Attacks

Patches have been released by most of the major Linux distributions. While the severity of one of the vulnerabilities was downgraded, both are still rated as high severity. Organizations should apply the OpenSSL patch via standard system package update systems such as apt, yum, rpm, dnf, and pacman.The Netherlands’ National Cyber Security Centre has created a useful resource for system administrators to determine if the operating systems or software they manage are vulnerable and if…

To keep adware away from devices, avoid installing apps from unofficial Android stores. Reading user reviews and monitoring battery usage and network data activity also helps determine if the device is running suspicious software. Keeping Google’s Play Protect feature active is also a good way to keep the device safer. Any Android devices that have one of the above apps present should remove that app and run a full system scan using Play Protect or…

With bring your own device (BYOD) policies becoming more and more common in the workplace, this report is a prime example of how an organization may be left vulnerable if these policies are not properly implemented. Organizations need to ensure that employees are properly updating devices in an efficient manner. Failure to keep devices current could lead to those devices becoming the vector for initial access within an environment. An attacker may use a compromised…

DLL side-loading remains a popular technique for malware developers because it offers a lot of potential for detection evasion by masking its execution with legitimate software execution. This problem can be approached in a number of ways. Organizations may find application whitelisting and disabling installation by unprivileged users via group policy to be useful in mitigating this threat. EDR and SIEM tools also provide very valuable insight into anomalous software installations and executions in an…

When considering the current threat landscape, MFA should be required for all devices accessed from outside of internal resources and for any high-value devices internal to the organization. This includes solutions used to work from home (WFH) such as Virtual Private Networks (VPNs) or Virtual Desktop Infrastructure (VDI), as well as business-critical servers and accounts that have access to sensitive data. FIDO/WebAuthn authentication keys, such as YubiKeys, are by far the MFA most resistant to…

ConnectWise has announced that they do not have any evidence of the vulnerability currently being exploited in the wild. Anyone that runs this software should ensure that they are staying up to date on security patches and are running the most current version to prevent them from being susceptible to the vulnerability. Experts warn of critical RCE in ConnectWise Server Backup Solution