CyberSecure Specialist

21 Sep

ISC Releases Security Advisories for BIND 9

Attacks, Insights, Malware

The Internet Systems Consortium (ISC) has released security advisories to address vulnerabilities affecting ISC’s Berkeley Internet Name Domain (BIND) 9. A malicious cyber actor could exploit these vulnerabilities to cause denial-of-service conditions. CISA encourages users and administrators to review the following ISC advisories and apply necessary updates or workarounds: CVE-2023-4236: named may terminate unexpectedly under high DNS-over-TLS query load CVE-2023-3341: A stack exhaustion flaw in control channel code may cause named to terminate unexpectedly

Read More
21 Sep

Atlassian Releases September Security Bulletin

Attacks, Insights, Malware

Atlassian has released its security bulletin for September 2023 to address vulnerabilities in multiple products. A malicious cyber actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Atlassian’s September 2023 Security Bulletin and apply the necessary updates.

Read More
20 Sep

MGM Resorts Computers Back Up After 10 Days as Analysts Eye Effects of Casino Cyberattacks

Information, News

MGM Resorts brought to an end a 10-day computer shutdown prompted by efforts to shield from a cyberattack data including hotel reservations and credit card processing, the casino giant said Wednesday, as analysts and academics measured the effects of the event. “We are pleased that all of our hotels and casinos are operating normally,” the Las Vegas-based company posted on X, the platform formerly known as Twitter. It reported last week that the attack was…

Read More
20 Sep

FBI and CISA Release Advisory on Snatch Ransomware

Attacks, Insights, Malware

Today, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released joint Cybersecurity Advisory (CSA) #StopRansomware: Snatch Ransomware, which provides indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with the Snatch ransomware variant. FBI investigations identified these IOCs and TTPs as recently as June 1, 2023. Snatch threat actors operate a ransomware-as-a-service (RaaS) model and change their tactics according to current cybercriminal trends and successes of other ransomware…

Read More
20 Sep

10 tips to ace your cybersecurity job interview

Information

We Live Progress Once you’ve made it past the initial screening process and secured that all-important interview, it’s time to seal the deal. These 10 tips will put you on the right track. Phil Muncaster 18 Sep 2023  •  , 6 min. read The cybersecurity industry has a shortfall of 3.4 million professionals worldwide. But that doesn’t mean that employers have lowered their standards. While there are plenty of opportunities for ambitious job seekers, it…

Read More
19 Sep

UK Minister Warns Meta Over End-to-End Encryption

Information, News, Uncategorized

Britain’s interior minister on Wednesday warned tech giant Meta that rolling out end-to-end encryption on its platforms must “not to come at a cost to our children’s safety”. Suella Braverman and security minister Tom Tugendhat have called on the company, which owns Facebook, Instagram and WhatsApp, to “work with us” and ensure police can access data. “The use of strong encryption for online users remains a vital part of our digital world and I support…

Read More
18 Sep

Who’s Behind the 8Base Ransomware Website?

Information, Insights

The victim shaming website operated by the cybercriminals behind 8Base — currently one of the more active ransomware groups — was until earlier today leaking quite a bit of information that the crime group probably did not intend to be made public. The leaked data suggests that at least some of website’s code was written by a 36-year-old programmer residing in the capital city of Moldova. The 8Base ransomware group’s victim shaming website on the…

Read More
18 Sep

Microsoft AI Researchers Expose 38TB of Data, Including Keys, Passwords and Internal Messages

Information, News

Researchers at Wiz have flagged another major security misstep at Microsoft that caused the exposure of 38 terabytes of private data during a routine open source AI training material update on GitHub. The exposed data includes a disk backup of two employees’ workstations, corporate secrets, private keys, passwords, and over 30,000 internal Microsoft Teams messages, Wiz said in a note documenting the discovery. Wiz, a cloud data security startup founded by ex-Microsoft software engineers, said…

Read More
16 Sep

Imagine Making Shadowy Data Brokers Erase Your Personal Info. Californians May Soon Live the Dream

Information, News

You may not know it, but thousands of often shadowy companies routinely traffic in personal data you probably never agreed to share — everything from your real-time location information to private financial details. Even if you could identify these data brokers, there isn’t much you can do about their activities, including in California, which has some of the strongest digital privacy laws in the U.S. That’s on the verge of changing. Both houses of the…

Read More
16 Sep

Ballistic Bobcat’s Sponsor backdoor – Week in security with Tony Anscombe

Information

Video Ballistic Bobcat is a suspected Iran-aligned cyberespionage group that targets organizations in various industry verticals, as well as human rights activists and journalists, mainly in Israel, the Middle East, and the United States 14 Sep 2023 This week, ESET researchers unveiled their findings about a campaign by the Ballistic Bobcat APT group that deployed a novel backdoor against businesses mainly in Israel. Ballistic Bobcat – previously tracked by ESET Research as APT35/APT42 and also…

Read More