Attacks

It is recommended that users update to the latest version of Google Chrome to ensure systems have the most up-to-date security protections. Users can also stay better protected from malicious executables and websites by enabling Enhanced Protection in Chrome’s privacy and security settings. Enhanced Protection automatically produces a warning about potentially risky websites and downloads. https://www.bleepingcomputer.com/news/security/malicious-extension-lets-attackers-control-google-chrome-remotely/

So far this year, VMware has patched critical authentication bypass vulnerabilities approximately every three months. This article highlights the importance of keeping systems up to date in an enterprise environment. Not performing timely updates could lead to software quickly becoming outdated, which could allow for an actor to gain administrator privileges and execute remote code. It is recommended to monitor any suspicious commands or downloads following the execution of Workspace ONE Assist. Additionally, while VMware…

Microsoft released the patches for ProxyNotShell on Tuesday, November 8th, 2022. Due to the high severity nature of these vulnerabilities, it is strongly recommended to update all Microsoft Exchange servers as soon as possible. https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-proxynotshell-exchange-zero-days-exploited-in-attacks/

Companies have a few options when it comes to detecting unauthorized access of files, which may have helped catch the attack before a significant amount of customer data was exfiltrated in this case. Canary tokens can be leveraged to create files that appear highly valuable but create an alert when accessed. Companies can also implement canary accounts, baiting attackers into logging into accounts that trigger an alert on a successful login, that appear to be…

PyPI is often treated as a very trustworthy source of packages; in reality, anyone can upload a package to be distributed by PyPI. It is recommended to install python libraries using built-in operating system package managers where possible. For example, on Debian based Linux systems using apt(8), it is recommend to use: apt install python3-. Repositories maintained by Linux operating system developers typically have more stringent requirements for new packages.In the event that using an…

Downloading software from illegitimate sources always carries a risk. In this case, the malware is being spread via pirated software. Whenever software is being downloaded, it should be from a legitimate source. As a rule of thumb, any paid software being advertised for free is highly likely to include a type of malware or adware with it. Windows Applocker and other security solutions can assist in defining an allow list for software within a secured…