CyberSecure Specialist

11 May

IOTW: Sysco confirms data breach impacting company, supplier and employee data

Attacks, Data Breaches

Food distribution company Sysco has confirmed that customer, business and employee data was stolen in a cyber attack it suffered earlier this year. The cyber attack is thought to have taken place on January 14, 2023 and was detected by Sysco on March 5. According to BleepingComputer, Sysco said in an internal memo sent on May 3 that data from companies and suppliers located in the US and Canada as well as data from US employees…

Read More
11 May

CISA and FBI Release Joint Advisory in Response to Active Exploitation of PaperCut Vulnerability

Attacks, Insights, Malware

CISA and FBI have released a joint Cybersecurity Advisory (CSA), Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG. This joint advisory provides details related to an exploitation of PaperCut MF/NG vulnerability (CVE-2023-27350). FBI observed malicious actors exploit CVE-2023-27350 beginning in mid-April 2023 and continuing through the present. In early May 2023, FBI observed a group self-identifying as the Bl00dy Ransomware Gang attempting to exploit vulnerable PaperCut servers against the Education Facilities Subsector. The advisory further…

Read More
11 May

New DownEx malware campaign targets Central Asia

Data Breaches, Malware, Social Engineering

A previously undocumented malware campaign called DownEx has been observed actively targeting government institutions in Central Asia for cyberespionage, according to a report by Bitdefender.  The first instance of the malware was detected in 2022 in a highly targeted attack aimed at exfiltrating data from foreign government institutions in Kazakhstan. Researchers observed another attack in Afghanistan. “The domain and IP addresses involved do not appear in any previously documented incidents, and the malware does not share any code similarities…

Read More
11 May

The 6 best password managers for business

Data Breaches, Malware, Social Engineering

What’s a password manager? A password manager is a program that stores passwords and logins for various sites and apps, and generates new strong passwords when a user needs to change an old one or create a new account. Users can sign into a password manager with a single strong password or by using biometrics, and access all their login information. Most password managers allow users to sign in on multiple devices (including Macs, Windows…

Read More
10 May

The EU’s Cyber Solidarity Act: Security Operations Centers to the rescue!

Information

The legislation aims to bolster the Union’s cyber-resilience and enhance its capabilities to prepare for, detect and respond to incidents The European Union (EU) is transforming itself into a digitally aware, secure, and productive collective, with the aim of entering the 2030s as a relevant player within the digital sector. One of the base ideas of this transformation is the Digital Decade program, which has multiple targets and guidance for relevant objectives for the digital…

Read More
10 May

Linux malware strengthens links between Lazarus and the 3CX supply‑chain attack

Information

Similarities with newly discovered Linux malware used in Operation DreamJob corroborate the theory that the infamous North Korea-aligned group is behind the 3CX supply-chain attack ESET researchers have discovered a new Lazarus Operation DreamJob campaign targeting Linux users. Operation DreamJob is the name for a series of campaigns where the group uses social engineering techniques to compromise its targets, with fake job offers as the lure. In this case, we were able to reconstruct the…

Read More
10 May

Did you mistakenly sell your network access? – Week in security with Tony Anscombe

Information

Many routers that are offered for resale contain sensitive corporate information and allow third-party connections to corporate networks Did you mistakenly sell access to your network when you sold a decommissioned router? Recently, ESET researchers purchased several used core routers to set up a test environment, only to find that, in many cases, the previously used configurations had not been wiped and that the devices still contained trivially accessible sensitive corporate information. The researchers went…

Read More
10 May

Bootkit zero-day fix – is this Microsoft’s most cautious patch ever?

Information, Uncategorized

by Paul Ducklin Microsoft’s May 2023 Patch Tuesday updates comprise just the sort of mixture you probably expected. If you go by numbers, there are 38 vulnerabilities, of which seven are considered critical: six in Windows itself, and one in SharePoint. Apparently, three of the 38 holes are zero-days, because they’re already publicly known, and at least one of them has already been actively exploited by cybercriminals. Unfortunately, those criminals seem to include the notorious…

Read More
10 May

Dell pushes security, devops integration in storage updates

Data Breaches, Malware, Social Engineering

Dell’s storage product lineup is set to receive a wide range of updates, including  devops integrations with the Ansible and Terraform tools, compliance with the latest US government security standards, zero trust readiness and more. PowerStore, Dell’s flash-based storage array line, is receiving the lion’s share of the security updates, according to a Dell announcement on Wednesday. Dell said that PowerStore now boasts STIG hardening, meaning that it is compliant with the federal government’s stanadards…

Read More
10 May

Microsoft fixes bypass for critical Outlook zero-click flaw patch

Data Breaches, Malware, Social Engineering

Microsoft fixed a new vulnerability this week that could be used to bypass defenses the company put in place in March for a critical vulnerability in Outlook that Russian cyberspies exploited in the wild. That vulnerability allowed attackers to steal NTLM hashes by simply sending specifically crafted emails to Outlook users. The exploit requires no user interaction. The new vulnerability, patched Tuesday and tracked as CVE-2023-29324, is in the Windows MSHTML Platform and can be…

Read More