Malware

02 Nov

GAO report: government departments need dedicated leaders to oversee privacy goals

Data Breaches, Malware, Social Engineering

The US Government Accountability Office (GAO) released a comprehensive report in late September 2022 that discussed the need for dedicated privacy leadership within the departments and agencies of the executive branch of government if goals surrounding privacy are to be achieved. The report highlighted how this void in leadership was in essence putting at risk well-intentioned plans and procedures for protecting the personal identifiable information (PII) held within those entities. The GAO recommended that Congress…

Read More
02 Nov

Netacea launches malicious bot intelligence service to help customers tackle threats

Data Breaches, Malware, Social Engineering

Cybersecurity vendor Netacea has announced the launch of a new Business Logic Intelligence Service (BLIS) designed to give customers actionable insight to help them tackle malicious bot activity and security threats. The firm said that the tiered, fee-based service will provide organizations with bot threat intelligence based on research including analysis of dark web forums and marketplaces. Earlier this year, the 2022 Imperva Bad Bot Report revealed an uptick in malicious bot activity driving online…

Read More
02 Nov

How to securely manage LAPS on a Windows network

Data Breaches, Malware, Social Engineering

Passwords have always been a pain point in securing computing infrastructure. Complexity and length are key components of a strong password, but both make it inherently difficult for a human to remember. Additionally, passwords should be changed periodically, fine when you’re working with a handful of devices, but when your network is distributed geographically with hundreds, or thousands of computers things get more complex. Fortunately, Microsoft has had a solution to this problem in the…

Read More
01 Nov

OpenSSL Releases Security Update

Attacks, Insights, Malware

Original release date: November 1, 2022 OpenSSL has released a security advisory to address two vulnerabilities, CVE-2022-3602 and CVE-2022-3786, affecting OpenSSL versions 3.0.0 through 3.0.6. Both CVE-2022-3602 and CVE-2022-3786 can cause a denial of service. According to OpenSSL, a cyber threat actor leveraging CVE-2022-3786, “can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code…

Read More
01 Nov

OpenSSL project patches two vulnerabilities but downgrades severity

Data Breaches, Malware, Social Engineering

The OpenSSL project released a patch for two high severity vulnerabilities in the world’s most widely used cryptographic library. The project’s maintainers warned users since last week to prepare for a critical patch on November 1, but the severity has since been downgraded following additional testing. Organizations should still determine which of their applications and servers are impacted and deploy the patches as soon as possible. The vulnerabilities affect all versions of OpenSSL 3.0, which…

Read More
01 Nov

K7SecuritySuite Antivirus Software Exploited to Deploy LODEINFO Malware

Attacks, Malware

DLL side-loading remains a popular technique for malware developers because it offers a lot of potential for detection evasion by masking its execution with legitimate software execution. This problem can be approached in a number of ways. Organizations may find application whitelisting and disabling installation by unprivileged users via group policy to be useful in mitigating this threat. EDR and SIEM tools also provide very valuable insight into anomalous software installations and executions in an…

Read More
01 Nov

CISA Releases Updated Guidance on Implementing Phishing-Resistant Multifactor Authentication

Attacks, Malware

When considering the current threat landscape, MFA should be required for all devices accessed from outside of internal resources and for any high-value devices internal to the organization. This includes solutions used to work from home (WFH) such as Virtual Private Networks (VPNs) or Virtual Desktop Infrastructure (VDI), as well as business-critical servers and accounts that have access to sensitive data. FIDO/WebAuthn authentication keys, such as YubiKeys, are by far the MFA most resistant to…

Read More
01 Nov

ConnectWise Addresses Critical Remote Code Vulnerability

Attacks, Malware

ConnectWise has announced that they do not have any evidence of the vulnerability currently being exploited in the wild. Anyone that runs this software should ensure that they are staying up to date on security patches and are running the most current version to prevent them from being susceptible to the vulnerability. Experts warn of critical RCE in ConnectWise Server Backup Solution

Read More
01 Nov

CISA Upgrades to TLP 2.0

Attacks, Insights, Malware

Original release date: November 1, 2022 Today, CISA officially upgraded to Traffic Light Protocol (TLP) 2.0, which facilitates greater information sharing and collaboration. CISA made this upgrade in accordance with the recommendation from the Forum of Incident Response and Security Teams to upgrade to TLP 2.0 by January 2023. Key TLP 2.0 updates: TLP 2.0 changes TLP:WHITE to TLP:CLEAR. TLP 2.0 adds the designation TLP:AMBER+STRICT, which instructs the recipient to keep the information strictly within…

Read More
01 Nov

CISA Releases One Industrial Control Systems Advisory

Attacks, Insights, Malware

Original release date: November 1, 2022 CISA released one Industrial Control Systems (ICS) advisory on November 1, 2022. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations: ICSA-22-221-01 Mitsubishi Electric Multiple Factory Automation Products (Update C) This product is provided subject to this Notification and this Privacy & Use policy.

Read More