CyberSecure Specialist

How attackers might use GitHub Codespaces to hide malware delivery

Attackers could start abusing GitHub Codespaces, a new service that allows developers to create and test applications inside development containers running on GitHub’s servers. Developers can make their applications accessible via public GitHub URLs for preview by others, a functionality that can be abused to distribute malware payloads in a stealthy way. “If the application port is shared privately, browser cookies are used and required for authentication,” researchers from security firm Trend Micro said in…

Read More

CISA Updates Best Practices for Mapping to MITRE ATT&CK®

Original release date: January 17, 2023 Today, CISA updated Best Practices for MITRE ATT&CK® Mapping. The MITRE ATT&CK® framework is a lens through which network defenders can analyze adversary behavior and, as CISA Executive Assistant Director Eric Goldstein noted in his June 2021 blog post on the framework, it directly supports “robust, contextual bi-directional sharing of information to help strengthen the security of our systems, networks, and data.” CISA highly encourages the cybersecurity community to…

Read More

MSI Accidentally Breaks Secure Boot for Hundreds of Motherboards

Organizations using an MSI motherboard in that list should check within BIOS settings that the “Image Execution Policy” is set to a safe option. Users should set the Execution Policy to “Deny Execute” for “Removable Media” and “Fixed Media,” which should only allow signed software to boot. It is highly recommended to upgraded motherboard firmware for any device that has not done so since January 2022. The introduction of a bad default shouldn’t be a…

Read More

Attacks on Two Specialty Healthcare Providers Affect Nearly 600,000 People

The data that can be stolen from these types of attacks is very lucrative to threat actors because it involves the billing, identity, and health information of vulnerable patients. Specialized entities such Wilkes-Barre and Home Care Providers of Texas typically have less resources devoted to mature cybersecurity processes and a smaller budget to deal with attacks. Anyone that is a patient of these facilities should look for any communication from the company that outlines whether…

Read More

PyPI Users Targeted With ‘Wacatac’ Trojan in New Supply Chain Attack

Fortinet warns of three new malicious PyPI packages containing code designed to fetch the Wacatac trojan and information stealer as a next stage payload. The three Python packages, ‘colorslib’, ‘httpslib’ and ‘libhttps’ were uploaded to PyPI (Python Package Index) on January 7 and January 12. All three packages were published by the same author from a user account named ‘Lolip0p’, which joined the repository shortly before the packages were published. The Python packages feature legitimate-looking…

Read More

DigiCert releases Trust Lifecycle Manager to unify certificate management, PKI services

Digital security certificate company DigiCert has announced the launch of DigiCert Trust Lifecycle Manager – a new solution designed to unify certificate authority-agnostic certificate management and public key infrastructure (PKI) services. Available now as part of the DigiCert ONE platform, Trust Lifecycle Manager aims to set a new standard for managing trust within an organization’s digital footprint and reduce their attack surface to help prevent data breaches, the firm said. Solution built to address three…

Read More

European data protection authorities issue record €2.92 billion in GDPR fines

European data regulators issued a record €2.92 billion in fines last year, a 168% increase from 2021. That’s according to the latest GDPR and Data Breach survey from international law firm DLA Piper, which covers all 27 Member States of the European Union, plus the UK, Norway, Iceland, and Liechtenstein. This year’s biggest fine of €405 million was imposed by the Irish Data Protection Commissioner (DPC) against Meta Platforms Ireland Limited relating to Instagram for…

Read More

US Maritime Administrator to study port crane cybersecurity concerns

The 2023 National Defense Authorization Act (NDAA) passed by Congress and signed by President Biden in late December 2022 was filled with a host of military-related cybersecurity provisions. One little-noticed provision in the bill called for a study of cybersecurity and national security threats posed by foreign-manufactured cranes at United States ports. Under this provision, the Maritime Administrator, working with Homeland Security, the Pentagon, and the Cybersecurity and Infrastructure Security Agency (CISA), is required to…

Read More

Multi-million investment scammers busted in four-country Europol raid

by Paul Ducklin Another day, another series of cryptocurrency scams… …these, fortunately, brought to a halt, though sadly not before they’d defrauded “investors” around the globe to the tune of millions of dollars. According to Europol, 216 people were questioned in Bulgaria, Cyprus, Germany and Serbia; 15 have already been arrested; 22 searches were conducted, including at four separate call centres; and about $1,000,000 in cryptocurrency was seized. Law enforcement also confiscated €50,000 in cash;…

Read More

Researchers: Brace for Zoho ManageEngine ‘Spray and Pray’ Attacks

Security researchers tracking a known pre-authentication remote code execution vulnerability in Zoho’s ManageEngine products are warning organizations to brace for “spray and pray” attacks across the internet. The vulnerability, patched by Zoho last November, affects multiple Zoho ManageEngine products and can be reached over the internet to launch code execution exploits if SAML single-sign-on is enabled or has ever been enabled. According to researchers at automated penetration testing firm Horizon3.ai, the CVE-2022-47966 flaw is easy…

Read More