CyberSecure Specialist

10 Jan

Hybrid work: Turning business platforms into preferred social spaces

Information

Hybrid work and hybrid play now merge into hybrid living, but where is the line between the two? Is there one? That the COVID-19 pandemic brought a new normal to businesses, educational institutions, and our everyday lives is an understatement. Many interactions, whether work-related or personal, moved online or at least gained a virtual mirror. This virtual migration began alongside the pandemic when most people and businesses first turned to tried-and-tested communications solutions, such as…

Read More
10 Jan

Cracked it! Highlights from KringleCon 5: Golden Rings

Information

Learning meets fun at the 2022 SANS Holiday Hack Challenge – strap yourself in for a crackerjack ride at the North Pole as I foil Grinchum’s foul plan and recover the five golden rings This is my first year participating in the SANS Holiday Hack Challenge and it was a blast. Through a series of 16 challenges ranging from easy to difficult, I practiced analyzing suspicious network traffic and PowerShell logs, writing Suricata rules, breaking…

Read More
10 Jan

Popular JWT cloud security library patches “remote” code execution hole

Information

by Paul Ducklin JWT is short for JSON Web Token, where JSON itself is short for JavaScript Object Notation. JSON is a modernish way of representing structured data; its format is a bit like XML, and can often be used instead, but without all the opening-and-closing angle brackets to get in the way of legibility. For example, data that might be recorded like this in XML… <?xml version=”1.0″ encoding=”UTF-8″?> <data> <name>Duck</name> <job> <employer>Sophos</employer> <role>NakSec</role> </job>…

Read More
10 Jan

Microsoft Patch Tuesday: One 0-day; Win 7 and 8.1 get last-ever patches

Information

by Paul Ducklin As far as we can tell, there are a whopping 2874 items in this month’s Patch Tuesday update list from Microsoft, based on the CSV download we just grabbed from Redmond’s Security Update Guide web page. (The website itself says 2283, but the CSV export contained 2875 lines, where the first line isn’t actually a data record but a list of the various field names for the rest of the lines in…

Read More
10 Jan

Data leak exposes information of 10,000 French social security beneficiaries

Data Breaches, Malware, Social Engineering

[Editor’s note: This article originally appeared on the Le Monde Informatique website.] More than 10,000 beneficiaries of a local branch of the French social security agency CAF, or Family Allowance Fund, saw their data exposed for about 18 months, after a file containing personal information was sent to a service provider. The mistake, discovered by France Info — Radio France’s news and investigation service — just before the year-end holidays, could hit the CAF hard.…

Read More
10 Jan

Microsoft Patch Tuesday, January 2023 Edition

Information, Insights

Microsoft today released updates to fix nearly 100 security flaws in its Windows operating systems and other software. Highlights from the first Patch Tuesday of 2023 include a zero-day vulnerability in Windows, printer software flaws reported by the U.S. National Security Agency, and a critical Microsoft SharePoint Server bug that allows a remote, unauthenticated attacker to make an anonymous connection. At least 11 of the patches released today are rated “Critical” by Microsoft, meaning they…

Read More
10 Jan

Adobe Releases Security Updates for Multiple Products

Attacks, Insights, Malware

Original release date: January 10, 2023 Adobe has released security updates to address multiple vulnerabilities in Adobe software. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates. Adobe Acrobat and Reader APSB23-01 Adobe InDesign APSB23-07 Adobe InCopy APSB23-08 Adobe Dimension APSB23-10 This product is provided subject to this Notification and this Privacy…

Read More
10 Jan

Microsoft Releases January 2023 Security Updates

Attacks, Insights, Malware

Original release date: January 10, 2023 Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s January 2023 Security Update Guide and Deployment Information and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Read More
10 Jan

Microsoft Patch Tuesday: 97 Windows Vulns, 1 Exploited Zero-Day

Information, Malware, News

Microsoft’s security patching machine hummed into overdrive Tuesday with the release of fixes for at least 97 documented software vulnerabilities, including a zero-day that’s already been exploited to escape the browser sandbox. The zero-day, flagged by researchers at anti-malware company Avast, was exploited in live attacks to elevate privileges and escape a browser’s sandbox mitigation. As has become customary, Microsoft is stingy with details on the vulnerability or the attacks.  An advisory from Redmond marks…

Read More
10 Jan

Cybercriminals are using ChatGPT to create malware

Attacks, Data Breaches

Malicious actors have been using artificial intelligence (AI)-powered chatbots like OpenAI’s ChatGPT to build malware, dark web sites and other tools for enacting cyber attacks, reserach by threat intelligence company Check Point Research has found.  When asked by Cyber Security Hub, cyber security experts predicted that a top threat to cyber security in 2023 would be crime-as-a-service; platforms where malicious actors can offer their services to those who would otherwise be unable to carry out…

Read More