CyberSecure Specialist

15 Mar

Rubrik Confirms Data Theft in GoAnywhere 0-Day Attack

Attacks, Malware

While typically it is recommended to maintain good threat intelligence and an adequate patching schedule, neither of these recommendations would apply in this case as this vulnerability was exploited as a 0-day prior to the patch that was released in February. The best defense against 0-day vulnerabilities is to employ a defense-in-depth strategy. While it won’t stop the 0-day, employing this strategy makes it much more likely to detect the attack at an earlier step…

Read More
15 Mar

Cybercriminals Exploit SVB Collapse to Steal Money and Data

Attacks, Malware

The wisest course of action for former SVB customers is to maintain composure and adhere to the FDIC’s and the U.S. government’s established communication channels. Avoid emails from strange websites and double-check any requests for bank account changes or payments in regards to SVB accounts. Any requests for changes or payments should be verified with a direct communication using a phone call instead of email. Email accounts may be compromised, and all requests should be…

Read More
15 Mar

Microsoft Fixes Outlook Zero-day Used by Russian Attackers Since April 2022

Attacks, Malware

Microsoft urges customers to immediately patch their systems against CVE-2023-23397 or add users to the Protected Users group in Active Directory and block outbound SMB (TCP port 445) as a temporary mitigation to minimize the impact of the attacks. Redmond also released a dedicated PowerShell script to help admins check if any users in their Exchange environment have been targeted using this Outlook vulnerability. It “checks Exchange messaging items (mail, calendar and tasks) to see…

Read More
15 Mar

The slow Tick‑ing time bomb: Tick APT group compromise of a DLP software developer in East Asia

Information

ESET Research uncovered a campaign by APT group Tick against a data-loss prevention company in East Asia and found a previously unreported tool used by the group ESET researchers discovered a campaign that we attribute with high confidence to the APT group Tick. The incident took place in the network of an East Asian company that develops data-loss prevention (DLP) software. The attackers compromised the DLP company’s internal update servers to deliver malware inside the…

Read More
15 Mar

Microsoft fixes two 0-days on Patch Tuesday – update now!

Information

by Paul Ducklin Thanks to the precise four-week length of February this year, last month’s coincidence of Firefox and Microsoft updates has happened once again. Last month, Microsoft dealt with three zero-days, by which we mean security holes that cybercriminals found first, and figured out how to abuse in real-life attacks before any patches were available. (The name zero-day, or just 0-day, is a reminder of the fact that even the most progressive and proactive…

Read More
15 Mar

Firefox 111 patches 11 holes, but not 1 zero-day among them…

Information

by Paul Ducklin Heard of cricket (the sport, not the insect)? It’s much like baseball, except that batters can hit the ball wherever they like, including backwards or sideways; bowlers can hit the batter with the ball on purpose (within certain safety limits, of course – it just wouldn’t be cricket otherwise) without kicking off a 20-minute all-in brawl; there’s almost always a break in the middle of the afternoon for tea and cake; and…

Read More
15 Mar

CISA released four Industrial…

Attacks, Insights, Malware

CISA released four Industrial Control Systems (ICS) advisories on March 14, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-23-073-01 Omron CJ1m PLC ICSA-23-073-02 Autodesk FBX SDK ICSA-23-073-03 GE iFIX ICSA-23-073-04 AVEVA Plant SCADA and AVEVA Telemetry Server

Read More
15 Mar

Mozilla has released security…

Attacks, Insights, Malware

Mozilla has released security updates to address vulnerabilities in Firefox 111 and Firefox ESR 102.9. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Mozilla’s security advisories for Firefox 111 and Firefox ESR 102.9 for more information and apply the necessary updates. Please share your thoughts. We recently updated our anonymous Product Feedback Survey and we’d welcome your feedback.

Read More
15 Mar

Today, the CISA, Federal Bureau of…

Attacks, Insights, Malware

Today, the CISA, Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint Cybersecurity Advisory (CSA), Threat Actors Exploit Progress Telerik Vulnerability in U.S. Government IIS Server. This joint CSA provides IT infrastructure defenders with tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), and methods to detect and protect against similar, successful CVE-2019-18935 exploitation. As detailed in the advisory, CISA analysts determined that multiple cyber threat actors, including…

Read More
15 Mar

US Charges Two Men Over Use of Hacked Law Enforcement Database for Doxing

Information, News

The US Justice Department on Tuesday announced charges against two men from New York and Rhode Island over their alleged roles in a doxing operation that involved hacking into a law enforcement portal and a police official’s email account. The suspects, 19-year-old Sagar Steven Singh (aka Weep) and 25-year-old Nicholas Ceraolo (aka Convict and Ominous), have been charged with conspiracy to commit computer intrusions, for which they face up to five years in prison. Ceraolo…

Read More