CyberSecure Specialist

09 Nov

Microsoft Releases November 2022 Security Updates

Attacks, Insights, Malware

Original release date: November 9, 2022 Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s November 2022 Security Update Guide and Deployment Information and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Read More
09 Nov

Okta streamlines IAM portfolio with consumer identity management cloud

Data Breaches, Malware, Social Engineering

Potential access management customers got a new option from Okta Wednesday, as the identity and access management (IAM) provider announced a newly streamlined Consumer Identity Cloud system designed to simplify the deployment and use of its various products. Okta said that the new cloud program is split into two main components—those aimed at providing identity validation services for consumers, and those aimed at enterprise customers. The former is focused on providing high-security options for online…

Read More
09 Nov

Researchers show techniques for malware persistence on F5 and Citrix load balancers

Data Breaches, Malware, Social Engineering

Over the past several years, hackers have targeted public-facing network devices such as routers, VPN concentrators, and load balancers to gain a foothold into corporate networks. While finding remote code execution vulnerabilities in such devices is not uncommon, incidents where attackers were able to deploy malware on them that can survive restarts or firmware upgrades have been rare and generally attributed with sophisticated APT groups. Because they use flash memory that degrades over time if…

Read More
09 Nov

Malicious Extension Lets Attackers Control Google Chrome Remotely

Attacks, Malware

It is recommended that users update to the latest version of Google Chrome to ensure systems have the most up-to-date security protections. Users can also stay better protected from malicious executables and websites by enabling Enhanced Protection in Chrome’s privacy and security settings. Enhanced Protection automatically produces a warning about potentially risky websites and downloads. https://www.bleepingcomputer.com/news/security/malicious-extension-lets-attackers-control-google-chrome-remotely/

Read More
09 Nov

VMware Fixes Three Critical Authentication Bypass Bugs in Workspace ONE Assist

Attacks, Malware

So far this year, VMware has patched critical authentication bypass vulnerabilities approximately every three months. This article highlights the importance of keeping systems up to date in an enterprise environment. Not performing timely updates could lead to software quickly becoming outdated, which could allow for an actor to gain administrator privileges and execute remote code. It is recommended to monitor any suspicious commands or downloads following the execution of Workspace ONE Assist. Additionally, while VMware…

Read More
09 Nov

ProxyNotShell Receives Patches from Microsoft

Attacks, Malware

Microsoft released the patches for ProxyNotShell on Tuesday, November 8th, 2022. Due to the high severity nature of these vulnerabilities, it is strongly recommended to update all Microsoft Exchange servers as soon as possible. https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-proxynotshell-exchange-zero-days-exploited-in-attacks/

Read More
09 Nov

GitHub releases new SDLC security features including private vulnerability reporting

Data Breaches, Malware, Social Engineering

GitHub has announced new security features across its platform to help protect the software development lifecycle (SDLC). These include private vulnerability reporting, CodeQL vulnerability scanning support for the Ruby programming language, and two new security overview options. The world’s leading development platform said these updates make securing the SDLC end-to-end easier and more seamless for developers. The releases come as SDLC cybersecurity remains high on the agenda with research revealing an increase of almost 800%…

Read More
09 Nov

Citrix Releases Security Updates for ADC and Gateway

Attacks, Insights, Malware

Original release date: November 9, 2022 Citrix has released security updates to address vulnerabilities in Citrix ADC and Citrix Gateway. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Citrix Security Updates CTX463706 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Read More
09 Nov

Silk Road drugs market hacker pleads guilty, faces 20 years inside

Information

by Paul Ducklin Here’s an important thing to remember about jurisprudential arithmetic, where two negatives definitely don’t make a positive: stealing money from someone who originally acquired it through criminal means doesn’t “cancel out” the criminality. You can still go to prison for a very lengthy stretch, and here’s one way. Remember Silk Road? Not the actual road, or more properly, the web of East-West trading routes linking China to the Middle East and Europe…

Read More
09 Nov

Security Posture Management Firm Veriti Emerges From Stealth With $18.5M in Funding

Information, News

Security posture management startup Veriti has emerged from stealth mode with $18.5 million raised in two funding rounds led by Insight Partners and NFX and AMITI. Founded in 2021, the Tel Aviv-based company seeks to help organizations improve their security posture by proactively and continually hunting for and addressing security gaps and misconfigurations across the entire business environment. Veriti says it has designed its Unified Security Posture Management platform based on feedback from CISOs and…

Read More