Attacks

Neil Jones, director of cybersecurity evangelism at Egnyte, argued that the data collected by the apps could also be a treasure trove for would-be cyber-criminals. “If you plan to travel to the event, I would strongly recommend the purchase of a burner phone, if the privacy-limiting capabilities cannot be disabled,” he added. “If prompted, allow only the minimum permissions for the application to function on your device. Strongly consider limiting other users’ access to view…

Read More

The Zendesk team did an exceptional job at patching this vulnerability in a timely manner. If this vulnerability was discovered by threat actors before the Varonis team, or if this vulnerability was left unpatched, the flaw would have been considered a critical vulnerability in the Zendesk application; attackers would have the capabiilty to steal any information from the database that they wanted. Since many organizations have external user registration enabled by default and any user…

Read More

Bleeping Computer reporter Bill Toulas notes that “While this number isn’t large, Backstage is used by many large firms, including Spotify, Netflix, Epic Games, Jaguar/Land Rover, Mercedes Benz, American Airlines, Splunk, TUI, Oriflame, Twilio, SoundCloud, HBO Max, HP Inc, Siemens, VMware, and IKEA”.It is highly recommended that systems administrators update Backstage to the latest version, version 1.7.2. It is also recommended to use logic-less template engines whenever possible, as they don’t introduce the opportunity for…

Read More

Companies can best protect themselves from this sort of attack by blocking all SSH traffic from external sources. When SSH must be exposed to public internet, use SSH keys instead of passwords, and limit which public IP addresses can establish connections. Additionally, companies should consider blocking all inbound and outbound FTP traffic and limit which public IP addresses can establish FTP sessions if FTP must be allowed. For detecting C2, companies can use tools like…

Read More

Systems administrators can look for the “Microsoft-Windows-Kerberos-Key-Distribution-Center Event ID 14 error event in the System section of Event Log on your Domain Controller with the below text,” according to Microsoft. The below text reads “While processing an AS request for target service , the account did not have a suitable key for generating a Kerberos ticket (the missing key has an ID of 1)”. Users can find more specific information about possible signs of this…

Read More

The group is suspected to be based out of China, based on observations researchers have made regarding the language used by the threat group. Approximately 300 new domains are registered by the group daily, which can have detrimental effects on the customers of these legitimate brands as well as values of the targeted brands themselves. Companies should ensure they are monitoring for these fraudulent domains being created. By using a service such as the Binary…

Read More

To protect against ransomware attacks, organizations should:• Regularly back up data, air gap, and password protect backup copies offline.• Ensure copies of critical data are not accessible for modification or deletion from the system where the data resides.• Implement network segmentation.• Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (i.e., hard drive, storage device, the cloud).• Install updates/patch operating…

Read More