CyberSecure Specialist

03 Mar

S3 Ep124: When so-called security apps go rogue [Audio + Text]

Information

by Paul Ducklin A ROGUES’ GALLERY Rogue software packages. Rogue “sysadmins”. Rogue keyloggers. Rogue authenticators. No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL of our RSS feed into your favourite podcatcher. READ THE TRANSCRIPT DOUG.  Scambaiting, rogue 2FA…

Read More
03 Mar

Today, the Federal Bureau of…

Attacks, Insights, Malware

Today, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released joint Cybersecurity Advisory (CSA) #StopRansomware: Royal Ransomware to provide network defenders tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with Royal ransomware variants. FBI investigations identified these TTPs and IOCs as recently as January 2023. Royal ransomware attacks have spread across numerous critical infrastructure sectors including, but not limited to, manufacturing, communications, healthcare and public healthcare (HPH),…

Read More
03 Mar

Cisco has released a security…

Attacks, Insights, Malware

Cisco has released a security advisory for vulnerabilities affecting the 6800, 7800, 7900, and 8800 Series of Cisco IP Phones. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages users and administrators to review the following advisory and apply the necessary updates. Cisco IP Phone 6800, 7800, 7900, and 8800 Series Web UI Vulnerabilities cisco-sa-ip-phone-cmd-inj-KMFynVcP…

Read More
03 Mar

CISA released five Industrial…

Attacks, Insights, Malware

CISA released five Industrial Control Systems (ICS) advisories on March 2, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.      CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations:   ICSA-23-061-01 Mitsubishi Electric MELSEC Series ICSA-23-061-02 Baicells Nova ICSA-23-061-03 Rittal CMC III Access systems ICSMA-23-061-01 Medtronic Micro Clinician and InterStim Apps ICSA-20-212-04 Mitsubishi Electric Factory Automation Engineering Products (Update…

Read More
02 Mar

Highlights from the New U.S. Cybersecurity Strategy

Information, Insights

The Biden administration today issued its vision for beefing up the nation’s collective cybersecurity posture, including calls for legislation establishing liability for software products and services that are sold with little regard for security. The White House’s new national cybersecurity strategy also envisions a more active role by cloud providers and the U.S. military in disrupting cybercriminal infrastructure, and it names China as the single biggest cyber threat to U.S. interests. The strategy says the…

Read More
02 Mar

IBM partners up with Cohesity for better data defense in new storage suite

Data Breaches, Malware, Social Engineering

IBM and data security and backup provider Cohesity have formed a new partnership, calling for Cohesity’s data protection functionality to be incorporated into an upcoming IBM storage product suite, dubbed Storage Defender, for better protection of end-user organizations’ critical information. The capabilities of Cohesity’s DataProtect backup and recovery product will be one of four main feature sets in the Storage Defender program, according to an announcement from IBM Thursday. The Storage Defender suite is designed…

Read More
02 Mar

White House releases an ambitious National Cybersecurity Strategy

Data Breaches, Malware, Social Engineering

The White House released its long-anticipated National Cybersecurity Strategy, a comprehensive document that offers fundamental changes in how the US allocates “roles, responsibilities, and resources in cyberspace.” The strategy involved months of discussions among more than 20 government agencies and countless consultations with private sector organizations. It encompasses virtually all the weaknesses and challenges inherent in cybersecurity, from software vulnerabilities to internet infrastructure vulnerabilities to workforce shortages. Chief among the changes proposed in the strategy…

Read More
02 Mar

Gitpod flaw shows cloud-based development environments need security assessments

Data Breaches, Malware, Social Engineering

Researchers from cloud security firm Snyk recently discovered a vulnerability that would have allowed attackers to perform full account takeover and remote code execution (RCE) in Gitpod, a popular cloud development environment (CDE). Cloud-based development environments are popular because they’re easier to deploy and maintain than local ones and promise better security. However, organizations should properly assess security risks CDEs can introduce and are unique to their architectures, especially since they haven’t received much scrutiny from…

Read More
02 Mar

Leaky Database puts Animaker Consumers at Risk

Attacks, Malware

Users of Animaker are advised to be vigilant of any suspicious activity related to their accounts. It is also recommended that users enable two-factor authentication and use unique passwords for their various online accounts to mitigate the risk of further data breaches. Companies who use storage buckets should be aware that security controls typically need to be created after the creation of the bucket. Video Marketing Software Animker Leaking Trove of User Data

Read More
02 Mar

Experts Identify Fully-Featured Info Stealer and Trojan in Python Package on PyPI

Attacks, Malware

PyPI and other language-based repositories are increasingly being used by threat actors to distribute malware. Due to this, it is important to make sure that package installations are being done in a secure manner, to prevent an incidental infection within an organization. It is recommended that all imported libraries into an application are verified by developers, to make sure that there are no accidental typos in library names. Threat actors rely on accidental typos when…

Read More