CyberSecure Specialist

CISA Upgrades to TLP 2.0

Original release date: November 1, 2022 Today, CISA officially upgraded to Traffic Light Protocol (TLP) 2.0, which facilitates greater information sharing and collaboration. CISA made this upgrade in accordance with the recommendation from the Forum of Incident Response and Security Teams to upgrade to TLP 2.0 by January 2023. Key TLP 2.0 updates: TLP 2.0 changes TLP:WHITE to TLP:CLEAR. TLP 2.0 adds the designation TLP:AMBER+STRICT, which instructs the recipient to keep the information strictly within…

Read More

CISA Releases One Industrial Control Systems Advisory

Original release date: November 1, 2022 CISA released one Industrial Control Systems (ICS) advisory on November 1, 2022. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations: ICSA-22-221-01 Mitsubishi Electric Multiple Factory Automation Products (Update C) This product is provided subject to this Notification and this Privacy & Use policy.

Read More

Will cyber‑insurance pay out? – Week in security with Tony Anscombe

What if your organization is hit by a cyberattack that is attributed to a nation state? Would your insurance cover the costs of the attack? As cyber-insurance is, and will continue to be, a budget item for organizations looking to protect themselves from the escalating and unforeseen consequences of cyberattacks, one important question arises – will an organization’s cyber-insurance policy cover the damage caused by an attack that was attributed to a nation state? This…

Read More

Worok: The big picture

Focused mostly on Asia, this new cyberespionage group uses undocumented tools, including steganographically extracting PowerShell payloads from PNG files ESET researchers recently found targeted attacks that used undocumented tools against various high-profile companies and local governments mostly in Asia. These attacks were conducted by a previously unknown espionage group that we have named Worok and that has been active since at least 2020. Worok’s toolset includes a C++ loader CLRLoad, a PowerShell backdoor PowHeartBeat, and…

Read More

Trick or treat? Stay so cyber‑safe it’s scary – not just on Halloween

Gather around, folks, to learn about some of the ghastliest tricks used by criminals online and how you can avoid security horrors this Halloween and beyond Trick or treat, it is Halloween! The day has come when children knock on your door dressed in scary costumes and ask for a treat. Be ready…or a spooky spell will be cast upon you! The real danger, however, doesn’t knock on the door. Hackers, imposters and scammers of…

Read More

Psychotherapy extortion suspect: arrest warrant issued

by Paul Ducklin Imagine that you’d spoken in what you thought was total confidence to a psychotherapist, but the contents of your sessions had been saved for posterity, along with precise personal identification details such as your unique national ID number, and perhaps including additional information such as notes about your relationship with your family… …and then, as if that were not bad enough, imagine that the words you’d never expected to be typed in…

Read More

The OSPO – the front line for secure open-source software supply chain governance

Organizations of every shape, size, and sector have embraced open-source software (OSS). The financial, medical, and manufacturing industries – and even national security – now use OSS to power their most critical applications and activities. However, this widespread adoption comes with pitfalls: a corresponding increase of almost 800% in software supply chain attacks according to the State of the Software Supply Chain from Sonatype. With the rapid growth of OSS adoption, organizations have begun to…

Read More

Accused ‘Raccoon’ Malware Developer Fled Ukraine After Russian Invasion

A 26-year-old Ukrainian man is awaiting extradition from The Netherlands to the United States on charges that he acted as a core developer for Raccoon, a popular “malware-as-a-service” offering that helped paying customers steal passwords and financial data from millions of cybercrime victims. KrebsOnSecurity has learned that the defendant was busted in March 2022, after fleeing mandatory military service in Ukraine in the weeks following the Russian invasion. Ukrainian national Mark Sokolovsky, seen here in…

Read More

White House Seeks International Cooperation to Thwart Growing Ransomware Threat

Governments across the globe continue to look for ways to effectively battle ransomware. It has become a top priority for many world leaders especially in the US, but organizations still need to take their own steps to ensure they are protected from ransomware. To protect against ransomware attacks, organizations should:• Regularly back up data, air gap, and password protect backup copies offline.• Ensure copies of critical data are not accessible for modification or deletion from…

Read More

Samsung Galaxy Store Bug

The issue in the Galaxy Store app relates to how deeplinks are configured for Samsung’s Marketing and Content Service (MCS), which might create a situation where arbitrary code injected into the MCS website could lead to its execution. This vulnerability could be leveraged to download and install malicious programs on the Samsung smartphone. “To be able to successfully exploit the victim’s server, it is necessary to have HTTPS and CORS bypass of chrome,” stated the…

Read More