able to compete effectively; Accenture’s ability to attract and retain business and employees may depend on its reputation in the marketplace; if Accenture does not successfully manage and develop its relationships with key ecosystem partners or fails to anticipate and establish new alliances in new technologies, the company’s results of operations could be adversely affected; Accenture’s profitability could materially suffer if the company is unable to obtain favorable pricing for its services and solutions, if the company is unable to remain competitive, if its cost-management strategies are unsuccessful or if it experiences delivery inefficiencies or fail to satisfy certain agreed-upon targets or specific service levels; changes in Accenture’s level of taxes, as well as audits, investigations and tax proceedings, or changes in tax laws or in their interpretation or enforcement, could have a material adverse effect on the company’s effective tax rate, results of operations, cash flows and financial condition; Accenture’s results of operations could be materially adversely affected by fluctuations in foreign currency exchange rates; changes to accounting standards or in the estimates and assumptions Accenture makes in connection with the preparation of its consolidated financial statements could adversely affect its financial results; as a result of Accenture’s geographically diverse operations and strategy to continue to grow in key markets around the world, the company is more susceptible to certain risks; if Accenture is unable to manage the organizational challenges associated with its size, the company might be unable to achieve its business objectives; Accenture might not be successful at acquiring, investing in or integrating businesses, entering into joint ventures or divesting businesses; Accenture’s business could be materially adversely affected if the company incurs legal liability; Accenture’s global operations expose the company to numerous and sometimes conflicting legal and regulatory requirements; Accenture’s work with government clients exposes the company to additional risks inherent in the government contracting environment; if Accenture is unable to protect or enforce its intellectual property rights or if Accenture’s services or solutions infringe upon the intellectual property rights of others or the company loses its ability to utilize the intellectual property of others, its business could be adversely affected; Accenture may be subject to criticism and negative publicity related to its incorporation in Ireland; as well as the risks, uncertainties and other factors discussed under the “Risk Factors” heading in Accenture plc’s most recent Annual Report on Form 10-K and other documents filed with or furnished to the Securities and Exchange Commission. Statements in this news release speak only as of the date they were made, and Accenture undertakes no duty to update any forward-looking statements made in this news release or to conform such statements to actual results or changes in Accenture’s expectations. 

**About Accenture**    
Accenture is a leading global professional services company that helps the world’s leading businesses, governments and other organizations build their digital core, optimize their operations, accelerate revenue growth and enhance citizen services—creating tangible value at speed and scale. We are a talent- and innovation-led company with approximately 733,000 people serving clients in more than 120 countries. Technology is at the core of change today, and we are one of the world’s leaders in helping drive that change, with strong ecosystem relationships. We combine our strength in technology and leadership in cloud, data and AI with unmatched industry experience, functional expertise and global delivery capability. We are uniquely able to deliver tangible outcomes because of our broad range of services, solutions and assets across Strategy & Consulting, Technology, Operations, Industry X and Song. These capabilities, together with our culture of shared success and commitment to creating 360° value, enable us to help our clients reinvent and build trusted, lasting relationships. We measure our success by the 360° value we create for our clients, each other, our shareholders, partners and communities. Visit us at www.accenture.com. 

**Accenture Security** is a leading provider of end-to-end cybersecurity services, including strategy, protection, resilience and industry-specific cyber services. We bring security innovation, coupled with global scale and a worldwide delivery capability through our network of Cyber Fusion Centers. Helped by our team of highly skilled professionals, we enable clients to innovate safely, build cyber resilience and grow with confidence. Visit us at accenture.com/security.

\*Gartner, Market Share: Managed Security Services, Worldwide, 2022, April 2023. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Accenture Expands Cybersecurity Services Capabilities in Latin America With Acquisition of MNEMO Mexico

The Red Hat Shares newsletter helps IT leaders navigate the complicated world of IT―the open source way.

_The Red Hat Shares newsletter helps IT leaders navigate the complicated world of IT―the open source way._

FROM THE EDITOR

**Securing your edge infrastructure**

Edge security is becoming increasingly important as more organizations turn to edge computing to benefit from the flexibility of hybrid cloud computing and deliver faster, more reliable services at a lower cost.

When we surveyed IT decision makers in 2021 for our 2022 Global Tech Outlook report about what emerging technologies they were most likely to consider using in the next year, or are currently using, 28% said edge computing (up from 25% in 2020). Furthermore, a July 2022 report from 451 Research reveals that "large organizations will significantly expand edge computing infrastructure in two years."1

In edge computing, an increase in data and processing outside the traditional datacenter creates potential risk to organizations. Reduced physical security, a limited compute footprint, lower cost expectations and remote management are often compounded by a lack of IT personnel. These issues combine to create relaxed standards for security and policy and expand the attack surface.

