CyberSecure Specialist

01 Nov

K7SecuritySuite Antivirus Software Exploited to Deploy LODEINFO Malware

Attacks, Malware

DLL side-loading remains a popular technique for malware developers because it offers a lot of potential for detection evasion by masking its execution with legitimate software execution. This problem can be approached in a number of ways. Organizations may find application whitelisting and disabling installation by unprivileged users via group policy to be useful in mitigating this threat. EDR and SIEM tools also provide very valuable insight into anomalous software installations and executions in an…

Read More
01 Nov

CISA Releases Updated Guidance on Implementing Phishing-Resistant Multifactor Authentication

Attacks, Malware

When considering the current threat landscape, MFA should be required for all devices accessed from outside of internal resources and for any high-value devices internal to the organization. This includes solutions used to work from home (WFH) such as Virtual Private Networks (VPNs) or Virtual Desktop Infrastructure (VDI), as well as business-critical servers and accounts that have access to sensitive data. FIDO/WebAuthn authentication keys, such as YubiKeys, are by far the MFA most resistant to…

Read More
01 Nov

ConnectWise Addresses Critical Remote Code Vulnerability

Attacks, Malware

ConnectWise has announced that they do not have any evidence of the vulnerability currently being exploited in the wild. Anyone that runs this software should ensure that they are staying up to date on security patches and are running the most current version to prevent them from being susceptible to the vulnerability. Experts warn of critical RCE in ConnectWise Server Backup Solution

Read More
01 Nov

CISA Upgrades to TLP 2.0

Attacks, Insights, Malware

Original release date: November 1, 2022 Today, CISA officially upgraded to Traffic Light Protocol (TLP) 2.0, which facilitates greater information sharing and collaboration. CISA made this upgrade in accordance with the recommendation from the Forum of Incident Response and Security Teams to upgrade to TLP 2.0 by January 2023. Key TLP 2.0 updates: TLP 2.0 changes TLP:WHITE to TLP:CLEAR. TLP 2.0 adds the designation TLP:AMBER+STRICT, which instructs the recipient to keep the information strictly within…

Read More
01 Nov

CISA Releases One Industrial Control Systems Advisory

Attacks, Insights, Malware

Original release date: November 1, 2022 CISA released one Industrial Control Systems (ICS) advisory on November 1, 2022. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations: ICSA-22-221-01 Mitsubishi Electric Multiple Factory Automation Products (Update C) This product is provided subject to this Notification and this Privacy & Use policy.

Read More
01 Nov

Will cyber‑insurance pay out? – Week in security with Tony Anscombe

Information

What if your organization is hit by a cyberattack that is attributed to a nation state? Would your insurance cover the costs of the attack? As cyber-insurance is, and will continue to be, a budget item for organizations looking to protect themselves from the escalating and unforeseen consequences of cyberattacks, one important question arises – will an organization’s cyber-insurance policy cover the damage caused by an attack that was attributed to a nation state? This…

Read More
01 Nov

Worok: The big picture

Information

Focused mostly on Asia, this new cyberespionage group uses undocumented tools, including steganographically extracting PowerShell payloads from PNG files ESET researchers recently found targeted attacks that used undocumented tools against various high-profile companies and local governments mostly in Asia. These attacks were conducted by a previously unknown espionage group that we have named Worok and that has been active since at least 2020. Worok’s toolset includes a C++ loader CLRLoad, a PowerShell backdoor PowHeartBeat, and…

Read More
01 Nov

Trick or treat? Stay so cyber‑safe it’s scary – not just on Halloween

Information

Gather around, folks, to learn about some of the ghastliest tricks used by criminals online and how you can avoid security horrors this Halloween and beyond Trick or treat, it is Halloween! The day has come when children knock on your door dressed in scary costumes and ask for a treat. Be ready…or a spooky spell will be cast upon you! The real danger, however, doesn’t knock on the door. Hackers, imposters and scammers of…

Read More
01 Nov

Psychotherapy extortion suspect: arrest warrant issued

Information

by Paul Ducklin Imagine that you’d spoken in what you thought was total confidence to a psychotherapist, but the contents of your sessions had been saved for posterity, along with precise personal identification details such as your unique national ID number, and perhaps including additional information such as notes about your relationship with your family… …and then, as if that were not bad enough, imagine that the words you’d never expected to be typed in…

Read More
01 Nov

The OSPO – the front line for secure open-source software supply chain governance

Data Breaches, Malware, Social Engineering

Organizations of every shape, size, and sector have embraced open-source software (OSS). The financial, medical, and manufacturing industries – and even national security – now use OSS to power their most critical applications and activities. However, this widespread adoption comes with pitfalls: a corresponding increase of almost 800% in software supply chain attacks according to the State of the Software Supply Chain from Sonatype. With the rapid growth of OSS adoption, organizations have begun to…

Read More