CyberSecure Specialist

23 Jun

CISA Tells US Agencies to Patch Exploited Roundcube, VMware Flaws

Information, News

The US government’s cybersecurity agency CISA on Thursday added another batch of security flaws to its Known Exploited Vulnerabilities (KEV) catalog and urged federal agencies to patch these issues as a matter of urgency. The already exploited vulnerabilities affect users of the open-source Roundcube webmail server and VMware Aria Operations for Networks. Exploitation of the open-source mail server Roundcube flaws has been linked to Russian state-sponsored attacks against the Ukrainian government and other high-profile entities…

Read More
23 Jun

Millions of GitHub repositories vulnerable to RepoJacking: Report

Data Breaches, Malware, Social Engineering

Millions of GitHub repositories are potentially vulnerable to RepoJacking, which allows attackers to carry out code execution on organizations’ internal environments or on their customers’ environments, according to research by AquaSec.  AquaSec analyzed a sample of 1.25 million GitHub repositories and found that about 2.95% were vulnerable to RepoJacking, including repositories belonging to companies such as Google and Lyft.  What is RepoJacking? On GitHub, organizations have usernames and repository names. In instances such as a…

Read More
23 Jun

CISA Adds Five Known Exploited Vulnerabilities to Catalog

Attacks, Insights, Malware

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-32434 Apple Multiple Products Integer Overflow Vulnerability CVE-2023-32435 Apple iOS and iPadOS WebKit Memory Corruption Vulnerability CVE-2023-32439 Apple iOS, iPadOS, and macOS WebKit Type Confusion Vulnerability CVE-2023-20867 VMware Tools Authentication Bypass Vulnerability CVE-2023-27992 Mozilla Firefox, Firefox ESR, and Thunderbird Use-After-Free Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view…

Read More
23 Jun

IOTW: A full timeline of the MOVEit cyber attack

Attacks, Data Breaches

Ransomware gang Clop, which has taken responsibility for the cyber attack launched against document transfer service MOVEit, has announced that it has not stolen data from companies thought to be impacted by data breaches linked to the attack. These companies include the UK’s British Broadcasting Company (BBC), British Airways and high street health and beauty retailer Boots. Since June 14, Clop has been posting company profiles of companies allegedly impacted by data breaches caused by…

Read More
22 Jun

Maltego: Check how exposed you are online

Information

A primer on how to use this powerful tool for uncovering and connecting information from publicly available sources It’s a truism that personal data is a valuable asset for cybercriminals, as it allows them to tailor and otherwise improve their phishing and other social engineering attacks. The wealth and variety of personal data that is available online is leveraged for attacks and scams that target not only people but also companies. But organizations too can…

Read More
22 Jun

S3 Ep140: So you think you know ransomware?

Information

by Paul Ducklin LISTEN AND LEARN Gee Whizz BASIC (probably). Think you know ransomware? Megaupload, 11 years on. ASUS warns of critical router bugs. MOVEit mayhem Part III. No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL of…

Read More
22 Jun

SMS Phishers Harvested Phone Numbers, Shipment Data from UPS Tracking Tool

Information, Insights

The United Parcel Service (UPS) says fraudsters have been harvesting phone numbers and other information from its online shipment tracking tool in Canada to send highly targeted SMS phishing (a.k.a. “smishing”) messages that spoofed UPS and other top brands. The missives addressed recipients by name, included details about recent orders, and warned that those orders wouldn’t be shipped unless the customer paid an added delivery fee. In a snail mail letter sent this month to…

Read More
22 Jun

Google Backs Creation of Cybersecurity Clinics With $20 Million Donation

Information, News

Free medical clinics and legal aid clinics, where college students and their instructors help their communities while also learning more about their professions, are now commonplace. Google hopes to add cybersecurity clinics to that list. Google CEO Sundar Pichai pledged $20 million in donations on Thursday to support and expand the Consortium of Cybersecurity Clinics to introduce thousands of students to potential careers in cybersecurity, while also helping defend small government offices, rural hospitals and…

Read More
22 Jun

China-sponsored APT group targets government ministries in the Americas

Data Breaches, Malware, Social Engineering

An advanced persistent threat (APT) group named Flea has been carrying out attacks against foreign affairs ministries in North and South America using a new backdoor called Graphican, according to a report by the Symantec Threat Hunter Team. The campaign ran from late 2022 into early 2023. It also targeted a government finance department in a country in the Americas and a corporation that sells products in Central and South America. There was also one…

Read More