CyberSecure Specialist

15 Nov

Level up! These games will make learning about cybersecurity fun

Information

We Live Progress Discover six games that will provide valuable knowledge while turning learning about digital security into an enjoyable and rewarding adventure Luiza Pires 14 Nov 2023  •  , 4 min. read In this day and age, knowing your way around the digital world is not merely a valuable asset – it is a crucial life skill. With the internet permeating many aspects of our lives, cyberthreats have also proliferated and continue to evolve,…

Read More
15 Nov

Watch Now: Using Governance and Privilege to Gain Control Over Third-Party Access

Information, News

It’s been said “you cannot control the outcome, but you can control the process.” In today’s world of the “assume-breach” security posture, this has never been more true. Especially when it comes to third-party privilege, one of the most significant attack vectors organizations face.  Watch this webinar from Saviynt and SecurityWeek for advice on how to create more trust in your third party relationships by adding sustainable processes and tools that enable you to control…

Read More
15 Nov

CISA, FBI, and MS-ISAC Release Advisory on Rhysida Ransomware

Attacks, Insights, Malware

Today, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint Cybersecurity Advisory (CSA), #StopRansomware: Rhysida Ransomware, to disseminate known Rhysida ransomware indicators of compromise (IOCs), detection methods, and tactics, techniques, and procedures (TTPs) identified through investigations as recently as September 2023. Observed as a ransomware-as-a-service (RaaS) model, Rhysida actors have compromised organizations in education, manufacturing, information technology, and government…

Read More
14 Nov

Microsoft Patch Tuesday, November 2023 Edition

Information, Insights

Microsoft today released updates to fix more than five dozen security holes in its Windows operating systems and related software, including three “zero day” vulnerabilities that Microsoft warns are already being exploited in active attacks. The zero-day threats targeting Microsoft this month include CVE-2023-36025, a weakness that allows malicious content to bypass the Windows SmartScreen Security feature. SmartScreen is a built-in Windows component that tries to detect and block malicious websites and files. Microsoft’s security…

Read More
14 Nov

Royal Ransomware Possibly Rebranding After Targeting 350 Organizations Worldwide

Information, News

The Royal ransomware gang has targeted at least 350 organizations worldwide, with their ransom demands exceeding $275 million, and the cybercriminals may be preparing to rebrand their operation, the US cybersecurity agency CISA and the FBI say in an updated alert. Active since at least September 2022, Royal has been used in attacks against entities in critical infrastructure, education, healthcare, and manufacturing sectors, making ransom demands ranging between $1 million and $11 million, in Bitcoin.…

Read More
14 Nov

Fortinet Releases Security Updates for FortiClient and FortiGate

Attacks, Insights, Malware

Fortinet has released security advisories addressing vulnerabilities in FortiClient and FortiGate. Cyber threat actors may exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Fortinet security advisories and apply the recommended updates: FG-IR-22-299: FortiClient (Windows) – Arbitrary file deletion from unprivileged users FG-IR-23-274: FortiClient (Windows) – DLL Hijacking via openssl.cnf FG-IR-23-385: curl and libcurl CVE-2023-38545 and CVE-2023-38546 vulnerabilities

Read More
14 Nov

Microsoft Releases November 2023 Security Updates

Attacks, Insights, Malware

Microsoft has released updates addressing multiple vulnerabilities in Microsoft software. A cyber threat actor can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s November 2023 Security Update Guide and apply the necessary updates.

Read More
14 Nov

VMware Releases Security Update for Cloud Director Appliance

Attacks, Insights, Malware

VMware has released a security advisory addressing a vulnerability in VMWare Cloud Director Appliance. Cyber threat actors may exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the following VMware security advisory and apply the recommended updates: VMSA-2023-0026: VMware Cloud Director Appliance contains an authentication bypass vulnerability (CVE-2023-34060)

Read More
13 Nov

Ransomware Group RansomedVC Closes Shop

Information, News

The ransomware and data extortion group RansomedVC announced plans to shut down the project and sell parts of its infrastructure. RansomedVC has only been around for a few months, operating under the ransomware-as-a-service (RaaS) business model. The group has listed more than 40 organizations on its leak site, demanding ransom payments of up to $1 million, depending on the victim’s size. The group mainly focuses on organizations in Europe, but recently claimed responsibility for attacks…

Read More
13 Nov

CISA Releases Update to Royal Ransomware Advisory

Attacks, Insights, Malware

Today, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released an update to joint Cybersecurity Advisory (CSA) #StopRansomware: Royal Ransomware. The updated advisory provides network defenders with additional information on tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with Royal ransomware variants. FBI investigations identified these TTPs and IOCs as recently as June 2023. Royal ransomware attacks have spread across numerous critical infrastructure sectors including, but not…

Read More