CyberSecure Specialist

28 Aug

CISA and Partners Release Advisory on Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations

Attacks, Insights, Malware

Today, CISA—in partnership with the Federal Bureau of Investigation (FBI) and the Department of Defense Cyber Crime Center (DC3)—released Iran-based Cyber Actors Enabling Ransomware Attacks on U.S. Organizations. This joint advisory warns of cyber actors, known in the private sector as Pioneer Kitten, UNC757, Parisite, Rubidium, and Lemon Sandstorm, targeting and exploiting U.S. and foreign organizations across multiple sectors in the U.S.  FBI investigations conducted as recently as August 2024 assess that cyber actors like…

Read More
27 Aug

New 0-Day Attacks Linked to China’s ‘Volt Typhoon’

Information, Insights

Malicious hackers are exploiting a zero-day vulnerability in Versa Director, a software product used by many Internet and IT service providers. Researchers believe the activity is linked to Volt Typhoon, a Chinese cyber espionage group focused on infiltrating critical U.S. networks and laying the groundwork for the ability to disrupt communications between the United States and Asia during any future armed conflict with China. Image: Shutterstock.com Versa Director systems are primarily used by Internet service…

Read More
27 Aug

Versa Networks Releases Advisory for a Vulnerability in Versa Director, CVE-2024-39717

Attacks, Insights, Malware

Versa Networks has released an advisory for a vulnerability (CVE-2024-39717) in Versa Director, a key component in managing SD-WAN networks, used by some Internet Service Providers (ISPs) and Managed Service Providers (MSPs). A cyber threat actor could exploit this vulnerability to take control of an affected system.  CISA urges organizations to apply necessary updates, hunt for any malicious activity, report any positive findings to CISA, and review the following for more information:  Versa Security Bulletin:…

Read More
27 Aug

Exploring Android threats and ways to mitigate them | Unlocked 403 cybersecurity podcast (ep.5)

Information

Video, Mobile Security The world of Android threats is quite vast and intriguing. In this episode, Becks and Lukáš demonstrate how easy it is to take over your phone, with some added tips on how to stay secure 26 Aug 2024 Android threats are a serious business. Among them is the Blue Ducky script, which exploits the CVE-2023-45866 Android device vulnerability.  By running the Blue Ducky script, an attacker can: Inject keystrokes and thus control…

Read More
25 Aug

PWA phishing on Android and iOS – Week in security with Tony Anscombe

Information

Video Phishing using PWAs? ESET Research’s latest discovery might just ruin some users’ assumptions about their preferred platform’s security 23 Aug 2024 ESET researchers have recently revealed an uncommon type of phishing campaign using Progressive Web Apps (PWAs) that targeted the clients of a prominent Czech bank.  The technique used installed a phishing application from a third-party website without the user having to allow third-party app installation. This is because PWAs are simply websites bundled…

Read More
24 Aug

NGate Android malware relays NFC traffic to steal cash

Information

ESET researchers uncovered a crimeware campaign that targeted clients of three Czech banks. The malware used, which we have named NGate, has the unique ability to relay data from victims’ payment cards, via a malicious app installed on their Android devices, to the attacker’s rooted Android phone. Key points of this blogpost: Attackers combined standard malicious techniques – social engineering, phishing, and Android malware – into a novel attack scenario; we suspect that lure messages…

Read More
23 Aug

Local Networks Go Global When Domain Names Collide

Information, Insights

The proliferation of new top-level domains (TLDs) has exacerbated a well-known security weakness: Many organizations set up their internal Microsoft authentication systems years ago using domain names in TLDs that didn’t exist at the time. Meaning, they are continuously sending their Windows usernames and passwords to domain names they do not control and which are freely available for anyone to register. Here’s a look at one security researcher’s efforts to map and shrink the size…

Read More
23 Aug

CISA Adds One Known Exploited Vulnerability to Catalog for Versa Networks Director

Attacks, Insights, Malware

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-39717 Versa Director Dangerous File Type Upload Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that…

Read More
23 Aug

How regulatory standards and cyber insurance inform each other

Information

Business Security Should the payment of a ransomware demand be illegal? Should it be regulated in some way? These questions are some examples of the legal minefield that cybersecurity teams must deal with Tony Anscombe 21 Aug 2024  •  , 3 min. read Governments create legislation and regulations primarily to protect public interests and keep order, ensuring society functions as it should. When related to cyber insurance and cybersecurity, regulation is aimed at ethical conduct,…

Read More
21 Aug

Be careful what you pwish for – Phishing in PWA applications

Information

In this blogpost we discuss an uncommon type of phishing campaign targeting mobile users and analyze a case that we observed in the wild that targeted clients of a prominent Czech bank. This technique is noteworthy because it installs a phishing application from a third-party website without the user having to allow third-party app installation. For iOS users, such an action might break any “walled garden” assumptions about security. On Android, this could result in…

Read More