CyberSecure Specialist

04 Oct

CISA Adds Two Known Exploited Vulnerabilities to Catalog, Removes Five KEVs

Attacks, Insights, Malware

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation: CVE-2023-42793 Arm Mali GPU Kernel Driver Use-After-Free Vulnerability CVE-2023-28229 Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column—which will sort…

Read More
04 Oct

CISA and NSA Release New Guidance on Identity and Access Management

Attacks, Insights, Malware

Today, CISA and the National Security Agency (NSA) published Identity and Access Management: Developer and Vendor Challenges, authored by the Enduring Security Framework (ESF), a CISA- and NSA-led working panel that includes a public-private cross-sector partnership. ESF aims to address risks that threaten critical infrastructure and national security systems. This publication, which follows ESF’s Identity and Access Management Recommended Best Practices Guide for Administrators, assesses and addresses challenges developers and technology manufacturers face in identity…

Read More
03 Oct

Critical TorchServe Flaws Could Expose AI Infrastructure of Major Companies

Information, News

A series of critical vulnerabilities impacting a tool called TorchServe could allow threat actors to take complete control of servers that are part of the artificial intelligence (AI) infrastructure of some of the world’s largest companies. The flaws were discovered by Oligo, a company that specializes in runtime application security and observability, which disclosed its findings on Tuesday. The firm named the attack ShellTorch. TorchServe is an open source package in PyTorch, a machine learning…

Read More
02 Oct

Don’t Let Zombie Zoom Links Drag You Down

Information, Insights

Many organizations — including quite a few Fortune 500 firms — have exposed web links that allow anyone to initiate a Zoom video conference meeting as a valid employee. These company-specific Zoom links, which include a permanent user ID number and an embedded passcode, can work indefinitely and expose an organization’s employees, customers or partners to phishing and other social engineering attacks. Image: @Pressmaster on Shutterstock. At issue is the Zoom Personal Meeting ID (PMI),…

Read More
02 Oct

Kicking off NIST's Cybersecurity Awareness Month Celebration & Our Cybersecurity Awareness Month 2023 Blog Series

Insights

Credit: NIST October is always an exciting time for us as we celebrate Cybersecurity Awareness Month and some of NIST’s greatest accomplishments, resources, guidance, and latest news in the cybersecurity space. This year is a big one because 2023 marks the 20th anniversary of this important initiative —and we will celebrate in various ways every day throughout the month. What is NIST Up to in October? We’ll be using our NIST Cybersecurity Awareness Month website…

Read More
02 Oct

Johnson Controls Ransomware Attack Could Impact DHS

Information, News

Sensitive Department of Homeland Security (DHS) information might have been compromised in a recent ransomware attack aimed at government contractor Johnson Controls International. A multinational giant headquartered in Cork, Ireland, Johnson Controls produces industrial control systems and smart building equipment, software, and services, including HVAC, security, fire protection, and support solutions. The company serves clients in the education, government, healthcare, hospitality, naval, and transportation sectors, including the DoD, DHS, and other government agencies in the…

Read More
30 Sep

A Closer Look at the Snatch Data Ransom Group

Information, Insights

Earlier this week, KrebsOnSecurity revealed that the darknet website for the Snatch ransomware group was leaking data about its users and the crime gang’s internal operations. Today, we’ll take a closer look at the history of Snatch, its alleged founder, and their claims that everyone has confused them with a different, older ransomware group by the same name. According to a September 20, 2023 joint advisory from the FBI and the U.S. Cybersecurity and Infrastructure…

Read More
30 Sep

Lazarus luring employees with trojanized coding challenges: The case of a Spanish aerospace company

Information

ESET researchers have uncovered a Lazarus attack against an aerospace company in Spain, where the group deployed several tools, most notably a publicly undocumented backdoor we named LightlessCan. Lazarus operators obtained initial access to the company’s network last year after a successful spearphishing campaign, masquerading as a recruiter for Meta – the company behind Facebook, Instagram, and WhatsApp. The fake recruiter contacted the victim via LinkedIn Messaging, a feature within the LinkedIn professional social networking…

Read More
30 Sep

How Lazarus impersonated Meta to attack a target in Spain – Week in security with Tony Anscombe

Information

Video During the attack, the group deployed several tools, most notably a newly-discovered sophisticated backdoor that ESET named LightlessCan 29 Sep 2023 This week, ESET researchers unveiled their findings about an attack by the North Korea-linked APT group Lazarus that took aim at an aerospace company in Spain. The group obtained initial access to the company’s network after a successful spearphishing campaign where they masqueraded as a recruiter for Meta, the company behind Facebook, Instagram,…

Read More
29 Sep

Bankrupt IronNet Shuts Down Operations

Information, News

The lights have flickered shut at IronNet, the once-promising network security company founded by former NSA director General Keith Alexander. Bankrupt and out of financing options, IronNet said it would file for Chapter 7 protection while its assets are liquidated. “Given the unavailability of additional sources of liquidity…IronNet ceased all activities of the company and its subsidiaries and terminated the remaining employees,” the Virginia company said in its latest SEC Form 8-K filing. It is…

Read More