Malware

17 Nov

Android security: Which smartphones can enterprises trust?

Data Breaches, Malware, Social Engineering

Google’s Android operating system dominates smartphone usage throughout the world — in every region except North America and Oceania, in fact. Thus, businesses in many regions are likely to support and issue Android devices to employees as their mainstay mobile devices. Even in areas where Apple’s iPhone dominates or is comparable in market share, businesses are likely to support or issue Android devices at least as a secondary option. But Android security has long been…

Read More
16 Nov

Cisco Releases Security Updates for Identity Services Engine

Attacks, Insights, Malware

Original release date: November 16, 2022 Cisco has released security updates for vulnerabilities affecting Cisco Identity Services Engine (ISE). A remote attacker could exploit some of these vulnerabilities to bypass authorization and access system files. For updates addressing vulnerabilities, see the Cisco Security Advisories page.    CISA encourages users and administrators to review the following advisories and apply the necessary updates: Cisco Identity Services Engine Insufficient Access Control Vulnerability Cisco Identity Services Engine Cross-Site Scripting…

Read More
16 Nov

Euro Authorities Warn World Cup Fans Over Qatari Apps

Attacks, Malware

Neil Jones, director of cybersecurity evangelism at Egnyte, argued that the data collected by the apps could also be a treasure trove for would-be cyber-criminals. “If you plan to travel to the event, I would strongly recommend the purchase of a burner phone, if the privacy-limiting capabilities cannot be disabled,” he added. “If prompted, allow only the minimum permissions for the application to function on your device. Strongly consider limiting other users’ access to view…

Read More
16 Nov

SQL Injection Vulnerability and Logical Access Flaw Found in Zendesk Explore

Attacks, Malware

The Zendesk team did an exceptional job at patching this vulnerability in a timely manner. If this vulnerability was discovered by threat actors before the Varonis team, or if this vulnerability was left unpatched, the flaw would have been considered a critical vulnerability in the Zendesk application; attackers would have the capabiilty to steal any information from the database that they wanted. Since many organizations have external user registration enabled by default and any user…

Read More
16 Nov

Spotify Backstage Development Portal Builder Vulnerable to RCE

Attacks, Malware

Bleeping Computer reporter Bill Toulas notes that “While this number isn’t large, Backstage is used by many large firms, including Spotify, Netflix, Epic Games, Jaguar/Land Rover, Mercedes Benz, American Airlines, Splunk, TUI, Oriflame, Twilio, SoundCloud, HBO Max, HP Inc, Siemens, VMware, and IKEA”.It is highly recommended that systems administrators update Backstage to the latest version, version 1.7.2. It is also recommended to use logic-less template engines whenever possible, as they don’t introduce the opportunity for…

Read More
16 Nov

US Gov Warning: Start Hunting for Iranian APTs That Exploited Log4j

Information, Malware, News

The U.S. government on Wednesday issued a blunt recommendation for organizations running VMWare Horizon servers: Initiate threat-hunting activities to find and expel Iranian APT actors that used the Log4j crisis to slip undetected into corporate networks. According to a joint advisory from CISA and the FBI, Iranian government-sponsored hackers hit at least one Federal Civilian Executive Branch (FCEB) organization with an exploit for a Log4j vulnerability in an unpatched VMware Horizon server.  From the advisory…

Read More
16 Nov

Offboarding processes pose security risks as job turnover increases: Report

Data Breaches, Malware, Social Engineering

Organizations across multiple industries are struggling to mitigate potential risks—including loss of end-user and storage devices as well as unauthorized use of SaaS applications—during their offboarding process, according to new research conducted by YouGov in partnership with Enterprise Technology Management (ETM) firm Oomnitza. Over the last 18 months, employee turnover has increased, with the US Department of Labor estimating that by the end of 2021, a total of 69 million people—more than 20% of Americans—had…

Read More
16 Nov

Mozilla Releases Security Updates for Multiple Products

Attacks, Insights, Malware

Original release date: November 16, 2022 Mozilla has released security updates to address vulnerabilities in Thunderbird, Firefox ESR, and Firefox. An attacker could exploit these vulnerabilities to cause user confusion or conduct spoofing attacks. CISA encourages users and administrators to review Mozilla’s security advisories for Thunderbird 102.5, Firefox ESR 102.5, and Firefox 107 for mitigations and updates. This product is provided subject to this Notification and this Privacy & Use policy.

Read More
16 Nov

CISA and FBI Release Advisory on Iranian Government-Sponsored APT Actors Compromising Federal Network

Attacks, Insights, Malware

Original release date: November 16, 2022 Today, CISA and the Federal Bureau of Investigation (FBI) published a joint Cybersecurity Advisory (CSA), Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester. The CSA provides information on an incident at a Federal Civilian Executive Branch (FCEB) organization in which Iranian government-sponsored APT actors exploited a Log4Shell vulnerability in unpatched VMware Horizon server. The CSA includes a malware analysis report (MAR), MAR-10387061-1-v1 XMRig Cryptocurrency Mining…

Read More
16 Nov

Palo Alto releases PAN-OS 11.0 Nova with new evasive malware, injection attack protection

Data Breaches, Malware, Social Engineering

Palo Alto Networks has announced PAN-OS 11.0 Nova, the latest version of its PAN-OS software, featuring new product updates and features. These include the Advanced WildFire cloud-delivered security service to help protect against evasive malware and the Advanced Threat Prevention (ATP) service, which protects against injection attacks. The cybersecurity vendor also revealed new web proxy support and enhanced cloud access security broker (CASB) integration with new SaaS security posture management (SSPM) capabilities. In a press…

Read More