However, there are ways edge resources can improve security. For example, IDC says "63% of organizations report using edge resources to enhance cybersecurity through monitoring networks." IDC also says "replicating data \[using edge resources\] across multiple locations" can "reduce \[the\] impact of ransomware attacks."2

Red Hat provides trusted open source software that helps organizations implement a layered security approach across infrastructure, the application stack and the life cycle for better security on site, in cloud environments or at edge sites.

In this issue of Red Hat Shares, learn about security considerations for edge implementations, key edge security issues for CIOs, how Red Hat helped a customer reduce its edge deployment time while enhancing its infrastructure security and more. Plus, just for fun, we threw in a video from our "In the Clouds" series about how edge computing is being used to solve problems on the International Space Station.

1.  451 Research. "Security tops the priorities for edge computing infrastructure – Highlights from VotE: Edge Infrastructure & Services," 25 July 2022. 
2.  Huang, Cathy, and Jennifer Cooke. "Securing the Edge: How Edge Is Architected Will Determine How Security Is Designed." IDC, Feb. 2022.

**5 security considerations for edge implementations**

Learn about some of the primary security threats edge deployments face and how Red Hat technologies can help mitigate them.

**Edge computing: 4 key security issues for CIOs to prioritize**

The Enterprisers Project suggests considering the expert advice in this article to address security concerns before implementing an edge computing strategy.

_You may also be interested in "Beat these common edge computing challenges."_

**A deep dive on edge and security**

Global analyst firm Futurum Research addresses common edge computing security challenges, Red Hat’s approach to security at the edge and more.

**Boost security, flexibility, and scale at the edge with Red Hat Enterprise Linux**

Find out how Red Hat Enterprise Linux can help you extend your datacenter capabilities to the edge with confidence.

_You may also be interested in "What’s new in Red Hat Enterprise Linux 9 for edge computing."_

CUSTOMER SPOTLIGHT

**Edge computing flexibility enables critical defense and security advantages**

See how Red Hat helped Mamram―the Israel Defense Forces’ central computing system unit―reduce its edge deployment time from weeks to hours while enhancing its infrastructure security and compliance.

**In the Clouds: Edge Computing in Space**

In this episode of our video series, IBM Distinguished Engineer and CTO Space Tech Naeem Altaf explains how, together with NASA, cloud and edge computing services and technologies are being used to solve problems on the International Space Station.

_You may also be interested in "Edge computing in action: Space."_

**AnsibleFest: Shape the present and future of automation**

Oct. 18-19, 2022

Chicago, Illinois

Get discounted pricing through Oct. 17.

_Did you miss our special July edition recapping Red Hat Summit 2022? Check it out. Or browse all past issues of Red Hat Shares._

_Questions or comments about Red Hat Shares? It’s your turn to share. Email us._

Red Hat Shares ― Edge computing: Security

By Owais Sultan
2022 has been a tumultuous one for cybersecurity professionals. Breaches, hacks, and ransomware attacks have become commonplace in…
This is a post from HackRead.com Read the original post: The State of Cybersecurity: Why Industry Experts Are Optimistic

2022 has been a tumultuous one for cybersecurity professionals. Breaches, hacks, and ransomware attacks have become commonplace in the news cycle, leaving many feeling vulnerable and uncertain about their digital safety. 

But despite the headlines, there is good news on the horizon. According to industry experts, the state of cybersecurity is actually looking brighter than ever before. Let’s take a look at what is driving this growing optimism and what it could mean for the future of cybersecurity. 

**The Increasing Adoption of Security Best Practices **

One major factor that is driving optimism in the cybersecurity field is the increasing adoption of security best practices by businesses and organizations around the world. As more companies become aware of the importance of protecting their data, they are taking steps to ensure that their systems are secure. 

This includes investing in security tools such as firewalls, antivirus software, and encryption solutions to protect against cyber threats. Additionally, many organizations have implemented policies and procedures to ensure that their staff members adhere to security protocols when handling sensitive information. All these measures help reduce the risk posed by cybercriminals and make businesses less attractive targets for attackers. 

**Improved Security Awareness Among Consumers **

Another key factor that has contributed to increased optimism about cybersecurity is improved security awareness among consumers. Thanks to increased public education campaigns from governments and tech companies, consumers now have a better understanding of how to protect themselves from online threats. 

For example, most people now know not to click on suspicious links or open emails from unknown senders in order to avoid falling victim to phishing scams or malware infections. This increased level of security awareness helps reduce the number of potential victims for cybercriminals and makes it harder for them to launch successful attacks against unsuspecting users. 

**The Growing Role of Artificial Intelligence in Cybersecurity **

Finally, another reason why many industry experts are feeling more optimistic about cybersecurity is due to the growing role artificial intelligence (AI) is playing in helping detect and prevent cybercrime. AI-based systems can analyze vast amounts of data quickly and accurately in order to identify patterns that may indicate malicious activity on a network or website. 

