CyberSecure Specialist

Ransomware attack knocks Rackspace’s Exchange servers offline

Cloud services and hosting provider Rackspace Technology acknowledged Tuesday that a recent incident that took most of its Hosted Exchange email server business offline was the product of a ransomware attack. The company shut the service down last Friday. It was not, initially, clear what had caused the outage, but Rackspace quickly moved to shift Exchange customers over to Microsoft 365, as this part of the company’s infrastructure was apparently unaffected. Rackpsace offers migration to…

Read More

Threat Actors Abuse PRoot Linux Utility to Simplify Malware Deployment

Threat actors observed using this technique have been able to utilize free file sharing services like Google Drive, Dropbox, or OneDrive to host their compressed filesystem containing their malware, making them readily accessible from victim devices. Organizations should be sure to monitor for connections to these file sharing services, especially ones that are not commonly used for an organization’s business processes.Organizations may also find it useful to monitor for the execution of the PRoot tool,…

Read More

CISA Order Agencies to Patch Google Chrome Vulnerability

This is the ninth high severity bug for which Chrome has released a patch during 2022. CISA has given three weeks to its agencies to patch their systems. Because of this timeline, it is likely we will not see technical details of this vulnerability until after this date. It is highly recommended that any organization with users running Google Chrome should use CISA’s requirements as a guideline for themselves, and endeavor to have all systems…

Read More

Three BMC Vulnerabilities Impact Manufacturers Industrywide

Much of the risk of these vulnerabilities can be mitigated by controlling access to remote management interfaces. Companies should endeavor to never leave these exposed to the internet, and further limit which devices or networks can access these interfaces. User behavior analysis can help identify exploitation of vulnerabilities like these; mass password reset requests and root-level activities that differ from baseline can be reliable indicators of a compromise. https://thehackernews.com/2022/12/new-bmc-supply-chain-vulnerabilities.html

Read More

Three Ways to Improve Defense Readiness Using MITRE D3FEND

Created and maintained by MITRE, MITRE D3FEND is a framework that provides a library of defensive cybersecurity countermeasures and technical components to help organizations improve their defensive cybersecurity posture. MITRE D3FEND is complementary to the MITRE ATT&CK framework, which is a library of cybercriminal tactics, techniques, and procedures (TTP). D3FEND maps relationships between ATT&CK’s TTP and defensive countermeasures for developing strategies to known attacker behavior. Using D3FEND To Bolster Defensive Readiness D3FEND gives organizations a…

Read More

Flaws in MegaRAC baseband management firmware impact many server brands

Researchers have found three vulnerabilities in AMI MegaRAC, a baseband management controller (BMC) firmware used by multiple server manufacturers. If exploited, the flaws could allow attackers to remotely control servers, deploy malware and firmware implants, or trigger damaging actions that leave them inoperable. BMCs are microcontrollers present on server motherboards that have their own firmware, dedicated memory, power, and network ports and are used for out-of-band management of servers when their main operating systems are…

Read More

Action1 launches threat actor filtering to block remote management platform abuse

Action1 has announced new AI-based threat actor filtering to detect and block abuse of its remote management platform. The cloud-native patch management, remote access, and remote monitoring and management (RMM) firm stated its platform has been upgraded to spot abnormal user behavior and automatically block threat actors to prevent attackers exploiting its tool to carry out malicious activity. The release comes amid a trend of hackers misusing legitimate systems management platforms to deploy ransomware or…

Read More

The global state of the cyber security industry 2022

Introduction to cyber security in 2022 Cyber security is central to operational success Cyber security practitioners entered 2022 under the shadow of the Log4Shell vulnerability. The vulnerability sent shockwaves throughout the cyber security world and has continued to be used by threat actors. Just months into 2022, statements from government organizations such as the Cybersecurity and Infrastructure Security Agency (CISA) in the US and the UK’s National Cyber Security Centre (NCSC) called on organizations, especially…

Read More

Tractors vs. threat actors: How to hack a farm

Forget pests for a minute. Modern farms also face another – and more insidious – breed of threat. While I was in the UK police force and part of the National Cyber Crime Unit in 2018, I was asked to give a talk on cybersecurity at a National Farmers’ Union (NFU) meeting in southern England. Right after I started my talk, one farmer immediately raised his hand and told me that his cows had recently…

Read More

Ping of death! FreeBSD fixes crashtastic bug in network tool

by Paul Ducklin One of the first low-level network tools that any computer user learns about is the venerable ping utility. Named after the eponymous sound effect from any and every old-school war movie scene involving submarines, the command is a metaphorical echo (see what we did there?) of the underwater version of RADAR known as SONAR. You send out a p-i-n-g (more like a d-o-i-n-n-n-n-g noise, in reality) into the briny depths, and by…

Read More