17 March 2023

5 min read

Patch Tuesday includes critical elevation of privilege vulnerability | Cyber Intelligence Briefing: 17 March

March 2023
Patch Tuesday includes critical elevation of privilege vulnerability | Cyber Intelligence Briefing: 17 March placeholder thumbnail


Top news stories this week

  1. Patch me if you can. Microsoft addresses critical Elevation of Privilege vulnerability.
  2. Big-game hunting. SpaceX supplier and Amazon subsidiary named on ransomware leak sites.
  3. Stress-ercise. European Central Bank to conduct stress tests on banks.
  4. Innovative hacking techniques. Hackers leverage LinkedIn and fake ChatGPT Chrome extensions.
  5. Compromised data. AT&T data breach impacts 9 million customers.
  6. Splat the NetWire RAT. Law enforcement operation seizes the NetWire RAT infrastructure.


1. Patch Tuesday includes critical elevation of privilege vulnerability

A high-risk vulnerability (CVE-2023-2397) in Microsoft Outlook has been exploited by threat actors to escalate privileges since April 2022. With no user interaction required, a specially crafted email can give attackers access to hashed credentials, which can then be used to authenticate to other services. Microsoft has released a patch, but the vulnerability is expected to be increasingly leveraged by threat actors going forward.

Microsoft also patched another zero-day vulnerability that bypassed certain security features and numerous other flaws. Other major vendors including Apple, Cisco, Google and Fortinet also released security updates for March 2023.

So what?

A robust patch management process that ensures known vulnerabilities are prioritised and remediated as quickly as possible is critical to reducing the likelihood of a significant cyber incident.



2. SpaceX supplier and Amazon subsidiary both named on ransomware leak sites

LockBit is threatening to leak thousands of SpaceX blueprints after claiming an attack on third-party supplier Maximum Industries. In a separate incident, BlackCat claimed an attack on Amazon subsidiary Ring, the doorbell and security supplier, after naming them on their dark web leak site.


So what?

Incident Response Plans (IRPs) should account for public relations strategies in the event that a breach becomes public.



3. ECB to stress test banks on cyber resilience

The European Central Bank (ECB) is planning to evaluate the cyber resilience and response capabilities of banks under its supervision from 2024 by conducting stress tests that simulate various cyber attack scenarios. The initiative aims to enhance the financial sector's resilience to cyber threats

So what?

Crisis simulations are an effective way to test an organisation’s ability to respond to a cyber incident and should be conducted regularly.



4. Hackers leverage LinkedIn and fake ChatGPT chrome extensions

North Korea-backed hackers have been targeting security researchers in a campaign aimed at gaining access to their employers. The hackers are using fake LinkedIn accounts and spear-phishing emails with job recruitment themes to trick targets into installing malware.

A fake ChatGPT Chrome extension has been discovered to hijack Facebook accounts and create rogue admin accounts to advertise malware. Since 3 March 2023, the extension has attracted 2,000 installations per day, and even received promotion through Facebook-sponsored posts. Google has since pulled the extension from the Chrome Web Store.

So what?

Exercise caution when receiving unsolicited messages and double-check the authenticity of any links or attachments sent via email or SMS. Additionally, downloading browser extension on corporate devices should be avoided without approval from your organisation’s IT department.



Cyber Security Insights Report


5. AT&T suffers data breach

AT&T, a major US telecommunications firm, suffered a data breach that affected 9 million customers due to a supply chain cyber attack. The attack on AT&T’s marketing vendor exposed Customer Proprietary Network Information, including names, wireless account numbers, phone numbers, and email addresses of customers.

So what?

Organisations should conduct thorough and regular due diligence on their third party vendors/providers, evaluating that appropriate security controls are in place.


6. Coordinated law enforcement operation disrupts the NetWire service

Last week, global law enforcement arrested the administrator and seized the web domain and hosting server of the NetWire remote access trojan (RAT).

The NetWire RAT is popular among cybercriminals in phishing attacks, granting them remote access to compromised computers, the power to execute commands, and the ability to download malicious programs onto victims’ devices.

So what?

This case is another example of the growing efforts made by international law enforcement agencies to disrupt the criminal cyber ecosystem.

Cyber Intelligence Briefing

The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.

To discuss this briefing or other industry developments, please reach out to one of our experts.


Kyle Schwaeble
Kyle Schwaeble
Senior Associate, Cyber Security

Kyle Schwaeble is a senior associate on S-RM’s cyber security team, bringing expertise in incident response management and, particularly, the secure restoration and recovery from cyber incidents such as ransomware attacks and business email compromises. In addition to his incident response work, Kyle has also supported multinational clients with their security transformation programmes, advising on the development and implementation of new technological, procedural, and cultural security controls.  

Kyle joined S-RM in 2019, initially working as an analyst in the Corporate Intelligence team, where he supported various corporate and diligence investigations. He holds a BCom(LLB) from Stellenbosch University in South Africa and is GSEC certified. 

Miles Arkwright
Miles Arkwright
Associate, Cyber Security
Kyle Schwaeble
Kyle Schwaeble

Senior Associate, Cyber Security

Miles Arkwright
Miles Arkwright

Associate, Cyber Security

Share this post

Subscribe to our insights

Get industry news and expert insights straight to your inbox.