Continuous Monitoring and Protection
CISA released one Industrial Control Systems Medical (ICS) medical advisory on April 27, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS medical advisory for technical details and mitigations: ICSMA-23-117-01 Illumina Universal Copy Service
Read MoreThe Service Location Protocol (SLP, RFC 2608) allows an unauthenticated remote attacker to register arbitrary services. This could allow an attacker to use spoofed UDP traffic to conduct a denial-of-service (DoS) attack with a significant amplification factor. Researchers from Bitsight and Curesec have discovered a way to abuse SLP—identified as CVE-2023-29552—to conduct high amplification factor DoS attacks using spoofed source addresses. As noted by Bitsight, many SLP services visible on the internet appear to be…
Read MoreVMware has released a security update to address multiple vulnerabilities in Aria Operations for Logs (formerly vRealize Log Insight). A cyber threat actor could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2023-0007 and apply the necessary updates.
Read MoreDC Health Link, the provider of health insurance for those in the United States (US) Government, has suffered a data breach that affects over 50,000 people. The breach, which took place on March 6, saw an unauthorized party gain access to the data of 56,415 current and past customers of DC Health Link, including 585 staff members and 17 members of the US Congress. In a message sent to employees on March 8, the US…
Read MoreA report recently released by Kaspersky Labs has detailed a threat actor making use of a CLFS (Common Log File System) exploit to escalate privileges. The group Kaspersky attributed to this attack is well known for its many distinct but similar CLFS driver exploits that likely come from the same exploit developer. Kaspersky’s working theory is that the privilege escalation was used to dump the contents of the HKEY_LOCAL_MACHINESAM registry hive to continue their attack.…
Read MoreThe enterprise software vendor SAP has released several security updates for its products, two of which concern critical-severity vulnerabilities that impact the SAP Diagnostics Agent and the SAP BusinessObjects Business Intelligence Platform. SAP is the largest Enterprise Resource Planning (ERP) vendor in the world with over 425,000 customers in 180 countries. Over 90% of the Fortune 2000 companies utilize SAP. In the past, vulnerabilities in SAP software have been seen being exploited in the wild.…
Read MoreLast week Checkmarx Security detailed the attack that led to a temporary Denial of Service (DoS) on the Node.js package repository npm in March. Threat actors uploaded hundreds of thousands of fake packages in a type of SEO-poisoning attack that relies on the reputation of package managers to place the bogus packages at the top of search results. The packages are empty, only containing a README with further instructions for infection. The sheer number of…
Read MoreAccording to a recent report from Kaspersky, criminals are trading malicious loader programs that can trojanize Android applications to evade Google Play Store defenses. These loader programs are particularly popular for hiding malware and unwanted software in certain application categories, including cryptocurrency trackers, financial apps, QR-code scanners, and dating apps. Dropper apps are the primary means for threat actors to sneak malware via the Google Play Store. These apps often appear to be innocent, but…
Read MoreNote: This article was updated on April 12, 2023, to reflect the fact that employee data, not customer data, was accessed during the cyber attack against Yum! Brands US fast-food corporation Yum! Brands, which owns franchises including KFC, Pizza Hut and Taco Bell, has suffered a data breach following a ransomware attack. The cyber attack, which took place on January 18, 2023, involved a malicious actor gaining unauthorized access to Yum! Brands’ network. The ransomware…
Read MoreYum Brands, the parent company of popular fast-food chains KFC, Pizza Hut, and Taco Bell, has disclosed a data breach after a ransomware attack on its systems. The company, which operates more than 50,000 restaurants in over 150 countries, said the breach occurred in late May 2021 and was discovered during an investigation into the ransomware attack. The attackers were able to access certain information, including the payment card information of some customers who made…
Read More