Malware

Russian hacktivist group targets India’s health ministry

A Russian hacktivist group has claimed to have breached the health management information system of India, which could contain the health data of millions of Indian citizens. “On 15 March 2023, CloudSek’s contextual AI digital risk platform XVigil discovered a threat actor group claiming to have targeted an Indian government website,” cybersecurity firm CloudSek said in a post. “An analysis of the samples shared concluded that the affected entity is the Health Management Information system…

Read More

Rubrik Confirms Data Theft in GoAnywhere 0-Day Attack

While typically it is recommended to maintain good threat intelligence and an adequate patching schedule, neither of these recommendations would apply in this case as this vulnerability was exploited as a 0-day prior to the patch that was released in February. The best defense against 0-day vulnerabilities is to employ a defense-in-depth strategy. While it won’t stop the 0-day, employing this strategy makes it much more likely to detect the attack at an earlier step…

Read More

Cybercriminals Exploit SVB Collapse to Steal Money and Data

The wisest course of action for former SVB customers is to maintain composure and adhere to the FDIC’s and the U.S. government’s established communication channels. Avoid emails from strange websites and double-check any requests for bank account changes or payments in regards to SVB accounts. Any requests for changes or payments should be verified with a direct communication using a phone call instead of email. Email accounts may be compromised, and all requests should be…

Read More

Microsoft Fixes Outlook Zero-day Used by Russian Attackers Since April 2022

Microsoft urges customers to immediately patch their systems against CVE-2023-23397 or add users to the Protected Users group in Active Directory and block outbound SMB (TCP port 445) as a temporary mitigation to minimize the impact of the attacks. Redmond also released a dedicated PowerShell script to help admins check if any users in their Exchange environment have been targeted using this Outlook vulnerability. It “checks Exchange messaging items (mail, calendar and tasks) to see…

Read More

CISA released four Industrial…

CISA released four Industrial Control Systems (ICS) advisories on March 14, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-23-073-01 Omron CJ1m PLC ICSA-23-073-02 Autodesk FBX SDK ICSA-23-073-03 GE iFIX ICSA-23-073-04 AVEVA Plant SCADA and AVEVA Telemetry Server

Read More

Mozilla has released security…

Mozilla has released security updates to address vulnerabilities in Firefox 111 and Firefox ESR 102.9. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Mozilla’s security advisories for Firefox 111 and Firefox ESR 102.9 for more information and apply the necessary updates. Please share your thoughts. We recently updated our anonymous Product Feedback Survey and we’d welcome your feedback.

Read More

Today, the CISA, Federal Bureau of…

Today, the CISA, Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint Cybersecurity Advisory (CSA), Threat Actors Exploit Progress Telerik Vulnerability in U.S. Government IIS Server. This joint CSA provides IT infrastructure defenders with tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), and methods to detect and protect against similar, successful CVE-2019-18935 exploitation. As detailed in the advisory, CISA analysts determined that multiple cyber threat actors, including…

Read More

Dell beefs up security portfolio with new threat detection and recovery tools

Dell Technologies has added a slew of in-house as well as partnered capabilities to its security portfolio in a bid to beef up its capabilities in areas including threat security, management, and incident response. “Through ongoing innovation and a powerful ecosystem of partners, we’re committed to helping organizations protect against threats, withstand and recover from attacks and provide confidence that their environments are secure,” said Matt Baker, senior vice president, corporate strategy at Dell Technologies.…

Read More

Cybercriminals target SVB customers with BEC and cryptocurrency scams

Cybercriminals have started taking advantage of Silicon Valley Bank’s (SVB) downfall to carrying out scams that can steal money, and bank account information, or infect customers’ systems with malware. SVB was shut down on March 10 by the California Department of Financial Protection and Innovation, after the bank failed to raise capital to keep running. SVB customers are expected to transfer their financial operations to other banks in the coming weeks. This means these customers…

Read More

Palo Alto announces new SD-WAN features for IoT security, compliance support

Cybersecurity vendor Palo Alto has announced new software-defined wide area network (SD-WAN) features in its Prisma SASE solution for IoT device security and to help customers meet industry-specific security compliance requirements. It has also announced advanced URL filtering for the prevention of unknown and evasive man-in-the-middle (MitM) and SaaS platform phishing attacks. SD-WAN for IoT security provides device visibility, prevents threats Prisma SD-WAN with integrated IoT security enables accurate detection and identification of branch IoT…

Read More