CyberSecure Specialist

18 Jul

Nigerian Man Sentenced to 8 Years in US Prison for $8 Million BEC Scheme

Information, News

A Nigerian national who had been living in the United Arab Emirates has been sentenced to more than eight years in a US prison for his role in an $8 million cybercrime scheme. The man, 31-year-old Olalekan Jacob Ponle, aka Mark Kain and Mr Woodbery, was involved in a business email compromise (BEC) scheme for at least nine months in 2019, while he was living in the UAE. He was arrested in the UAE in…

Read More
18 Jul

Adobe Releases Security Updates for ColdFusion

Attacks, Insights, Malware

Adobe has released security updates to address a critical vulnerability (CVE-2023-38203) affecting ColdFusion. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Adobe security release APSB23-41 and apply the necessary updates.

Read More
18 Jul

International Engagement – Brussels and Beyond

Insights

International engagement is an integral part of many ongoing NIST efforts, including the Journey to the Cybersecurity Framework (CSF 2.0) update, our update to the digital identity guidelines, and increasing awareness of the NIST Privacy Framework and IoT cybersecurity work. In the update to NIST CSF 2.0, NIST continues to work with the international community. At NIST’s February 2023 virtual workshop on the CSF 2.0 update, participants from Italian and New Zealand governments and Mexican…

Read More
18 Jul

Citrix Releases Security Updates for NetScaler ADC and Gateway

Attacks, Insights, Malware

Citrix has released security updates to address vulnerabilities (CVE-2023-3519, CVE-2023-3466, and CVE-2023-3467) affecting NetScaler ADC and NetScaler Gateway. An attacker can exploit one of these vulnerabilities to take control of an affected system. According to Citrix, CVE-2023-3519 is being exploited on unmitigated appliances. CISA encourages users and administrators to review the Citrix security bulletin and apply the necessary updates.

Read More
18 Jul

Oracle Releases Security Updates

Attacks, Insights, Malware

Oracle has released its Critical Patch Update Advisory, Solaris Third Party Bulletin, and Linux Bulletin for July 2023 to address vulnerabilities affecting multiple products. A remote attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Oracle’s July 2023 Critical Patch Update Advisory, Solaris Third Party Bulletin, and Linux Bulletin and apply the necessary updates.

Read More
17 Jul

Owner of Cybercrime Website BreachForums Pleads Guilty

Information, News

The owner of the infamous cybercrime website BreachForums has pleaded guilty in a US court to conspiracy to commit device fraud, access device fraud, and possession of child pornography. The man, Conor Brian Fitzpatrick, 21, of Peekskill, New York, was arrested on March 15, 2023, being charged with conspiracy to commit access device fraud. Fitzpatrick, who was known online as ‘Pompompurin’, has admitted to investigators that he was the owner and administrator of the BreachForums…

Read More
17 Jul

NSA, CISA Release Guidance on Security Considerations for 5G Network Slicing 

Attacks, Insights, Malware

Today, the National Security Agency (NSA) and CISA published 5G Network Slicing: Security Considerations for Design, Deployment, and Maintenance. This guidance—created by the Enduring Security Framework (ESF), a public-private cross-sector working group led by the NSA and CISA—presents recommendations to address some identified threats to 5G standalone network slicing, and provides industry recognized practices for the design, deployment, operation, and maintenance of a hardened 5G standalone network slice(s). This guidance builds upon the 2022 ESF…

Read More
17 Jul

CISA Develops Factsheet for Free Tools for Cloud Environments

Attacks, Insights, Malware

CISA has developed and published a factsheet, Free Tools for Cloud Environments, to help businesses transitioning into a cloud environment identify proper tools and techniques necessary for the protection of critical assets and data security. Free Tools for Cloud Environments provides network defenders and incident response/analysts open-source tools, methods, and guidance for identifying, mitigating, and detecting cyber threats, known vulnerabilities, and anomalies while operating a cloud or hybrid environment.  Cloud service platforms and cloud service…

Read More
15 Jul

Key findings from ESET Threat Report H1 2023 – Week in security with Tony Anscombe

Information

Here’s how cybercriminals have adjusted their tactics in response to Microsoft’s stricter security policies and other interesting findings from ESET’s new Threat Report This week, the ESET research team released the H1 2023 ESET Threat Report that examines the key trends and developments that shaped the cybersecurity landscape from December 2022 to May 2023. Among other things, the report shows the remarkable ability of cybercriminals to pivot to new tactics and techniques in an effort…

Read More
15 Jul

Zimbra Collaboration Suite warning: Patch this 0-day right now (by hand)!

Information

by Paul Ducklin Popular collaboration product Zimbra has warned customers to apply a software patch urgently to close a security hole that it says “could potentially impact the confidentiality and integrity of your data.” The vulnerability is what’s known as an XSS bug, short for cross-site scripting, whereby performing an innocent-looking operation via site X, such as clicking through to site Y, gives the operator of site X a sneaky chance to implant rogue JavaScript…

Read More