CyberSecure Specialist

02 Feb

New HeadCrab Malware Infects 1,200 Redis Servers to Mine Monero

Attacks, Malware

Since Redis was designed to be accessed from within trusted environments by trusted clients, it is generally not recommended to expose any servers to the Internet. Since Redis does not use authentication by default, exposing a server to the Internet would allow anyone to freely access it and use it for any purpose they desire. Since version 3.2.0, Redis will, by default, enter a protected mode if it is configured as bound to all interfaces…

Read More
02 Feb

New Nevada Ransomware Targets Windows and VMware ESXi Systems

Attacks, Malware

To protect against ransomware attacks, organizations should: • Regularly back up data, air gap, and password protect backup copies offline.• Ensure copies of critical data are not accessible for modification or deletion• Implement network segmentation.• Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location• Install updates/patch operating systems, software, and firmware as soon as possible• Implement monitoring of security events…

Read More
02 Feb

Cisco Devices Left Vulnerable After Bugs are Discovered

Attacks, Malware

Exploiting these bugs would require a threat actor to obtain admin-level access on the local device. However, given that many deployments are likely not to change the default device passwords, threat actors may not have much difficulty obtaining those admin credentials. Researchers at Trellix have advised those using the Cisco products to check for any abnormal containers installed on relevant Cisco devices, and recommended that organizations that don’t run containers disable the IOx container framework…

Read More
02 Feb

Less is more: Conquer your digital clutter before it conquers you

Information

Lose what you don’t use and other easy ways to limit your digital footprint and strengthen your online privacy and security In case you missed it, last week was Data Privacy Week, an awareness campaign to remind everybody that any of our online activities creates a trail of data and that, therefore, we need to better manage our personal information online. And for good reason. Increasingly, we live our lives in the digital world. That…

Read More
02 Feb

Password-stealing “vulnerability” reported in KeePass – bug or feature?

Information

by Paul Ducklin It’s been a newsworthy few weeks for password managers – those handy utilities that help you come up with a different password for every website you use, and then to keep track of them all. At the end of 2022, it was the turn of LastPass to be all over the news, when the company finally admitted that a breach it suffered back in August 2022 did indeed end up with customers’…

Read More
02 Feb

S3 Ep120: When dud crypto simply won’t let go [Audio + Text]

Information

by Paul Ducklin WHY DID THAT TAKE SO LONG? Latest epidode – listen now. Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL of our RSS feed into your…

Read More
02 Feb

F5 Working on Patch for BIG-IP Flaw That Can Lead to DoS, Code Execution

Information, News

F5 warns of a high-severity format string vulnerability in BIG-IP that could allow an authenticated attacker to cause a denial-of-service (DoS) condition and potentially execute arbitrary code. Tracked as CVE-2023-22374, the security defect impacts iControl SOAP, an open API that enables communication between systems, which runs as root. The SOAP interface is accessible from the network, either via the BIG-IP management port and/or self IP addresses, and is restricted to administrative accounts. Rapid7, which identified…

Read More
02 Feb

IOTW: Malicious actors gain access to GitHub source code

Attacks, Data Breaches

GitHub has reported that a malicious actor gained access to a set of repositories used in the planning and development of GitHub Desktop and text and source code editor Atom. The source code repository said that it became aware of the data breach after “unauthorized access” was detected on its servers on December 7, 2022. A set of encrypted code-signing certificates were stolen during a breach. GitHub reported that the certificates were password-protected and there…

Read More
02 Feb

Cisco Releases Security Advisories for Multiple Products

Attacks, Insights, Malware

Original release date: February 2, 2023 Cisco released security updates for vulnerabilities affecting multiple products. A remote attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Cisco Security Advisories page and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Read More
02 Feb

Drupal Releases Security Update to Address a Vulnerability in Apigee Edge

Attacks, Insights, Malware

Original release date: February 2, 2023 Drupal released a security update to address a vulnerability affecting the Apigee Edge module for Drupal 9.x. An attacker could exploit this vulnerability to bypass access authorization or disclose sensitive information. CISA encourages users and administrators to review Drupal’s security advisory SA-CONTRIB- 2023-005 and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Read More