CyberSecure Specialist

15 Mar

Microsoft Patch Tuesday, March 2023 Edition

Information, Insights

Microsoft on Tuesday released updates to quash at least 74 security bugs in its Windows operating systems and software. Two of those flaws are already being actively attacked, including an especially severe weakness in Microsoft Outlook that can be exploited without any user interaction. The Outlook vulnerability (CVE-2023-23397) affects all versions of Microsoft Outlook from 2013 to the newest. Microsoft said it has seen evidence that attackers are exploiting this flaw, which can be done…

Read More
15 Mar

Dell beefs up security portfolio with new threat detection and recovery tools

Data Breaches, Malware, Social Engineering

Dell Technologies has added a slew of in-house as well as partnered capabilities to its security portfolio in a bid to beef up its capabilities in areas including threat security, management, and incident response. “Through ongoing innovation and a powerful ecosystem of partners, we’re committed to helping organizations protect against threats, withstand and recover from attacks and provide confidence that their environments are secure,” said Matt Baker, senior vice president, corporate strategy at Dell Technologies.…

Read More
15 Mar

Cybercriminals target SVB customers with BEC and cryptocurrency scams

Data Breaches, Malware, Social Engineering

Cybercriminals have started taking advantage of Silicon Valley Bank’s (SVB) downfall to carrying out scams that can steal money, and bank account information, or infect customers’ systems with malware. SVB was shut down on March 10 by the California Department of Financial Protection and Innovation, after the bank failed to raise capital to keep running. SVB customers are expected to transfer their financial operations to other banks in the coming weeks. This means these customers…

Read More
15 Mar

Palo Alto announces new SD-WAN features for IoT security, compliance support

Data Breaches, Malware, Social Engineering

Cybersecurity vendor Palo Alto has announced new software-defined wide area network (SD-WAN) features in its Prisma SASE solution for IoT device security and to help customers meet industry-specific security compliance requirements. It has also announced advanced URL filtering for the prevention of unknown and evasive man-in-the-middle (MitM) and SaaS platform phishing attacks. SD-WAN for IoT security provides device visibility, prevents threats Prisma SD-WAN with integrated IoT security enables accurate detection and identification of branch IoT…

Read More
15 Mar

WaterISAC Releases Advisory for Microsoft DCOM Patch

Attacks, Insights, Malware

The Water Information Sharing and Analysis Center (WaterISAC) has released an advisory, Potential for Mandatory Microsoft DCOM Patch to Disrupt SCADA. ICS/OT/SCADA engineers and operators should assess the use of the Distributed Component Object Model (DCOM) protocol in their industrial environments. According to WaterISAC, “failure to address could result in loss of critical communications between impacted ICS/OT/SCADA devices.” CISA urges operators to review the WaterISAC advisory and apply recommended compensating controls. See Microsoft KB5004442—Manage changes for…

Read More
15 Mar

CISA Releases SCuBA Hybrid Identity Solutions Architecture Guidance Document for Public Comment

Attacks, Insights, Malware

CISA has released a draft Secure Cloud Business Applications (SCuBA) Hybrid Identity Solutions Architecture guidance document for public comment. The request for comment period is open until April 17, 2023. Comments may be submitted to CyberSharedServices@cisa.dhs.gov. In accordance with Executive Order 14028, CISA’s SCuBA project aims to develop consistent, effective, modern, and manageable security that will help secure agency information assets stored within cloud operations. This guidance will help federal civilian departments and agencies securely…

Read More
15 Mar

Beware of Bank-Related Scams

Attacks, Insights, Malware

In light of recent bank failures, CISA warns consumers to beware of potential scams requesting your money or sensitive personal information. Exercise caution in handling emails with bank-related subject lines, attachments, or links. In addition, be wary of social media pleas, texts, or door-to-door solicitations relating to any failed bank. The Federal Deposit Insurance Corporation (FDIC), the “Receiver” of failed banks, would never contact you asking for personal details, such as bank account information, credit…

Read More
15 Mar

Beyond Identity launches Zero Trust Authentication to align verification with zero-trust principles

Data Breaches, Malware, Social Engineering

Multifactor authentication (MFA) provider Beyond Identity has announced the launch of Zero Trust Authentication — a sub-category of zero trust security that the firm says aligns verification with zero-trust principles. Zero Trust Authentication has several key features including passwordless capability and phishing resistance that allow businesses to verify the identities of people and devices with zero-trust-level certainty, according to Beyond Identity. Without such enhanced verification capacities, organizations cannot truly implement zero trust security, it said.…

Read More
15 Mar

Trustwave teams up with Trellix for better managed security

Data Breaches, Malware, Social Engineering

Managed detection and response (MDR) company Trustwave said Wednesday that it will be partnering with extended detection and response (XDR) company Trellix. The partnership calls for Trustwave to support Trellix endpoint security and to sell  MDR with Trellix, Trustwave said. MDR, as offered by Trustwave, essentially works as a remote, third-party security operations center. The idea is, given the growing complexity of modern security threat landscapes, to let end user companies simply offload key parts…

Read More
14 Mar

Two U.S. Men Charged in 2022 Hacking of DEA Portal

Data Breaches, Information, Insights

Two U.S. men have been charged with hacking into a U.S. Drug Enforcement Agency (DEA) online portal that taps into 16 different federal law enforcement databases. Both are alleged to be part of a larger criminal organization that specializes in using fake emergency data requests from compromised police and government email accounts to publicly threaten and extort their victims. Prosecutors for the Eastern District of New York today unsealed criminal complaints against Sagar Steven Singh…

Read More