CyberSecure Specialist

01 Nov

OpenSSL project patches two vulnerabilities but downgrades severity

Data Breaches, Malware, Social Engineering

The OpenSSL project released a patch for two high severity vulnerabilities in the world’s most widely used cryptographic library. The project’s maintainers warned users since last week to prepare for a critical patch on November 1, but the severity has since been downgraded following additional testing. Organizations should still determine which of their applications and servers are impacted and deploy the patches as soon as possible. The vulnerabilities affect all versions of OpenSSL 3.0, which…

Read More
01 Nov

Microsoft Patches Azure Cosmos DB Flaw Leading to Remote Code Execution

Information, News

A missing authentication check vulnerability in Azure Cosmos DB could have allowed an attacker to execute arbitrary code remotely, Orca Security warns. Azure Cosmos DB is a NoSQL database used on e-commerce platforms to store catalog data, and in order processing pipelines for event sourcing. The security defect was identified in Azure Cosmos DB Jupyter notebooks, an open-source interactive developer environment (IDE) that allows developers to share documents, live code, visualizations, and more. Built into…

Read More
01 Nov

K7SecuritySuite Antivirus Software Exploited to Deploy LODEINFO Malware

Attacks, Malware

DLL side-loading remains a popular technique for malware developers because it offers a lot of potential for detection evasion by masking its execution with legitimate software execution. This problem can be approached in a number of ways. Organizations may find application whitelisting and disabling installation by unprivileged users via group policy to be useful in mitigating this threat. EDR and SIEM tools also provide very valuable insight into anomalous software installations and executions in an…

Read More
01 Nov

CISA Releases Updated Guidance on Implementing Phishing-Resistant Multifactor Authentication

Attacks, Malware

When considering the current threat landscape, MFA should be required for all devices accessed from outside of internal resources and for any high-value devices internal to the organization. This includes solutions used to work from home (WFH) such as Virtual Private Networks (VPNs) or Virtual Desktop Infrastructure (VDI), as well as business-critical servers and accounts that have access to sensitive data. FIDO/WebAuthn authentication keys, such as YubiKeys, are by far the MFA most resistant to…

Read More
01 Nov

ConnectWise Addresses Critical Remote Code Vulnerability

Attacks, Malware

ConnectWise has announced that they do not have any evidence of the vulnerability currently being exploited in the wild. Anyone that runs this software should ensure that they are staying up to date on security patches and are running the most current version to prevent them from being susceptible to the vulnerability. Experts warn of critical RCE in ConnectWise Server Backup Solution

Read More
01 Nov

CISA Upgrades to TLP 2.0

Attacks, Insights, Malware

Original release date: November 1, 2022 Today, CISA officially upgraded to Traffic Light Protocol (TLP) 2.0, which facilitates greater information sharing and collaboration. CISA made this upgrade in accordance with the recommendation from the Forum of Incident Response and Security Teams to upgrade to TLP 2.0 by January 2023. Key TLP 2.0 updates: TLP 2.0 changes TLP:WHITE to TLP:CLEAR. TLP 2.0 adds the designation TLP:AMBER+STRICT, which instructs the recipient to keep the information strictly within…

Read More
01 Nov

CISA Releases One Industrial Control Systems Advisory

Attacks, Insights, Malware

Original release date: November 1, 2022 CISA released one Industrial Control Systems (ICS) advisory on November 1, 2022. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations: ICSA-22-221-01 Mitsubishi Electric Multiple Factory Automation Products (Update C) This product is provided subject to this Notification and this Privacy & Use policy.

Read More
01 Nov

Will cyber‑insurance pay out? – Week in security with Tony Anscombe

Information

What if your organization is hit by a cyberattack that is attributed to a nation state? Would your insurance cover the costs of the attack? As cyber-insurance is, and will continue to be, a budget item for organizations looking to protect themselves from the escalating and unforeseen consequences of cyberattacks, one important question arises – will an organization’s cyber-insurance policy cover the damage caused by an attack that was attributed to a nation state? This…

Read More
01 Nov

Worok: The big picture

Information

Focused mostly on Asia, this new cyberespionage group uses undocumented tools, including steganographically extracting PowerShell payloads from PNG files ESET researchers recently found targeted attacks that used undocumented tools against various high-profile companies and local governments mostly in Asia. These attacks were conducted by a previously unknown espionage group that we have named Worok and that has been active since at least 2020. Worok’s toolset includes a C++ loader CLRLoad, a PowerShell backdoor PowHeartBeat, and…

Read More
01 Nov

Trick or treat? Stay so cyber‑safe it’s scary – not just on Halloween

Information

Gather around, folks, to learn about some of the ghastliest tricks used by criminals online and how you can avoid security horrors this Halloween and beyond Trick or treat, it is Halloween! The day has come when children knock on your door dressed in scary costumes and ask for a treat. Be ready…or a spooky spell will be cast upon you! The real danger, however, doesn’t knock on the door. Hackers, imposters and scammers of…

Read More