Insights

19 Oct

CISA Updates Advisory on Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite

Attacks, Insights, Malware

Original release date: October 19, 2022 CISA and the Multi-State Information Sharing & Analysis Center (MS-ISAC) have updated joint Cybersecurity Advisory AA22-228A: Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite, originally released August 16, 2022. The advisory has been updated to reference the addition of a new Malware Analysis Report, MAR-10398871.r1.v2. CISA encourages organizations to review the latest update to AA22-228A and apply the recommended mitigations. This product is provided subject to this Notification…

Read More
19 Oct

Oracle Releases October 2022 Critical Patch Update

Attacks, Insights, Malware

Original release date: October 19, 2022 Oracle has released its Critical Patch Update for October 2022. This update addresses 366 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Oracle’s October 2022 Critical Patch Update and apply the necessary mitigations. This product is provided subject to this Notification and this Privacy & Use policy.

Read More
18 Oct

How Card Skimming Disproportionally Affects Those Most In Need

Information, Insights

When people banking in the United States lose money because their payment card got skimmed at an ATM, gas pump or grocery store checkout terminal, they may face hassles or delays in recovering any lost funds, but they are almost always made whole by their financial institution. Yet, one class of Americans — those receiving food assistance benefits via state-issued prepaid debit cards — are particularly exposed to losses from skimming scams, and usually have…

Read More
18 Oct

CISA Releases Two Industrial Control Systems Advisories

Attacks, Insights, Malware

Original release date: October 18, 2022 CISA released two Industrial Control Systems (ICS) advisories on October 18, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-22-291-01 Advantech R-SeeNet ICSA-21-336-06 Hitachi Energy APM Edge (Update A) This product is provided subject to this Notification and this Privacy & Use policy.

Read More
17 Oct

Cybersecurity Awareness Month 2022: Updating Software

Insights

Cybersecurity Awareness Month is flying by, and today’s blog identifies different security vulnerabilities that can be exposed if you are unable to keep up with your software updates. We interviewed NIST’s Michael Ogata, a computer scientist in the Applied Cybersecurity Division, and he walked us through different strategies to minimize your cybersecurity risks. Michael also was able to provide cyber tips to improve online safety. This week’s Cybersecurity Awareness Month theme is updating software. How…

Read More
15 Oct

Anti-Money Laundering Service AMLBot Cleans House

Information, Insights

AMLBot, a service that helps businesses avoid transacting with cryptocurrency wallets that have been sanctioned for cybercrime activity, said an investigation published by KrebsOnSecurity last year helped it shut down three dark web services that secretly resold its technology to help cybercrooks avoid detection by anti-money laundering systems. Antinalysis, as it existed in 2021. In August 2021, KrebsOnSecurity published “New Anti Anti-Money Laundering Services for Crooks,” which examined Antinalysis, a service marketed on cybercrime forums…

Read More
14 Oct

CISA Releases RedEye: Red Team Campaign Visualization and Reporting Tool

Attacks, Insights, Malware

Original release date: October 14, 2022 CISA has released RedEye, an interactive open-source analytic tool to visualize and report Red Team command and control activities. RedEye allows an operator to quickly assess complex data, evaluate mitigation strategies, and enable effective decision making. For more information, CISA encourages users to review RedEye on GitHub and watch CISA’s RedEye tool overview video. This product is provided subject to this Notification and this Privacy & Use policy.

Read More
13 Oct

Cybersecurity Awareness Month 2022: Using Strong Passwords and a Password Manager

Insights

The key behavior that we are highlighting this week for Cybersecurity Awareness Month is using strong passwords and a password manager. In today’s blog we interviewed NIST’s Connie LaSalle, a senior technology policy advisor, and she offers four specific ways to mitigate your cybersecurity risks online while discussing the importance of adopting strong passwords. Take a look at her responses to our questions below… This week’s Cybersecurity Awareness Month theme is using strong passwords and…

Read More
11 Oct

Microsoft Patch Tuesday, October 2022 Edition

Information, Insights

Microsoft today released updates to fix at least 85 security holes in its Windows operating systems and related software, including a new zero-day vulnerability in all supported versions of Windows that is being actively exploited. However, noticeably absent from this month’s Patch Tuesday are any updates to address a pair of zero-day flaws being exploited this past month in Microsoft Exchange Server. The new zero-day flaw– CVE-2022-41033 — is an “elevation of privilege” bug in…

Read More
07 Oct

Report: Big U.S. Banks Are Stiffing Account Takeover Victims

Information, Insights

When U.S. consumers have their online bank accounts hijacked and plundered by hackers, U.S. financial institutions are legally obligated to reverse any unauthorized transactions as long as the victim reports the fraud in a timely manner. But new data released this week suggests that for some of the nation’s largest banks, reimbursing account takeover victims has become more the exception than the rule. The findings came in a report released by Sen. Elizabeth Warren (D-Mass.),…

Read More