CyberSecurity Updates

01 Aug

Forgepoint Capital Places $15M Series A Bet on Converge Insurance

Information, News

Venture capital outfit Forgepoint Capital has placed another bet in the cyber-insurance sector, leading a $15 million funding round for New York tech startup Converge Insurance. The $15 million Series A investment is Forgepoint’s second push into the cyber-insurance sector following last year’s incubation of Surefire Cyber, a startup selling incident response services specifically to cyber insurers, brokers and legal firms. Converge Insurance describes itself as a modern managing general agent (MGA) that fuses cyber…

Read More
01 Aug

CISA and International Partner NCSC-NO Release Joint Cybersecurity Advisory on Threat Actors Exploiting Ivanti EPMM Vulnerabilities

Attacks, Insights, Malware

The Cybersecurity and Infrastructure Security Agency (CISA) and the Norwegian National Cyber Security Centre (NCSC-NO) have released a joint Cybersecurity Advisory (CSA), Threat Actors Exploiting Ivanti EPMM Vulnerabilities, in response to the active exploitation of CVE-2023-35078 and CVE-2023-35081 affecting Ivanti Endpoint Manager Mobile (EPMM) (formerly known as MobileIron Core). Threat actors can chain these vulnerabilities to gain initial, privileged access to EPMM systems and execute uploaded files, such as webshells.  In July 2023, NCSC-NO became…

Read More
31 Jul

SEC demands four-day disclosure limit for cybersecurity breaches

Information

by Paul Ducklin Last week, the US Securities and Exchange Commission (SEC) announced new and fairly strict rules about cybersecurity breach disclosures for any people or companies that fall under its regulatory remit. The SEC, by the way, was founded at the height of the US Great Depression in the 1930s, with the aim of preventing the sort of unregulated speculation that led to what became known as Black Thursday, the infamous Wall Street crash…

Read More
31 Jul

US Gov Rolls Out National Cyber Workforce, Education Strategy

Information, News

The Biden administration on Monday rolled out its first-ever National Cyber Workforce and Education Strategy (NCWES), announcing a series of “generational investments” to  address immediate and long-term cyber workforce needs.  The new strategy seeks to transform cyber education in K-12 schools, community colleges and technical schools, invest in teachers and cyber education systems and make training more accessible and affordable.  “Filling the hundreds of thousands of cyber job vacancies across our nation is a national…

Read More
28 Jul

US, Australia Issue Warning Over Access Control Vulnerabilities in Web Applications

Information, News

New guidance from the Australian Cyber Security Centre (ACSC), the US Cybersecurity and Infrastructure Security Agency (CISA), and National Security Agency (NSA) warns developers, vendors, and organizations of access control vulnerabilities in web applications. Described as insecure direct object reference (IDOR) issues, they allow threat actors to read or tamper with sensitive data via application programming interface (API) requests that include the identifier of a valid user. These requests are successful because the authentication or…

Read More
28 Jul

In Other News: Data Breach Cost Rises, Russia Targets Diplomats, Tracker Alerts in Android 

Data Breaches, Information, News

SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape. Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and…

Read More
28 Jul

Exploitation of Recent Citrix ShareFile RCE Vulnerability Begins

Information, News

Threat intelligence company Greynoise says it has observed the first attempts to exploit a recent critical remote code execution (RCE) vulnerability in Citrix ShareFile. A popular cloud-based file-sharing and collaboration solution, ShareFile allows users to store files in their own data centers, via a storage zones controller (or storage center), a .NET web application running under Internet Information Services (IIS). The vulnerability, tracked as CVE-2023-24489 (CVSS score of 9.1), was the result of errors leading…

Read More
28 Jul

Ivanti Releases Security Updates for EPMM to address CVE-2023-35081

Attacks, Insights, Malware

Ivanti has identified and released patches for a directory traversal vulnerability (CVE-2023-35081, CWE-22) in Ivanti Endpoint Manager Mobile (EPMM). This vulnerability allows an attacker with EPMM administrator privileges to write arbitrary files with the operating system privileges of the EPMM web application server. The attacker could then execute the uploaded file, for example, a web shell. To gain EPMM administrator privileges, the attacker could exploit CVE-2023-35078 on an unpatched system. Ivanti reports active exploitation of…

Read More
28 Jul

CISA Releases Malware Analysis Reports on Barracuda Backdoors

Attacks, Insights, Malware

CISA has published three malware analysis reports on malware variants associated with exploitation of CVE-2023-2868. CVE-2023-2868 is a remote command injection vulnerability affecting Barracuda Email Security Gateway (ESG) Appliance, versions 5.1.3.001-9.2.0.006. It was exploited as a zero day as early as October 2022 to gain access to ESG appliances. According to industry reporting, the actors exploited the vulnerability to gain initial access to victim systems and then implanted backdoors to establish and maintain persistence. CISA…

Read More