CyberSecure Specialist

13 Jan

Attackers deploy sophisticated Linux implant on Fortinet network security devices

Data Breaches, Malware, Social Engineering

In December network security vendor Fortinet disclosed that a critical vulnerability in its FortiOS operating system was being exploited by attackers in the wild. This week, after additional analysis, the company released more details about a sophisticated malware implant that those attackers deployed through the flaw. Based on currently available information, the original zero-day attack was highly targeted to government-related entities. However, since the vulnerability has been known for over a month, all customers should…

Read More
13 Jan

Gen Digital Warns of Norton Password Manager Account Breach

Attacks, Malware

Credential stuffing attacks are a rather old method of breaching an account, but they are still relatively successful. These attacks rely on human error in the form of reusing passwords. From an organizational standpoint, this could lead to account compromise if an employee reuses one of their passwords from an external site that was breached for their work account. To detect credential stuffing attacks, organizations can monitor logon events for a spike in failed authentications…

Read More
13 Jan

San Francisco Transit Police Breached

Attacks, Malware

Public sector entities tend to be at a higher risk for breach due to the lack of budget and ability to hire cyber security professionals. Because of this, many fall victim to cyber-attacks that affect systems with no way to easily mitigate. Customers who believe they may have been a victim of this breach should ensure they are taking the necessary precautions to protect themselves, such as looking out for phishing emails and monitoring credit…

Read More
13 Jan

Microsoft: Exchange Server 2013 Reaches End of Support in 90 days

Attacks, Malware

Microsoft recommends upgrading on-premises Exchange Server 2013 servers to Exchange Server 2019 to keep receiving bug fixes and security updates for new flaws. However, before deploying new Exchange Server 2019 installations across servers running software quickly reaching EOS, admins should ensure that network, hardware, software, and clients meet the requirements. Redmond also advises admins to migrate to its hosted Exchange Online email and the calendaring client as an alternative option, available as an Office 365…

Read More
13 Jan

NSA Director Pushes Congress to Renew Surveillance Powers

Information, News

A top U.S. intelligence official on Thursday urged Congress to renew sweeping powers granted to American spy agencies to surveil and examine communications, saying they were critical to stopping terrorism, cyberattacks and other threats. The remarks by Army Gen. Paul Nakasone, director of the National Security Agency, opened what’s expected to be a contentious debate over provisions of the Foreign Intelligence Surveillance Act that expire at year’s end. The bipartisan consensus in favor of expanded…

Read More
13 Jan

Most Cacti Installations Unpatched Against Exploited Vulnerability

Information, News

Most internet-exposed Cacti installations have not been patched against a critical-severity command injection vulnerability that is being exploited in attacks. An open-source web-based network monitoring and graphing tool that offers an operational monitoring and fault management framework, Cacti is a front-end application for the data logging utility RRDtool. In early December 2022, the tool’s maintainers announced patches for CVE-2022-46169, a critical-severity (CVSS score 9.8) command injection flaw that could allow unauthenticated attackers to execute code…

Read More
13 Jan

Cyber attack against Royal Mail linked to Russian hackers

Attacks, Data Breaches

A cyber attack against the UK postal service Royal Mail which saw the company request that customers stop sending mail abroad via its services has been linked to Russian hackers. Royal Mail informed the public of the cyber attack on January 11, saying it had caused “severe disruption” to the computerized systems used to send mail abroad. The company “immediately launched an investigation into the [cyber] incident” and utilized the help of the UK’s National…

Read More
13 Jan

Exploitation of Control Web Panel Vulnerability Starts After PoC Publication

Information, News

Security researchers are observing exploitation attempts targeting a critical Control Web Panel (CWP) vulnerability, following the publication of proof-of-concept (PoC) code in early January. Formerly CentOS Web Panel, CWP is a popular, free web hosting panel for enterprise-based Linux systems, offering support for the management and security of both servers and clients. Tracked as CVE-2022-44877 (CVSS score of 9.8), the exploited vulnerability allows unauthenticated attackers to achieve remote code execution (RCE) on impacted systems. The…

Read More
13 Jan

Royal ransomware group actively exploiting Citrix vulnerability

Data Breaches, Malware, Social Engineering

The Royal ransomware group is believed to be actively exploiting a critical security flaw affecting Citrix systems, according to the cyber research team at cyber insurance provider At-Bay. Announced by Citrix on November 8, 2022, the vulnerability, identified as CVE-2022-27510, allows for the potential bypass of authentication measures on two Citrix products: the Application Delivery Controller (ADC) and Gateway. There were no known instances of the vulnerability being exploited in the wild at the time…

Read More
12 Jan

Now you can legally repair your tech – sort of

Information

A new law portends a future where (we hope) it will be easier for us all to repair, fix, upgrade, and just tinker with things we already own Want to secure, patch, upgrade, or modify tech you own? You may not be able to, if some manufacturers have anything to say about it. They view your use of their tech as a limited license, not ownership, and therefore strike back if you attempt to fix…

Read More