Malware

09 Nov

GitHub releases new SDLC security features including private vulnerability reporting

Data Breaches, Malware, Social Engineering

GitHub has announced new security features across its platform to help protect the software development lifecycle (SDLC). These include private vulnerability reporting, CodeQL vulnerability scanning support for the Ruby programming language, and two new security overview options. The world’s leading development platform said these updates make securing the SDLC end-to-end easier and more seamless for developers. The releases come as SDLC cybersecurity remains high on the agenda with research revealing an increase of almost 800%…

Read More
09 Nov

Citrix Releases Security Updates for ADC and Gateway

Attacks, Insights, Malware

Original release date: November 9, 2022 Citrix has released security updates to address vulnerabilities in Citrix ADC and Citrix Gateway. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Citrix Security Updates CTX463706 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Read More
09 Nov

Rezilion expands SBOM to support Windows environments

Data Breaches, Malware, Social Engineering

Software security platform Rezilion has expanded its Dynamic Software Bill of Materials (SBOM) capability to support Windows environments. The firm said the move will provide organizations with the tools to efficiently manage software vulnerabilities and meet new regulatory standards, addressing functionality gaps of traditional vulnerability management tools primarily designed for use with Linux OS. Features include the ability to search and pinpoint vulnerable components, view Windows and Linux risk side by side in one UI,…

Read More
09 Nov

Why it’s time to review your Microsoft patch management options

Data Breaches, Malware, Social Engineering

You have several options to manage patching on Microsoft networks: let machines independently update or use a third-party patching tool, Windows Software Update Services (WSUS), or another Microsoft management product. If you are still using WSUS as your key patching tool, you may want to review your options. Microsoft is developing additional patching tools that will allow you to better manage systems and control administrative access. Is WSUS on the way out? Microsoft has long…

Read More
08 Nov

Fortanix unveils free DSM Explorer edition for managed data security

Data Breaches, Malware, Social Engineering

Fortanix is offering a free tier for its data security manager software, aiming squarely at attracting new small- and medium-size businesses into its customer ranks. The Explorer tier, announced Tuesday, offers five separate solutions for businesses to try or implement long-term, as long as they stay within the various usage caps. Those solutions include tokenization and Google Cloud external key management, which are limited to one application or 10,000 operations per month, Google Workspace client-side…

Read More
08 Nov

Medibank Refuses to Pay Ransom, Ransomware Gang Threatens to Release Customer Data

Attacks, Malware

Companies have a few options when it comes to detecting unauthorized access of files, which may have helped catch the attack before a significant amount of customer data was exfiltrated in this case. Canary tokens can be leveraged to create files that appear highly valuable but create an alert when accessed. Companies can also implement canary accounts, baiting attackers into logging into accounts that trigger an alert on a successful login, that appear to be…

Read More
08 Nov

W4SP Stealer Found in Dozens of Python Packages in the PyPI registry

Attacks, Malware

PyPI is often treated as a very trustworthy source of packages; in reality, anyone can upload a package to be distributed by PyPI. It is recommended to install python libraries using built-in operating system package managers where possible. For example, on Debian based Linux systems using apt(8), it is recommend to use: apt install python3-. Repositories maintained by Linux operating system developers typically have more stringent requirements for new packages.In the event that using an…

Read More
08 Nov

Azov Ransomware Identified as Wiper Malware

Attacks, Malware

Downloading software from illegitimate sources always carries a risk. In this case, the malware is being spread via pirated software. Whenever software is being downloaded, it should be from a legitimate source. As a rule of thumb, any paid software being advertised for free is highly likely to include a type of malware or adware with it. Windows Applocker and other security solutions can assist in defining an allow list for software within a secured…

Read More
08 Nov

CISA Adds Seven Known Exploited Vulnerabilities to Catalog

Attacks, Insights, Malware

Original release date: November 8, 2022 CISA has added seven vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column, which will sort by descending dates. Binding Operational Directive (BOD) 22-01:…

Read More
08 Nov

The 15 biggest data breaches of the 21st century

Data Breaches, Malware, Social Engineering

In today’s data-driven world, data breaches can affect hundreds of millions or even billions of people at a time. Digital transformation has increased the supply of data moving, and data breaches have scaled up with it as attackers exploit the data-dependencies of daily life. How large cyberattacks of the future might become remains speculation, but as this list of the biggest data breaches of the 21st Century indicates, they have already reached enormous magnitudes. […

Read More