This allows organizations to be proactive rather than reactive when it comes to preventing cyberattacks, which significantly reduces their risk exposure. Additionally, AI can detect sophisticated attacks earlier than traditional security solutions, which gives IT teams time to act before any harm is done.  

**The Role of Cybersecurity SEO Agency **

According to cybersecurity SEO agency AWISEE, they have seen a heightened demand for their services in recent years. Investing more in growth is an opportunity that can help companies protect their digital infrastructure from staying competitive. 

In today’s market. By taking the time to analyze both internal and external business processes, Cybersecurity SEO Agencies are able to provide sound advice to reduce the risk for those looking for cybersecurity services. With industry applications growing more complex and cyber threats increasing, SEO Agencies provide a valuable solution that companies cannot afford to ignore.

**Conclusion**

Overall, there are several reasons why industry experts are feeling more optimistic about cybersecurity these days – from increased adoption of security best practices by businesses, improved security awareness among consumers, and the growing role AI plays in detecting potential threats – all these factors have contributed towards a brighter outlook for the future of cybersecurity worldwide. 

That said, it’s important for businesses and individuals alike to remain vigilant when it comes to staying safe online so they can continue reaping the benefits of this positive trend going forward into 2023 and beyond!

**More Cybersecurity Topics**

1.  The Human Factor in Cybersecurity
2.  Brand Protection is Essential for Cybersecurity
3.  How to use AI (Artificial Intelligence) in cybersecurity?
4.  CISA Publishes List of Free Cybersecurity Tools and Services
5.  Cybersecurity Has Never Been More Unstable Than It Is Now

Owais takes care of Hackread's social media from the very first day. At the same time He is pursuing for chartered accountancy and doing part time freelance writing.

The State of Cybersecurity: Why Industry Experts Are Optimistic

The "ProxyNotShell" security vulnerabilities can be chained for remote code execution and total takeover of corporate email platforms.

Microsoft is fast-tracking patches for two Exchange Server zero-day vulnerabilities reported overnight, but in the meantime, businesses should be on the lookout for attacks. The computing giant said in a Friday update that it's already seeing "limited targeted attacks" chaining the bugs together for initial access and takeover of the email system.

The flaws specifically affect on-premises versions of Microsoft Exchange Server 2013, 2016, and 2019 that face the Internet, according to Microsoft. However, it's worth noting that security researcher Kevin Beaumont says that Microsoft Exchange Online Customers running Exchange hybrid servers with Outlook Web Access (OWA) are also at risk, despite the official advisory stating that Online instances aren't impacted. The team at Rapid7 echoed that assessment.

The bugs are tracked as follows:

*   CVE-2022-41040 (CVSS 8.8), a server-side request forgery (SSRF) vulnerability giving access to any mailbox in Exchange;
*   CVE-2022-41082 (CVSS 6.3), which allows authenticated remote code execution (RCE) when PowerShell is accessible to the attacker.

Importantly, authenticated access to the Exchange Server is necessary for exploitation, Microsoft's alert pointed out. Beaumont added, "Please note exploitation needs valid non-admin credentials for any email user."

**Patches & Mitigations for CVE-2022-41040, CVE-2022-41082**

So far, there's no patch available, but Microsoft has triaged the bugs and is fast-tracking a fix.

"We are working on an accelerated timeline to release a fix," according to Microsoft's Friday advisory. "Until then, we're providing the mitigations and detections guidance."

The mitigations include adding a blocking rule in "IIS Manager -> Default Web Site -> Autodiscover -> URL Rewrite -> Actions" to block the known attack patterns; and the company included URL rewrite instructions in the advisory, which it said it "confirmed are successful in breaking current attack chains."

Also, the alert noted that "since authenticated attackers who can access PowerShell Remoting on vulnerable Exchange systems will be able to trigger RCE using CVE-2022-41082, blocking the ports used for Remote PowerShell can limit the attacks."

**Blindsiding-Bug Disclosure**

The flaws were disclosed in a blog post from Vietnamese security company GTSC, which noted that it submitted bug reports to Trend Micro's Zero Day Initiative last month. While typically this would have resulted in a responsible vulnerability disclosure process in which Microsoft would have 120 days to patch before the findings were made public, GTSC decided to publish after seeing in-the-wild attacks, it said.

"After careful testing, we confirmed that those systems were being attacked using this 0-day vulnerability," GTSC researchers noted in its Thursday blog post. "To help the community temporarily stop the attack before an official patch from Microsoft is available, we publish this article aiming to those organizations who are using Microsoft Exchange email system."

It also offered detail analysis of the bug chain, which is similar under the hood to the ProxyShell group of Exchange Server vulnerabilities. This prompted Beaumont (@gossithedog) to dub the chain "ProxyNotShell," complete with its own logo.

