Malware

S3 Ep113: Pwning the Windows kernel – the crooks who hoodwinked Microsoft [Audio + Text]

by Paul Ducklin PWNING THE WINDOWS KERNEL Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL of our RSS feed into your favourite podcatcher. READ THE TRANSCRIPT DOUG.  Wireless spyware,…

Read More

FBI, FDA OCI, and USDA Release Joint Cybersecurity Advisory Regarding Business Email Compromise Schemes Used to Steal Food

Original release date: December 16, 2022 The Federal Bureau of Investigation (FBI), the Food and Drug Administration Office of Criminal Investigations (FDA OCI), and the U.S. Department of Agriculture (USDA) have released a joint Cybersecurity Advisory (CSA) detailing recently observed incidents of criminal actors using business email compromise (BEC) to steal shipments of food products and ingredients valued at hundreds of thousands of dollars. The joint CSA analyzes the common tactics, techniques, and procedures (TTPs)…

Read More

MTTR “not a viable metric” for complex software system reliability and security

Mean time to resolve (MTTR) isn’t a viable metric for measuring the reliability or security of complex software systems and should be replaced by other, more trustworthy options. That’s according to a new report from Verica which argued that the use of MTTR to gauge software network failures and outages is not appropriate, partly due to the distribution of duration data and because failures in such systems don’t arrive uniformly over time. Site reliability engineering…

Read More

CISA Releases Forty-One Industrial Control Systems Advisories

Original release date: December 15, 2022 CISA has released forty-one (41) Industrial Control Systems (ICS) advisories on 15 December 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-22-349-01 Prosys OPC UA Simulation ICSA-22-349-02 Siemens SCALANCE X-200RNA Switch Devices ICSA-22-349-03 Siemens Multiple Denial of Service Vulnerabilities in Industrial Products ICSA-22-349-04 Siemens Multiple…

Read More

Attackers Use SVG Files to Smuggle QBot Malware onto Windows Systems

It is highly recommended to implement and maintain an email security tool to help prevent malicious emails from reaching end users mailboxes. These tools utilize AV scanning and sandboxing to help identify and quarantine malicious attachments in emails. It is also recommended to implement an inbound block on HTML attachments. HTML attachments on inbound external email are generally uncommon, so the feasibility of blocking them outright should be determined to help prevent the more evasive…

Read More

Federal Prosecutors Charge Six Defendants Linked to Denial-of-Service Attacks

A DDoS attack is an attempt to disrupt the traffic of a targeted server, service, or network by overwhelming it with a flood of Internet traffic. Threat actors send a massive number of requests for information to a server, site, or network, effectively shutting down a server and disrupting normal operations. To protect from such attacks, the Cybersecurity and Infrastructure Security Agency recommends the following. • Enroll in a DoS protection service that detects abnormal…

Read More

California Hospital Suffers Data Breach

The ever-increasing trend of threat actors targeting healthcare organizations will likely unfortunately continue into 2023. It is unclear if this instance is a ransomware attack, but data theft is a common tactic used by ransomware operators to force victims into paying a data extortion ransom. Any impacted patients should ensure that they follow mitigation steps to protect themselves. This includes setting up credit monitoring to ensure that if data gets leaked, fraudulent accounts can not…

Read More

Drupal Releases Security Updates to Address Vulnerabilities in H5P and File (Field) Paths

Original release date: December 15, 2022 Drupal has released security updates to address vulnerabilities affecting H5P and the File (Field) Paths modules for Drupal 7.x. An attacker could exploit these vulnerabilities to access sensitive information and remotely execute code. CISA encourages users and administrators to review Drupal’s security advisories SA-CONTRIB-2022-064 and SA-CONTRIB-2022-065 and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Read More

CISA Consolidates Twitter Accounts

Original release date: December 15, 2022 CISA has consolidated its social media presence on Twitter. Three accounts — @ICSCERT, @Cyber, and @CISAInfraSec — are no longer active. Additionally, the @USCERT_gov Twitter account is now renamed @CISACyber. The following current active Twitter accounts will include posts on content previously covered on the now-inactive accounts. @CISACyber will cover updates relevant to the industrial control systems community along with the latest vulnerability management info, threat analysis, and other…

Read More

F5 expands security portfolio with App Infrastructure Protection

F5 on Thursday announced the launch of F5 Distributed Cloud Services App Infrastructure Protection (AIP), expanding its SaaS-based security portfolio. The new release is a cloud workload protection solution that will provide application observability and protection to cloud-native infrastructures.  AIP is built using technology acquired with Threat Stack and will be a part of the F5 Distributed Cloud Services portfolio, launched earlier this year.  AIP will complement F5’s API Security F5 already has a service…

Read More