Attacks

Credential stuffing attacks are a technique of using lists of credentials from past data breaches against a new site, with the goal of finding an account that reuses those compromised credentials across multiple sites. From and organizational standpoint, the best action to take against credential stuffing attacks is to educate end users on this form of attack and advise them of the dangers of using an identical password across multiple sites. In many cases, however,…

Read More

The most effective way of mitigating these vulnerabilities is by upgrading to the latest Git release. In the event that upgrading Git is not possible, CVE-2022-41903 can be mitigated by: • Disabling ‘git archive’ in untrusted repositories or avoid running the command on untrusted repos• If ‘git archive’ is exposed via ‘git daemon,’ disable it when working with untrusted repositories by running the ‘git config –global daemon.uploadArch false’ command https://www.bleepingcomputer.com/news/security/git-patches-two-critical-remote-code-execution-security-flaws/

Read More

The BianLian ransomware decryptor is available for free and the program is a standalone executable that doesn’t require installation. Users can select the location they wish to decrypt and provide the software with a pair of original/encrypted files. There’s also an option for users with a valid decryption password, but if the victim doesn’t have one, the software can still attempt to figure it out by iterating through all known BianLian passwords. The decryptor also…

Read More

While this combination of phishing/typosquatting isn’t necessarily novel or unique, it could still be detrimental to an organization if an employee was to fall for it. Additionally, the use of Google search advertisements makes it more likely that an employee would fall for a campaign such as this, as the fake site often appears before the legitimate site. As with most types of phishing attacks, the best defense against campaigns utilizing these techniques is user…

Read More

Organizations using an MSI motherboard in that list should check within BIOS settings that the “Image Execution Policy” is set to a safe option. Users should set the Execution Policy to “Deny Execute” for “Removable Media” and “Fixed Media,” which should only allow signed software to boot. It is highly recommended to upgraded motherboard firmware for any device that has not done so since January 2022. The introduction of a bad default shouldn’t be a…

Read More

The data that can be stolen from these types of attacks is very lucrative to threat actors because it involves the billing, identity, and health information of vulnerable patients. Specialized entities such Wilkes-Barre and Home Care Providers of Texas typically have less resources devoted to mature cybersecurity processes and a smaller budget to deal with attacks. Anyone that is a patient of these facilities should look for any communication from the company that outlines whether…

Read More

Credential stuffing attacks are a rather old method of breaching an account, but they are still relatively successful. These attacks rely on human error in the form of reusing passwords. From an organizational standpoint, this could lead to account compromise if an employee reuses one of their passwords from an external site that was breached for their work account. To detect credential stuffing attacks, organizations can monitor logon events for a spike in failed authentications…

Read More

Public sector entities tend to be at a higher risk for breach due to the lack of budget and ability to hire cyber security professionals. Because of this, many fall victim to cyber-attacks that affect systems with no way to easily mitigate. Customers who believe they may have been a victim of this breach should ensure they are taking the necessary precautions to protect themselves, such as looking out for phishing emails and monitoring credit…

Read More