He said in his analysis on Friday that while many attributes of the bugs are exactly like ProxyShell, the ProxyShell patches don't fix the issue. He also noted that in terms of attack surface, "near a quarter of a million vulnerable Exchange servers face the internet, give or take."

He characterized the situation as "pretty risky" in a Twitter feed, noting that exploitation seems to have been going on for at least a month, and that now that the flaws are public, things could "go south pretty quickly." He also called into question Microsoft's mitigation guidance.

"My guidance would be to stop representing OWA to the internet until there is a patch, unless you want to go down the mitigation route ... but that has been known about for a year, and, eh — there's other ways to exploit Exchange for RCE without PowerShell," Beaumont tweeted. "For example, if you have SSRF (CVE-2022-41040) you are god in Exchange, and can access any mailbox via EWS — see the prior activity. So, I'm not sure that mitigation will hold."

Microsoft did not immediately respond to a request for comment by Dark Reading.

Microsoft Confirms Pair of Blindsiding Exchange Zero-Days, No Patch Yet

Plus: Mozilla patches more than a dozen vulnerabilities in Firefox, and enterprise companies Ivanti, Cisco, and SAP roll out a slew of updates to get rid of some high-severity bugs.

August has ended the summer in style with multiple patches issued by Microsoft, Google Chrome, and its competitor Firefox to fix serious issues, some of which are being used in attacks.

While there was no Apple iPhone update at the time of writing, some major enterprise fixes were released during the month. These include patches for exploited flaws in Ivanti products, as well as fixes for vulnerabilities in SAP and Cisco software.

Read on for everything you need to know about the patches issued in August.

Microsoft

Microsoft’s August Patch Tuesday saw the software giant fixing dozens of vulnerabilities, including two already being used in real-world attacks. The first is a Defense in Depth update to CVE-2023-36884, a remote code execution (RCE) flaw in Windows Search that could allow attackers to bypass Microsoft’s Mark of the Web security feature. If it sounds familiar, that’s because Microsoft already fixed the vulnerability in July. But installing the latest update “stops the attack chain” leading to the issue, Microsoft said.

The second flaw, CVE-2023-38180 is an issue in .NET and Visual Studio that could allow an adversary to perform denial of service.

Six of the issues fixed in August’s Patch Tuesday are rated as critical, including CVE-2023-36895—an RCE flaw in the Outlook email client. Meanwhile, CVE-2023-35385, CVE-2023-36910, and CVE-2023-36911 are RCE issues in the Microsoft Message Queuing service, according to the Security Update Guide.

The fifth and sixth critical issues fixed by Microsoft in August are CVE-2023-29328 and CVE-2023-29330, both of which are RCE flaws in Teams.

Google Chrome

August kicked off with a slew of updates for Chrome 115 including nine rated as having a high impact. The 17 patches include three type-confusion flaws in V8: CVE-2023-4068, CVE-2023-4069, and CVE-2023-4070. And CVE-2023-4071 is a heap buffer overflow issue in Visuals and CVE-2023-4076 is a use-after-free flaw in WebRTC.

A couple of weeks later, Google issued Chrome 116 to patch 26 vulnerabilities, eight of which are rated as having a high impact. The most serious issues include CVE-2023-2312—a use-after-free bug in Offline—and CVE-2023-4349, a use-after-free flaw in Device Trust Connectors. A third, CVE-2023-4350, is an inappropriate implementation bug in Fullscreen.

Then, on August 23, Google released the first of its more regular weekly security updates, patching five flaws. The four vulnerabilities rated as having a high impact include two use-after-free bugs and two out-of-bounds memory access issues.

Firefox

Google Chrome’s privacy-focused competitor Firefox also had a hectic August, fixing more than a dozen vulnerabilities in Firefox 116. The issues patched by Firefox owner Mozilla include CVE-2023-4045, an issue in Offscreen Canvas rated as high, and CVE-2023-4047, a bug in popup notifications delay calculation that could allow an attacker to trick a user into granting permissions.

The update also patches memory safety bugs tracked as CVE-2023-4056, CVE-2023-4057, and CVE-2023-4058. The flaws fixed in the latest update “showed evidence of memory corruption,” Mozilla said. “We presume that with enough effort, some of these could have been exploited to run arbitrary code.”

Google Android

Google has issued 40 updates for its Android operating system including patches for serious flaws in the Framework, System, and Kernel. Tracked as CVE-2023-21273, the most severe bug fixed in August is a critical security vulnerability in the System component that could lead to RCE with no additional execution privileges needed. User interaction is not required for exploitation, Google said in its Android Security Bulletin.

Meanwhile, CVE-2023-21282 is an RCE flaw in the Media Framework also marked as having a critical impact. Another critical issue in the Kernel, tracked as CVE-2023-21264, could lead to local escalation of privilege, although System execution privileges are needed.

Search

outlook iniciare sesión