Malware

15 Jun

S3 Ep139: Are password rules like running through rain?

Information, Malware

by Paul Ducklin DON’T GET INTO THE HABIT OF A BAD HABIT Magnetic core memory. Patch Tuesday and SketchUp shenanigans. More MOVEit mitigations. Mt. Gox back in the news. Gozi malware criminal imprisoned at last. Are password rules like running through rain? No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify,…

Read More
15 Jun

CISA, FBI, and MS-ISAC Update Joint CSA on Progress Telerik Vulnerabilities

Attacks, Insights, Malware

Today, CISA, the Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) released an update for joint Cybersecurity Advisory (CSA) Threat Actors Exploit Progress Telerik Vulnerability in U.S. Government IIS Server.  This iteration of the CSA—now renamed Threat Actors Exploit Progress Telerik Vulnerabilities in Multiple U.S. Government IIS Servers—is based on the forensic analysis and identified exploitation of CVE-2017-9248 at an additional FCEB agency. Activity identified at this agency is separate…

Read More
15 Jun

Barracuda Networks Releases Update to Address ESG Vulnerability

Attacks, Insights, Malware

Barracuda Networks has released an update to their advisory addressing a vulnerability—CVE-2023-2868—in their Email Security Gateway Appliance (ESG). According to Barracuda, customers should replace impacted appliances immediately.  CISA urges organizations to review the Barracuda advisory and for all impacted customers to follow the mitigation steps as well as hunt for the listed indicators of compromise (IOCs) to uncover any malicious activity. For more information, see Mandiant’s advisory on Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally…

Read More
15 Jun

CISA Releases Fourteen Industrial Control Systems Advisories

Attacks, Insights, Malware

CISA released fourteen Industrial Control Systems (ICS) advisories on June 15, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.  ICSA-23-166-01 SUBNET PowerSYSTEM Center ICSA-23-166-02 Advantech WebAccessSCADA ICSA-23-166-03 Siemens SICAM Q200 Devices ICSA-23-166-04 Siemens SIMOTION ICSA-23-166-05 Siemens SIMATIC WinCC ICSA-23-166-06 Siemens TIA Portal ICSA-23-166-07 Siemens SIMATIC WinCC V7 ICSA-23-166-08 Siemens SIMATIC STEP 7 and Derived Products ICSA-23-166-09 Siemens Solid Edge ICSA-23-166-10 Siemens SIMATIC S7-1500 TM MFP BIOS ICSA-23-166-11 Siemens…

Read More
15 Jun

Progress Software Releases Security Advisory for MOVEit Transfer Vulnerability

Attacks, Insights, Malware

Progress Software has released a security advisory for a privilege escalation vulnerability (CVE-2023-35708) in MOVEit Transfer—a Managed File Transfer Software. A cyber threat actor could exploit this vulnerability to take control of an affected system. CISA urges users and organizations to review the MOVEit Transfer advisory, follow the mitigation steps, and apply the necessary updates when available.

Read More
15 Jun

5 best practices to ensure the security of third-party APIs

Data Breaches, Malware, Social Engineering

When organizations consider application programming interface (API) security, they typically focus on securing APIs that are written in-house. However, not all the APIs that companies use are developed internally, rather some are designed and developed by other organizations. The problem is that many companies don’t realize that using third-party APIs can expose their applications to security issues, such as malware, data breaches, and unauthorized access. Third-party APIs are software interfaces that allow organizations to leverage…

Read More
15 Jun

Security culture improving in businesses despite factors holding teams back

Data Breaches, Malware, Social Engineering

The vast majority of CISOs have observed positive security culture gains in their organizations in the last year despite a perceived dip in the quality of overall security posture, according to the 10th annual Information Security Maturity Report published by ClubCISO and Telstra Purple. The research surveyed 182 members of ClubCISO, a global community of information security leaders working in public and private sector companies. The paper paints an optimistic picture of organizational security with…

Read More
14 Jun

Attackers set up rogue GitHub repos with malware posing as zero-day exploits

Data Breaches, Malware, Social Engineering

In an unusual attack campaign, a hacker has been setting up rogue GitHub repositories that claim to host zero-day exploits for popular applications but which instead deliver malware. The attacker also created fake GitHub and Twitter accounts posing as security researchers and even used real photos of researchers from well-known cybersecurity firms. “The attacker has made a lot of effort to create all these fake personas, only to deliver very obvious malware,” researchers from security…

Read More
14 Jun

Microsoft Office 365 AitM phishing reveals signs of much larger BEC campaign

Data Breaches, Malware, Social Engineering

Researchers investigating an Office 365 account compromise resulting from an adversary-in-the-middle (AitM) phishing attack found evidence of a much larger global attack campaign that spans the past year and is possibly tied to an infostealer malware called FormBook. “In the past few years, Sygnia’s IR teams have engaged in numerous incidents in which world-wide organizations were targeted by BEC attacks,” researchers from cybersecurity firm Sygnia said in their report. “While some of these attacks were…

Read More
14 Jun

Cybersixgill automates threat intelligence with IQ generative AI application

Data Breaches, Malware, Social Engineering

Cybersixgill’s new IQ cybersecurity threat intelligence application promises to offer quicker and more digestible intelligence on potential threats on the dark web, by leveraging generative AI to provide automated reporting and dissemination of information. The idea is to simplify access to threat intelligence data, which ordinarily is done manually by analysts. According to the company’s announcement, Cybersixgill IQ, which is trained on the company’s own data sets, is able to “democratize” cybersecurity threat intelligence by…

Read More