CyberSecure Specialist

13 Jun

Cyber insurance: What is it and does my company need it?

Information

While not a ‘get out of jail free card’ for your business, cyber insurance can help insulate it from the financial impact of a cyber-incident Cyber risk is on the rise as the combined impact of surging threat levels, expanding attack surfaces and security skills shortages are putting organizations at a disadvantage. Faced with an increased likelihood that they may suffer a damaging security breach, many may be looking to transfer liability onto a third-party…

Read More
13 Jun

Gozi banking malware “IT chief” finally jailed after more than 10 years

Information, Malware

by Paul Ducklin Yesterday, we wrote about cybercrime charges that were finally unsealed for a massive cryptocurrency heist that was allegedly conducted over a three-year period starting back in 2011. Today’s long-term cybercrime justice story concerns the last member of the so-called Gozi Troika, three men who were originally charged in January 2013 for malware-related crimes that apparently kicked off way back in the late 2000s: Those charges were publicised at that time under a…

Read More
13 Jun

Microsoft Patches Critical Windows Vulns, Warn of Code Execution Risks

Information, News

Microsoft’s security response team on Tuesday rolled out a massive batch of software updates to address major security gaps in its flagship Windows operating system and software components. Redmond’s monthly Patch Tuesday updates cover at least 70 documented vulnerabilities affecting the Windows ecosystem, including six critical issues that expose users to dangerous code execution attacks. According to Microsoft, none of the vulnerabilities have been publicly discussed or exploited in the wild. Windows network administrators are…

Read More
13 Jun

MOVEit Transfer developer patches more critical flaws after security audit

Data Breaches, Malware, Social Engineering

The developer of the recently exploited MOVEit Transfer application issued new updates after a third-party security audit identified additional SQL injection vulnerabilities. Customers are advised to deploy the new patches as soon as possible since attackers are clearly interested in exploiting this and other enterprise secure file transfer solutions. “In addition to the ongoing investigation into vulnerability (CVE-2023-34362), we have partnered with third-party cybersecurity experts to conduct further detailed code reviews as an added layer…

Read More
13 Jun

Okta aims to unify IAM for Windows, macOS devices in hybrid work environments

Data Breaches, Malware, Social Engineering

Okta said Tuesday that it’s set to launch a new offering, Okta Device Access, designed to extend the capabilities of its cloud-based identity and access management (IAM) service to enterprise desktops and other devices in hybrid work environments. The application, according to the company, aims to simplify logins while also offering stronger authentification features and achieving a zero trust security environment. Okta Device Access, deployed as part of Okta’s Workforce Identity Cloud service, will  launch…

Read More
13 Jun

AI and tech innovation, economic pressures increase identity attack surface

Data Breaches, Malware, Social Engineering

Tension between difficult economic conditions and the pace of technological innovation, including the evolution of artificial intelligence (AI), is fueling the growth of the identity attack surface and identity-led cybersecurity exposure. That’s according to the CyberArk 2023 Identity Security Threat Landscape Report, which details how these issues have the potential to compound “cyber debt” where investment in digital and cloud technology outpaces cybersecurity spend. This create a rapidly expanding and unsecured identity-centric attack surface. The…

Read More
13 Jun

Fortinet Releases June 2023 Vulnerability Advisories

Attacks, Insights, Malware

Fortinet has released its June 2023 Vulnerability Advisories to address vulnerabilities affecting multiple products. An attacker could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Fortinet June 2023 Vulnerability Advisories page for more information and apply the necessary updates.

Read More
13 Jun

CISA Issues BOD 23-02: Mitigating the Risk from Internet-Exposed Management Interfaces

Attacks, Insights, Malware

Today, CISA issued Binding Operational Directive (BOD) 23-02: Mitigating the Risk from Internet-Exposed Management Interfaces, requiring Federal Civilian Executive Branch (FCEB) agencies to reduce risks posed by internet-exposed networked management interfaces on federal information systems. This Directive applies to dedicated device interfaces that are accessible over network protocols and are meant exclusively for authorized users to perform administrative activities on a device, a group of devices, or the network itself.  Agencies must be prepared to…

Read More
13 Jun

DDoS attacks launched against Swiss websites ahead of Zelensky address

Attacks, Data Breaches

Swiss government websites were taken offline through the use of targeted distributed-denial-of-service (DDoS) attacks ahead of a video address by Ukranian President, Volodymyr Zelensky. DDoS attacks disrupt sites by overwhelming their infrastructure with a large amount of internet traffic. As DDoS attacks overwhelm a site’s bandwidth, this prevents users from accessing it.  The disruption to the Swiss government sites was discovered on June 12, as the Swiss parliament prepared for a video address by President…

Read More
13 Jun

Artificial intelligence is coming to Windows: Are your security policy settings ready?

Data Breaches, Malware, Social Engineering

What’s in your Windows security policy? Do you review your settings on an annual basis or more often? Do you provide education and training regarding the topics in the policy? Does it get revised when the impact of an incident showcases that an internal policy violation led to the root cause of the issue? And, importantly, do you have a security policy that includes your firm’s overall policies around the increasing race towards artificial intelligence,…

Read More