Continuous Monitoring and Protection
At this time, email addresses and passwords of Mastodon users have not been affected. This could change in the future depending on the server owner’s intent and capability. Mastodon users should remain vigilant and cautious about what they post on the platform. Leaky Server Exposing Scraped Data of 150,000 Mastodon Users
Read MoreAs time goes one, more and more novel ransomware families are surfacing, each with a variety of their own tactics. While this is a new family of ransomware, the techniques used by this ransomware are relatively standard. Numerous detection capabilities around this ransomware exist, many of which are likely already employed by organizations. For one, many organizations already employ queries to detect the “.crypt” file extension. Other detection capabilities around this ransomware include monitoring value…
Read MoreAs a general rule, whenever security patches are released for any vulnerability, the patch should be tested and implemented as soon as possible. With vulnerabilities such as Log4Shell, which presented a high risk due to the extensive use of on-prem and hybrid Exchange servers and the extensive exploitation in the wild, it is extremely important to get these patches pushed to all affected systems. Often times, threat actors will prey on victims by using old…
Read MoreToday, Microsoft has released OOB emergency updates that Windows admins must install on all Domain Controllers (DCs) in affected environments. “You do not need to install any update or make any changes to other servers or client devices in your environment to resolve this issue. If you used any workaround or mitigations for this issue, they are no longer needed, and we recommend you remove them,” Microsoft advised. The OOB updates released today are available…
Read MoreSince 2021, the list of commonly used credentials in brute-forcing attempts has not changed. Those looking to prevent becoming victims of these styles of attacks should make updates to firmware regularly. Strong and unique passwords should also take the place of the default passwords and devices should be placed behind a firewall if applicable. https://www.bleepingcomputer.com/news/security/updated-rapperbot-malware-targets-game-servers-in-ddos-attacks/
Read MoreGlobal law enforcement cooperation has become the most efficient and effective way to combat international cyber-attacks. FBI director Christopher Wray acknowledged this in a recent statement to the House Homeland Security Committee. “The FBI, using its role as the lead federal agency for threat response, with its law enforcement and intelligence responsibilities, works seamlessly with domestic and international partners to defend their networks, attribute malicious activity, sanction bad behavior, and take the fight to our…
Read MoreOriginal release date: November 17, 2022 | Last revised: November 18, 2022 Today, CISA, the National Security Agency (NSA), and the Office of the Director of National Intelligence (ODNI), published the third of a three-part series on securing the software supply chain: Securing Software Supply Chain Series – Recommended Practices Guide for Customers. This publication follows the August 2022 release of guidance for developers and October 2022 release of guidance for suppliers. The guidance released…
Read MoreOriginal release date: November 17, 2022 Today, CISA, the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) released joint Cybersecurity Advisory (CSA) #StopRansomware: Hive Ransomware to provide network defenders tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with Hive ransomware variants. FBI investigations identified these TTPs and IOCs as recently as November 2022. Hive ransomware has targeted a wide range of businesses and critical infrastructure sectors, including…
Read MoreThe hackers responsible for a cyber attack against Australian health insurer Medibank have been identified by the Australian Federal Police (AFP) as being associated with Russia. The breach, which was initially identified on October 13, saw 200GB of data stolen, 9.7 million people affected and the private medical details for a significant number of people distributed on the dark web. Commissioner of the AFP, Reese Kershaw, directly addressed the hackers, saying “we know who you…
Read MoreOriginal release date: November 16, 2022 Cisco has released security updates for vulnerabilities affecting Cisco Identity Services Engine (ISE). A remote attacker could exploit some of these vulnerabilities to bypass authorization and access system files. For updates addressing vulnerabilities, see the Cisco Security Advisories page. CISA encourages users and administrators to review the following advisories and apply the necessary updates: Cisco Identity Services Engine Insufficient Access Control Vulnerability Cisco Identity Services Engine Cross-Site Scripting…
Read More