CyberSecure Specialist

16 Oct

CISA, FBI, and MS-ISAC Release Joint Advisory on Atlassian Confluence Vulnerability CVE-2023-22515

Attacks, Insights, Malware

Today, CISA, the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint Cybersecurity Advisory (CSA) in response to the active exploitation of CVE-2023-22515. This critical vulnerability affects certain versions of Atlassian Confluence Data Center and Server, enabling malicious threat actors to obtain initial access to Confluence instances by creating unauthorized Confluence administrator accounts. CISA strongly encourages upgrading to a fixed version or taking servers offline to apply…

Read More
16 Oct

Cisco Releases Security Advisory for IOS XE Software Web UI

Attacks, Insights, Malware

Cisco released a security advisory to address a vulnerability (CVE-2023-20198) affecting IOS XE Software Web UI. A cyber threat actor can exploit this vulnerability to take control of an affected device. CISA encourages users and administrators to review the Cisco security advisory, apply the necessary recommendations, hunt for any malicious activity and report any positive findings to CISA, and apply patches when made available. See the following for additional guidance and resources:  BOD 23-02: Mitigating…

Read More
16 Oct

CISA, NSA, FBI, and International Partners Release Updated Secure by Design Guidance

Attacks, Insights, Malware

Today, the U.S. Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) released an update to Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by- Design and -Default with the following international partners: Australian Cyber Security Centre (ACSC) Canadian Centre for Cyber Security (CCCS) United Kingdom’s National Cyber Security Centre (NCSC-UK) Germany’s Federal Office for Information Security (BSI) Netherland’s National Cyber Security Centre (NCSC-NL) Norway’s National Cyber…

Read More
14 Oct

Staying on top of security updates – Week in security with Tony Anscombe

Information

Video Why keeping software up to date is a crucial security practice that should be followed by everyone from individual users to SMBs and large enterprises 13 Oct 2023 This week, the US Cybersecurity and Infrastructure Security Agency (CISA) added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, citing solid evidence of active exploitation by attackers. The vulnerabilities, for which patches are available, affect Adobe Acrobat and Reader. One of them can be…

Read More
13 Oct

CISA Now Flagging Vulnerabilities, Misconfigurations Exploited by Ransomware

Information, News

The US cybersecurity agency CISA is stepping up its efforts to prevent ransomware by making it easier for organizations to learn about vulnerabilities and misconfigurations exploited in these attacks. As part of its Ransomware Vulnerability Warning Pilot (RVWP) program launched in March, the agency has released two new resources to help organizations identify and eliminate security flaws and weaknesses known to be exploited by ransomware groups. “Through the RVWP, CISA determines vulnerabilities that are commonly…

Read More
13 Oct

Juniper Networks Patches Over 30 Vulnerabilities in Junos OS

Information, News

Networking equipment manufacturer Juniper Networks on Thursday announced patches for more than 30 vulnerabilities in Junos OS and Junos OS Evolved, including nine high-severity flaws. The most severe of these issues is an incorrect default permissions bug that allows an unauthenticated attacker with local access to a vulnerable device to create a backdoor with root privileges. Tracked as CVE-2023-44194 (CVSS score of 8.4), the flaw exists because a certain system directory has improper permissions associated…

Read More
13 Oct

In Other News: Ex-Uber Security Chief Appeal, New Offerings From Tech Giants, Crypto Bounty

Information, News

SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape. Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and…

Read More
12 Oct

6 steps to getting the board on board with your cybersecurity program

Information

Business Security How CISOs and their peers can better engage with boards to get long-term buy-in for strategic initiatives Phil Muncaster 11 Oct 2023  •  , 4 min. read Building a safer digital world requires action on several fronts. Initiatives like Cybersecurity Awareness Month (CSAM) are great opportunities to remind the general public of important best practices for password management, vulnerability patching and more. But while this can help make life tougher for cybercriminals targeting…

Read More
12 Oct

Virus Bulletin PUA – a love letter

Information

Digital Security Late nights at VB2023 featured intriguing interactions between security experts and the somewhat enigmatic world of grayware purveyors Cameron Camp 10 Oct 2023  •  , 3 min. read Late night at VB2023 is when the goblins come out – crafted visages of carefully-played fans cum lures foisted by the industry of potentially unwanted application (PUA) vendors, sponsored- and pay-per-click application installers, and other download monetizers that form up a multibillion dollar ecosystem. And…

Read More
12 Oct

Virus Bulletin – building digital armies

Information

Cybercrime Security researchers, global organizations, law enforcement and other government agencies need to have the right conversations and test potential scenarios without the pressure of an actual attack Cameron Camp 11 Oct 2023  •  , 3 min. read Squashing malware groups involves imposing steep costs on small ad hoc groups. But those actions are slowly ebbing in favor of going after much more organized actor groups aligned in support of nation-state-aligned ideals. Doing that is…

Read More