Malware

Descope launches authentication and user management SaaS

Descope has launched its first product, a platform designed to help developers add authentication and user management capabilities to their business-to-consumer and business-to-business applications. The software as a service is available now. Developers can access the product free of charge for up to 7,500 monthly active uses for B2C applications and up to 50 tenants for B2B apps. Beyond these there is a US$0.10 per user and US$20 per tenant. The Descope platform aims to…

Read More

Defending against attacks on Azure AD: Goodbye firewall, hello identity protection

Not too long ago, guarding access to the network was the focal point of defense for security teams. Powerful firewalls ensured that attackers were blocked on the outside while on the inside things might get “squishy,” allowing users fairly free rein within. Those firewalls were the ultimate defense—no one undesirable got access. Until they did. With the advent of cloud computing, the edge of a network is no longer protected by a firewall. In fact,…

Read More

Attacks on industrial infrastructure on the rise, defenses struggle to keep up

The last year saw a rise in the sophistication and number of attacks targeting industrial infrastructure, including the discovery of a modular malware toolkit that’s capable of targeting tens of thousands of industrial control systems (ICS) across different industry verticals. At the same time, incident response engagements by industrial cybersecurity firm Dragos showed that 80% of impacted environments lacked visibility into ICS traffic and half had network segmentation issues and uncontrolled external connections into their…

Read More

Mozilla Releases Security Updates for Firefox 110 and Firefox ESR

Original release date: February 14, 2023 Mozilla has released security updates to address vulnerabilities in Firefox 110 and Firefox ESR. An attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Mozilla’s security advisories for Firefox 110 and Firefox ESR 102.8 for more information and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Read More

Citrix Releases Security Updates for Workspace Apps, Virtual Apps and Desktops

Original release date: February 14, 2023 Citrix has released security updates to address high-severity vulnerabilities (CVE-2023-24486, CVE-2023-24484, CVE-2023-24485, and CVE-2023-24483) in Citrix Workspace Apps, Virtual Apps and Desktops. A local user could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Citrix security bulletins CTX477618, CTX477617, and CTX477616 for more information and to apply the necessary updates. This product is provided subject to this Notification and this…

Read More

CISA Adds Four Known Exploited Vulnerabilities to Catalog

Original release date: February 14, 2023 CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view the newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column, which will sort by descending dates. Binding Operational Directive (BOD) 22-01:…

Read More

Microsoft Releases February 2023 Security Updates

Original release date: February 14, 2023 Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s February 2023 Security Update Guide and Deployment Information and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Read More

Apple Deploys Patch Fixing Actively-Exploited WebKit Vulnerability

Companies are highly encouraged to patch as soon as their change management procedures allow. It’s possible that threat actors using this exploit currently will ramp up deployment in an effort to compromise devices before they get patched. Additionally, analysts should look for suspicious processes and activity stemming from Safari, pending further information from Apple about the specifics of the exploit, as far back as their logging allows. https://www.bleepingcomputer.com/news/security/apple-fixes-new-webkit-zero-day-exploited-to-hack-iphones-macs/

Read More

Mortal Kombat Ransomware Targeting US Victims

This group is clearly financially motivated, using the ransomware as one way to target victims and encrypt files for extortion, in addition to exploiting the chance to steal cryptocurrency. Talos analysts assess that this particular ransomware isn’t very sophisticated as it will target system files and applications too, which are commonly avoided to prevent the system from becoming unstable. A victim will know they are infected because their wallpaper will change to a Mortal Kombat…

Read More

Stealthy ‘Beep’ Malware Discovered

Although Beep’s functionality is currently limited, it’s clear that the developers have high ambitions for a variety of functionality. While the evasion tactics used in Beep are plentiful, they generally center around avoiding anti-virus, and being difficult to reverse engineer. Behavioral analysis can still provide great value in detecting threats such as this. It’s important to have a defense-in-depth program which includes proactive threat hunting of post compromise activities in order to combat emerging threats…

Read More