PATCH WATCH: 

Microsoft plugged 129 vulnerabilities, including 23 critical bugs, in its last Patch Tuesday security update. The patches included fixes for a number of remote code execution bugs, including a "worst-case scenario" memory corruption flaw in Exchange Server. 

To receive the full list of security patches and receive this feature weekly, upgrade to premium!

Weave Scope, a cloud computing tool, has been hijacked by hacking group TeamTNT to map cloud environments and execute commands. The attackers are able to abuse an exposed Docker API port to create a new privileged container. They then deploy Weave Scope to control the cloud environment so they can execute shell commands for their cryptomining attack, according to security firm Intezer.

More from Intezer:

• This is the first time an attacker has exploited legitimate software as an administrative tool on the Linux operating system.
• Intezer recommends companies close the exposed Docker API ports and block connections to port 4040, which is used to access the Weave Scope dashboard
• Weave Scope gives users full access to their cloud environment and is integrated with Docker, Kubernetes, the Distributed Cloud Operating System, and AWS Elastic Compute Cloud.

Hackers can abuse Windows 10 themes and theme packs to steal Windows account credentials from victims. Security researcher Jimmy Bayne discovered that specially crafted Windows themes could be employed to carry out "pass-the-hash" attacks to steal login names and passwords.

More:

• Windows 10 enables users to create custom themes for the operating system and share those custom themes through theme packs.
• A pass-the-hash attack enables a hacker to authenticate to a remote server by using the NTLM or LanMan hash of a user's password to steal the plaintext password.
• Bayne disclosed the attack technique to Microsoft, but the company said it was a "feature by design" and would not be fixed.

Public schools in Hartford, Conn., postponed the first day of class after a ransomware attack took down the city's network. The Metro Hartford Information Services informed the public schools on Tuesday that the city's critical systems were taken down by a ransomware attack. Hartford Public Schools said later in the day that systems had been restored and that school would begin on Wednesday.

More:

• MHIS said that no personal data of students or employees was accessed by the attackers. 
• Hartford is providing both online and in-person public school classes. 
• More than 200 servers out of Hartford's 300 servers were affected by the ransomware attack.
• Also on Tuesday, public schools in Toledo, Ohio, Clark County, Nev., and Pickens County, S.C., were hit by separate cyberattacks.

CYBERSECURITY MASTERCLASS:

Gartner analyst John Wheeler predicts that corporate boards will increasingly focus on digital risk as they pursue digital transformation...

To read the rest of today's piece and receive this feature weekly, start your FREE 14-day trial of Inside Security Premium! 

Atlanta-based Secureworks has agreed to acquire security startup Delve Laboratories for an undisclosed amount. Delve, headquartered in Montreal, Canada, provides an artificial intelligence-based automated vulnerability management platform.

More:

• Delve has raised $1.5M in funding so far.
• Secureworks plans to integrate Delve into its Red Cloak Platform and TDR application.
• The purchase is expected to close in Secureworks' 2021 fiscal third quarter.

Attackers are exploiting fears about a possible TikTok ban in the U.S. to push Android spyware hiding in a "TikTok Pro" app. The spyware can take over Android device functions and create a phishing site to steal Facebook credentials. The attackers are urging victims via SMS and WhatsApp messages to download the bogus TikTok Pro app from a specific web address, according to Shivang Desai, chief information security officer and vice president of security at Zscaler.

More from Zscaler:

• When a victim tries to open the app, it launches a fake notification as a distraction while the malware hides itself on the Android device.
• The malware launches as an Android service named MainService, which then controls the device based on commands sent by the attackers' command and control server.
• To prevent malware infection, Zscaler advises Android users to only install apps from Google Play, never click on unknown links, and keep the "unknown sources" option disabled, thereby preventing apps from unknown sources from being installed.
• China unveiled a new data security initiative in retaliation for the Trump administration's efforts to limit the ability of Chinese companies to access the U.S. market.

Small and medium-sized businesses (SMBs) are struggling to fend off cyberattacks in an era of constrained IT budgets, according to a survey of more than 500 SMBs by network security firm Untangle. Close to one-third of respondents said that budget constraints are the greatest challenge to effective cybersecurity, followed by employees not following proper security hygiene and limited time to research emerging threats.

More from the SMB survey:

• 39% allocated $1K or less to the IT security budget in 2020, while 26% allocated $1K to $5K, and 15% allocated more than $10K.
• 82% cited firewalls as the most important feature when considering IT security purchases, followed by antivirus protection at 57%, endpoint security at 48%, archiving management and backup and VPN technologies at 47%, and web filtering at 40%.
• 45% have adjusted or re-evaluated their IT security roadmap based on recent breaches and ransomware attacks.
• Only 15% were able to stop a cyberattack before sensitive data was stolen.

An Israeli security researcher has found a cross-site scripting (XSS) vulnerability in a feature of Google Maps that enables users to create their own maps. An attacker could exploit the bug to execute malware in the victim's browser. Zohar Shachar received $10K for finding the bug, which Google fixed in 2019. 

More:

• Shachar discovered a way to escape the CDATA section and add arbitrary XML content that would be rendered by the browser, creating the bug.
• To exploit the flaw, an attacker would have to create a new map, rename it with an XSS payload, set its permission to public, exploit it as a KML file, copy the download link, send the link to the victim, and wait for the victim to click it.
• Shachar earned an initial bug bounty of $5K for finding the bug and another $5K for bypassing Google's initial patch.

QUICK HITS:

• A fix for a Windows 10 bug has broken Windows Subsystems for Linux 2.
• London-based Virtual Mail Room left more than 50,000 confidential letters sent by banks and local authorities exposed to the public.
• A Swiss federal commissioner said that the U.S. has insufficient protections in place for data privacy.
• CodeMeter, a licensing and DRM solution made by Germany's Wibu-Systems, suffers from vulnerabilities that expose industrial systems to remote attacks.
• Conga tapped into insights from tech-forward business leaders in order to create this fact-packed report: The State of Digital Document Transformation*

* This is paid content.