Continuous Monitoring and Protection
Juniper has released a security advisory to address vulnerabilities in Junos OS on SRX Series and EX Series. A remote cyber threat actor could exploit these vulnerabilities to cause a denial-of service condition. CISA encourages users and administrators to review Juniper’s Support Portal and apply the necessary updates.
Read MoreGovernment agencies in Israel and the US have announced plans to invest $3.85 million in projects meant to improve the security of critical infrastructure in both countries. The investment is made through the BIRD Cyber Program, a joint initiative from the Israel National Cyber Directorate (INCD), the Israel-US Binational Industrial Research and Development (BIRD) Foundation, and the US Department of Homeland Security (DHS) Science and Technology Directorate (S&T). As part of the program, four grants…
Read MoreYou’ve probably never heard of “16Shop,” but there’s a good chance someone using it has tried to phish you. A 16Shop phishing page spoofing Apple and targeting Japanese users. Image: Akamai.com. The international police organization INTERPOL said last week it had shuttered the notorious 16Shop, a popular phishing-as-a-service platform launched in 2017 that made it simple for even complete novices to conduct complex and convincing phishing scams. INTERPOL said authorities in Indonesia arrested the 21-year-old…
Read MoreAtlassian has released its security bulletin for August 2023 to address a vulnerability in Confluence Server and Data Center, CVE-2023-28709. A remote attacker can exploit this vulnerability to cause a denial-of-service condition. CISA encourages users and administrators to review Atlassian’s August 2003 Security Bulletin and apply the necessary update.
Read Moreby Paul Ducklin The US Federal Bureau of Investigation (FBI) has just published an official public service announcement headlined with with a very specific warning: Cybercriminals Targeting Victims through Mobile Beta-Testing Applications. The Feds didn’t go as far as naming any specific vendors or services here, but one of the main reasons that crooks go down the “beta-testing” route is to lure users of Apple iPhones into installing software that didn’t come from the App…
Read MoreExploitation attempts targeting a remote code execution flaw in Citrix’s ShareFile product have spiked just as the US Cybersecurity and Infrastructure Security Agency (CISA) added it to its Known Exploited Vulnerabilities Catalog. The vulnerability affecting the ShareFile file sharing and collaboration product is tracked as CVE-2023-24489 and it has been assigned a ‘critical’ severity rating. It can allow an unauthenticated attacker to upload arbitrary files and possibly achieve remote code execution. When details of the…
Read MoreToday, CISA released the Remote Monitoring and Management (RMM) Cyber Defense Plan, the first proactive Plan developed by industry and government partners through the Joint Cyber Defense Collaborative (JCDC). This plan addresses systemic risks facing the exploitation of RMM software. Cyber threat actors can gain footholds via RMM software into managed service providers (MSPs) or manage security service providers (MSSPs) servers and, by extension, can cause cascading impacts for the small and medium-sized organizations that…
Read MoreA threat actor has automated the exploitation of a recent Citrix vulnerability and has infected roughly 2,000 NetScaler instances with a backdoor, British information assurance firm NCC Group reports. Tracked as CVE-2023-3519, the critical vulnerability was disclosed last month as a zero-day, being exploited since June 2023, including in attacks against critical infrastructure organizations. The issue allows unauthenticated, remote attackers to execute arbitrary code on vulnerable Citrix Application Delivery Controller (ADC) and Gateway appliances that…
Read Moreby Paul Ducklin It’s taken nearly ten years, but the US Department of Justice (DOJ) has just announced the court-approved seizure of a web domain called LolekHosted.net that was allegedly connected to a wide range of crimeware-as-a-service activities. The DOJ also charged a 36-year-old Polish man named Artur Karol Grabowski in connection with running the service, but his current whereabouts are unknown. In the DOJ’s blunt words, “Grabowski remains a fugitive.” The downed site is…
Read Moreby Paul Ducklin It’s been a while since we’ve written about card skimmers, which used to play a big part in global cybercrime. These days, many if not most cyber-breach and cybercrime stories revolve around ransomware, the darkweb and the cloud, or some unholy combination of the three. In ransomware attacks, the criminals don’t actually need to approach the scene of the crime in person, and their payoffs are extracted online, typically using pseudoanonymous technologies…
Read More