Malware

16 Mar

UK bans TikTok on government devices over data security fears

Data Breaches, Malware, Social Engineering

Social media app TikTok has been banned on UK government electronic devices, the Cabinet Office has announced. The ban, announced by the chancellor of the Duchy of Lancaster, Oliver Dowden, comes in the wake of a security review into the risks posed to government data by social media apps on devices along with the potential for sensitive information to be accessed and used by some platforms. The move follows other Western countries who have barred…

Read More
16 Mar

FBI, CISA, and MS-ISAC Release #StopRansomware: LockBit 3.0

Attacks, Insights, Malware

The Federal Bureau of Investigation (FBI), CISA, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) has released a joint cybersecurity advisory (CSA), #StopRansomware: LockBit 3.0. This joint advisory details known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) that FBI investigations correlated with LockBit 3.0 ransomware as recently as March 2023. LockBit 3.0 functions as an affiliate-based ransomware variant and is a continuation of LockBit 2.0 and LockBit. CISA encourages network defenders…

Read More
16 Mar

When and how to report a breach to the SEC

Data Breaches, Malware, Social Engineering

New cybersecurity reporting requirements for publicly traded companies are expected to be enacted in the spring of 2023, with proposed rules from the US Securities and Exchange Commission (SEC) looking for more information and transparency from those hit with security incidents. Under the proposal, the SEC would implement three new rules that public companies will need to follow: A requirement that companies report any cybersecurity event within four business days of determining that it was…

Read More
16 Mar

Why red team exercises for AI should be on a CISO’s radar

Data Breaches, Malware, Social Engineering

AI and machine learning (ML) capabilities present a huge opportunity for digital transformation but open yet another threat surface that CISOs and risk professionals will have to keep tabs on. Accordingly, CISOs will need to direct their teams to conduct red team exercises against AI models and AI-enabled applications — just as security teams do with any traditional application, platform, or IT system. AI increasingly powers business decision-making, financial forecasting, predictive maintenance, and an endless list…

Read More
16 Mar

Russian hacktivist group targets India’s health ministry

Data Breaches, Malware, Social Engineering

A Russian hacktivist group has claimed to have breached the health management information system of India, which could contain the health data of millions of Indian citizens. “On 15 March 2023, CloudSek’s contextual AI digital risk platform XVigil discovered a threat actor group claiming to have targeted an Indian government website,” cybersecurity firm CloudSek said in a post. “An analysis of the samples shared concluded that the affected entity is the Health Management Information system…

Read More
15 Mar

Rubrik Confirms Data Theft in GoAnywhere 0-Day Attack

Attacks, Malware

While typically it is recommended to maintain good threat intelligence and an adequate patching schedule, neither of these recommendations would apply in this case as this vulnerability was exploited as a 0-day prior to the patch that was released in February. The best defense against 0-day vulnerabilities is to employ a defense-in-depth strategy. While it won’t stop the 0-day, employing this strategy makes it much more likely to detect the attack at an earlier step…

Read More
15 Mar

Cybercriminals Exploit SVB Collapse to Steal Money and Data

Attacks, Malware

The wisest course of action for former SVB customers is to maintain composure and adhere to the FDIC’s and the U.S. government’s established communication channels. Avoid emails from strange websites and double-check any requests for bank account changes or payments in regards to SVB accounts. Any requests for changes or payments should be verified with a direct communication using a phone call instead of email. Email accounts may be compromised, and all requests should be…

Read More
15 Mar

Microsoft Fixes Outlook Zero-day Used by Russian Attackers Since April 2022

Attacks, Malware

Microsoft urges customers to immediately patch their systems against CVE-2023-23397 or add users to the Protected Users group in Active Directory and block outbound SMB (TCP port 445) as a temporary mitigation to minimize the impact of the attacks. Redmond also released a dedicated PowerShell script to help admins check if any users in their Exchange environment have been targeted using this Outlook vulnerability. It “checks Exchange messaging items (mail, calendar and tasks) to see…

Read More
15 Mar

CISA released four Industrial…

Attacks, Insights, Malware

CISA released four Industrial Control Systems (ICS) advisories on March 14, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-23-073-01 Omron CJ1m PLC ICSA-23-073-02 Autodesk FBX SDK ICSA-23-073-03 GE iFIX ICSA-23-073-04 AVEVA Plant SCADA and AVEVA Telemetry Server

Read More
15 Mar

Mozilla has released security…

Attacks, Insights, Malware

Mozilla has released security updates to address vulnerabilities in Firefox 111 and Firefox ESR 102.9. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Mozilla’s security advisories for Firefox 111 and Firefox ESR 102.9 for more information and apply the necessary updates. Please share your thoughts. We recently updated our anonymous Product Feedback Survey and we’d welcome your feedback.

Read More