Malware

02 Feb

Cisco Releases Security Advisories for Multiple Products

Attacks, Insights, Malware

Original release date: February 2, 2023 Cisco released security updates for vulnerabilities affecting multiple products. A remote attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Cisco Security Advisories page and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Read More
02 Feb

Drupal Releases Security Update to Address a Vulnerability in Apigee Edge

Attacks, Insights, Malware

Original release date: February 2, 2023 Drupal released a security update to address a vulnerability affecting the Apigee Edge module for Drupal 9.x. An attacker could exploit this vulnerability to bypass access authorization or disclose sensitive information. CISA encourages users and administrators to review Drupal’s security advisory SA-CONTRIB- 2023-005 and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Read More
02 Feb

NTT, Palo Alto partner for managed SASE with AIOps

Data Breaches, Malware, Social Engineering

A new offering from IT services provider NTT combines Palo Alto Networks’ Prisma SASE offering with NTT’s managed network services and AIOps infrastructure. SASE – secure access service edge – has been gaining interest for its potential to reduce networking complexity while improving security. It combines SD-WAN with security services, including secure web access gateway (SWG), cloud access security broker (CASB), zero-trust network access (ZTNA), and firewall-as-a-service (FWaaS), in a single, cloud-delivered service model. Increasingly, companies looking…

Read More
02 Feb

Foreign states already using ChatGPT maliciously, UK IT leaders believe

Data Breaches, Malware, Social Engineering

Most UK IT leaders believe that foreign states are already using the ChatGPT chatbot for malicious purposes against other nations. That’s according to a new study from BlackBerry, which surveyed 500 UK IT decision makers revealing that, while 60% of respondents see ChatGPT as generally being used for “good” purposes, 72% are concerned by its potential to be used for malicious purposes when it comes to cybersecurity. In fact, almost half (48%) predicted that a…

Read More
02 Feb

APT groups use ransomware TTPs as cover for intelligence gathering and sabotage

Data Breaches, Malware, Social Engineering

State-sponsored threat groups increasingly use ransomware-like attacks as cover to hide more insidious activities. Russian advanced persistent threat (APT) group Sandworm used ransomware programs to destroy data multiple times over the past six months while North Korea’s Lazarus group used infrastructure previously associated with a ransomware group for intelligence gathering campaigns. At the same time, some Chinese APTs that were traditionally targeting entities in Asia shifted their focus to European companies, while Iran-based groups that…

Read More
01 Feb

New “MITRE ATT&CK-like” framework outlines software supply chain attack TTPs

Data Breaches, Malware, Social Engineering

A new open framework has been launched to outline a comprehensive and actionable way for businesses and security teams to understand attacker behaviors and techniques specifically impacting the software supply chain. The Open Software Supply Chain Attack Reference (OSC&R) initiative, led by OX Security, evaluates software supply chain security threats, covering a wide range of attack vectors including vulnerabilities in third-party libraries and components, supply chain attacks on build and deployment systems, and compromised or…

Read More
01 Feb

New Chromebook Exploit Allows Users to Unenroll Managed Devices

Attacks, Malware

As Sh1mmer requires a USB in order to function, it is unlikely that an attacker is going to add this exploit to their toolkit. However, it is possible that an attacker may socially engineer a user into performing this exploit on their own device. From an organizational standpoint, however, the biggest risk comes from users unenrolling their devices on their own to bypass security restrictions, which would then leave their device vulnerable to further compromise.…

Read More
01 Feb

Potential KeePass Flaw Discovered Allowing Plaintext Vault Export

Attacks, Malware

This “vulnerability” is controversial from the perspective of KeePass and other information security practitioners. Both parties point out that a user’s failure to secure write access to the KeePass configuration file isn’t an inherent vulnerability with KeePass itself. Furthermore, if a threat actor is able to access a properly protected configuration file, the potential to steal the contents of the victims KeePass vault is nearly endless. For example, a threat actor could replace the KeePass…

Read More
01 Feb

Hackers Use New IceBreaker Malware to Breach Gaming Companies

Attacks, Malware

At this time, not much is known about the IceBreaker group, but Security Joes decided to publish a report on their findings and share all captured IoCs (indicators of compromise) to help defenders detect and tackle this threat. The researchers have published a technical report describing the threat actor’s modus operandi and how their backdoor works. YARA rules have also been published to help organizations detect the malware. Additionally, Security Joes recommends companies suspecting a…

Read More
01 Feb

VMware Releases Security Update for VMware vRealize Operations

Attacks, Insights, Malware

Original release date: February 1, 2023 VMware released a security update that addresses a cross-site request forgery bypass vulnerability affecting VMware vRealize Operations. A malicious user could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2023-0002 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Read More