Insights

09 May

Microsoft Patch Tuesday, May 2023 Edition

Information, Insights

Microsoft today released software updates to fix at least four dozen security holes in its Windows operating systems and other software, including patches for two zero-day vulnerabilities that are already being exploited in active attacks. First up in May’s zero-day flaws is CVE-2023-29336, which is an “elevation of privilege” weakness in Windows which has a low attack complexity, requires low privileges, and no user interaction. However, as the SANS Internet Storm Center points out, the…

Read More
09 May

Feds Take Down 13 More DDoS-for-Hire Services

Information, Insights

The U.S. Federal Bureau of Investigation (FBI) this week seized 13 domain names connected to “booter” services that let paying customers launch crippling distributed denial-of-service (DDoS) attacks. Ten of the domains are reincarnations of DDoS-for-hire services the FBI seized in December 2022, when it charged six U.S. men with computer crimes for allegedly operating booters. Booter services are advertised through a variety of methods, including Dark Web forums, chat platforms and even youtube.com. They accept…

Read More
09 May

CISA and Partners Disclose Snake Malware Threat From Russian Cyber Actors

Attacks, Insights, Malware

Today, CISA and partners released a joint advisory for a sophisticated cyber espionage tool used by Russian cyber actors. Hunting Russian Intelligence “Snake” Malware provides technical descriptions of the malware’s host architecture and network communications, and mitigations to help detect and defend against this threat. CISA urges organizations to review the advisory for more information and apply the recommended mitigations and detection guidance. For more information on FSB and Russian state-sponsored cyber activity, please see…

Read More
09 May

Mozilla Releases Security Advisories for Multiple Products

Attacks, Insights, Malware

Mozilla has released security advisories to address vulnerabilities in Firefox and Firefox ESR. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review the following advisories and apply the necessary updates: Security Vulnerabilities fixed in Firefox 113 Mozilla Foundation Security Advisory 2023-16 Security Vulnerabilities fixed in Firefox ESR 102.11 Mozilla Foundation Security Advisory 2023-17 For updates addressing lower severity vulnerabilities, see the…

Read More
09 May

Microsoft Releases May 2023 Security Updates

Attacks, Insights, Malware

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s May 2023 Security Update Guide and Deployment Information and apply the necessary updates.

Read More
04 May

$10M Is Yours If You Can Get This Guy to Leave Russia

Information, Insights

The U.S. government this week put a $10 million bounty on a Russian man who for the past 18 years operated Try2Check, one of the cybercrime underground’s most trusted services for checking the validity of stolen credit card data. U.S. authorities say 43-year-old Denis Kulkov‘s card-checking service made him at least $18 million, which he used to buy a Ferrari, Land Rover, and other luxury items. Denis Kulkov, a.k.a. “Nordex,” in his Ferrari. Image: USDOJ.…

Read More
02 May

Promising Jobs at the U.S. Postal Service, ‘US Job Services’ Leaks Customer Data

Information, Insights

A sprawling online company based in Georgia that has made tens of millions of dollars purporting to sell access to jobs at the United States Postal Service (USPS) has exposed its internal IT operations and database of nearly 900,000 customers. The leaked records indicate the network’s chief technology officer in Pakistan has been hacked for the past year, and that the entire operation was created by the principals of a Tennessee-based telemarketing firm that has…

Read More
01 May

CISA Urges Organizations to Incorporate the FCC Covered List Into Risk Management Plans

Attacks, Insights, Malware

The Federal Communications Commission (FCC) maintains a Covered List of communications equipment and services that have been determined by the U.S. government to pose an unacceptable risk to the national security of the United States or the security and safety of United States persons to national security pursuant to the Secure and Trusted Communications Networks Act of 2019. As the 6th annual National Supply Chain Integrity Month concludes, CISA reminds all critical infrastructure owners and operators…

Read More
28 Apr

CISA Requests for Comment on Secure Software Self-Attestation Form

Attacks, Insights, Malware

CISA has issued requests for comment on the Secure Software Self-Attestation Form. CISA, in coordination with the Office of Budget and Management (OMB), released proposed guidance on secure software. This guidance seeks to secure software leveraged by the federal government. CISA expects agencies to use this proposed form to reduce the risk to the federal environment, thereby implementing a standardized process for agencies and software producers that will create transparency on the security of software…

Read More
27 Apr

Many Public Salesforce Sites are Leaking Private Data

Information, Insights

A shocking number of organizations — including banks and healthcare providers — are leaking private and sensitive information from their public Salesforce Community websites, KrebsOnSecurity has learned. The data exposures all stem from a misconfiguration in Salesforce Community that allows an unauthenticated user to access records that should only be available after logging in. A researcher found DC Health had five Salesforce Community sites exposing data. Salesforce Community is a widely-used cloud-based software product that…

Read More