Malware

10 Nov

Verified Mess — Twitter’s $8 Blue Tick Rollout Sees ‘Verified’ Fakes

Attacks, Malware

This issue is likely to get worse before it gets better. Threat actors will continue to use the new verified check marks as a means to spread misinformation as well as attempt social engineering tactics to take advantage of individuals. Users should be wary of “verified” twitter accounts and should validate any information received from a twitter account with a secondary reliable source. Individuals should also be cautious of direct messages from verified accounts enticing…

Read More
10 Nov

CISA Releases SSVC Methodology to Prioritize Vulnerabilities

Attacks, Insights, Malware

Original release date: November 10, 2022 Today CISA published its guide on Stakeholder-Specific Vulnerability Categorization (SSVC), a vulnerability management methodology that assesses vulnerabilities and prioritizes remediation efforts based on exploitation status, impacts to safety, and prevalence of the affected product in a singular system. As stated in Executive Assistant Director (EAD) Eric Goldstein’s blog post Transforming the Vulnerability Management Landscape, implementing a methodology, such as SSVC, is a critical step to advancing the vulnerability management…

Read More
10 Nov

CISA Releases Twenty Industrial Control Systems Advisories

Attacks, Insights, Malware

Original release date: November 10, 2022 CISA has released twenty (20) Industrial Control Systems (ICS) advisories on November 10, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-22-314-01 Siemens Parasolid ICSA-22-314-02 Siemens Missing Web Server Login Page of Industrial Controllers ICSA-22-314-03 Siemens SINEC Network Management System Logback Component ICSA-22-314-04 Siemens SINUMERIK…

Read More
10 Nov

PCI DSS 4.0 is coming: how to prepare for the looming changes to credit card payment rules

Data Breaches, Malware, Social Engineering

For enterprises that handle credit card data, which means just about every consumer-facing company, payment processing is a mission-critical system that requires the highest levels of security. The volume of transactions conducted with general purpose credit cards (American Express, Discover, Mastercard, Visa, UnionPay in China, and JCB in Japan) totaled $581 billion in 2021, up 24.5% year-over-year, according to the Nilson Report. However, credit card issuers, merchants, banks, and third-party transaction processors lost $28.58 billion…

Read More
09 Nov

Microsoft Releases November 2022 Security Updates

Attacks, Insights, Malware

Original release date: November 9, 2022 Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s November 2022 Security Update Guide and Deployment Information and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Read More
09 Nov

Okta streamlines IAM portfolio with consumer identity management cloud

Data Breaches, Malware, Social Engineering

Potential access management customers got a new option from Okta Wednesday, as the identity and access management (IAM) provider announced a newly streamlined Consumer Identity Cloud system designed to simplify the deployment and use of its various products. Okta said that the new cloud program is split into two main components—those aimed at providing identity validation services for consumers, and those aimed at enterprise customers. The former is focused on providing high-security options for online…

Read More
09 Nov

Researchers show techniques for malware persistence on F5 and Citrix load balancers

Data Breaches, Malware, Social Engineering

Over the past several years, hackers have targeted public-facing network devices such as routers, VPN concentrators, and load balancers to gain a foothold into corporate networks. While finding remote code execution vulnerabilities in such devices is not uncommon, incidents where attackers were able to deploy malware on them that can survive restarts or firmware upgrades have been rare and generally attributed with sophisticated APT groups. Because they use flash memory that degrades over time if…

Read More
09 Nov

Malicious Extension Lets Attackers Control Google Chrome Remotely

Attacks, Malware

It is recommended that users update to the latest version of Google Chrome to ensure systems have the most up-to-date security protections. Users can also stay better protected from malicious executables and websites by enabling Enhanced Protection in Chrome’s privacy and security settings. Enhanced Protection automatically produces a warning about potentially risky websites and downloads. https://www.bleepingcomputer.com/news/security/malicious-extension-lets-attackers-control-google-chrome-remotely/

Read More
09 Nov

VMware Fixes Three Critical Authentication Bypass Bugs in Workspace ONE Assist

Attacks, Malware

So far this year, VMware has patched critical authentication bypass vulnerabilities approximately every three months. This article highlights the importance of keeping systems up to date in an enterprise environment. Not performing timely updates could lead to software quickly becoming outdated, which could allow for an actor to gain administrator privileges and execute remote code. It is recommended to monitor any suspicious commands or downloads following the execution of Workspace ONE Assist. Additionally, while VMware…

Read More
09 Nov

ProxyNotShell Receives Patches from Microsoft

Attacks, Malware

Microsoft released the patches for ProxyNotShell on Tuesday, November 8th, 2022. Due to the high severity nature of these vulnerabilities, it is strongly recommended to update all Microsoft Exchange servers as soon as possible. https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-proxynotshell-exchange-zero-days-exploited-in-attacks/

Read More