CyberSecurity Updates

23 Jun

Aussie PM says, “Shut down your phone every 24 hours for 5 mins” – but that’s not enough on its own

Information, Malware

by Paul Ducklin The Australian Prime Minister, Anthony Albanese, has apparently advised people Down Under to turn off their mobile phones once a day, for the surprisingly precise period of five minutes, as a cybersecurity measure. UK newspaper The Guardian quotes the PM as saying: We all have a responsibility. Simple things, turn your phone off every night for five minutes. For people watching this, do that every 24 hours, do it while you’re brushing…

Read More
23 Jun

Public exploit is now available for Cisco AnyConnect VPN client

Data Breaches, Malware, Social Engineering

An easy-to-use exploit was publicly released this week for a patched vulnerability that affects the widely used Cisco AnyConnect Secure Mobility Client and Cisco Secure Client applications for Windows. Attackers could leverage the exploit to elevate their privileges on a victim’s system and take full control of it. Cisco Secure Client for Windows, previously known as Cisco AnyConnect Secure Mobility Client before version 5.0, is an application that integrates with multiple Cisco endpoint security and…

Read More
23 Jun

NSA Issues Guidance on Mitigating BlackLotus Bootkit Infections

Information, News

The National Security Agency (NSA) has published technical mitigation guidance to help organizations harden systems against BlackLotus UEFI bootkit infections. The NSA’s recommendations provide a blueprint for defenders to protect systems from BlackLotus, a stealthy malware that emerged on underground forums in late 2022 with capabilities that include user access control (UAC) and secure boot bypass, unsigned driver loading, and prolonged persistence. To disable secure boot, the bootkit exploits a year-old vulnerability in Windows (CVE-2022-21894)…

Read More
23 Jun

In Other News: Microsoft Win32 App Isolation,Tsunami Hits Linux Servers, ChatGPT Credentials Exposed on Dark Web

Information, News

SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape. Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and…

Read More
23 Jun

CISA Tells US Agencies to Patch Exploited Roundcube, VMware Flaws

Information, News

The US government’s cybersecurity agency CISA on Thursday added another batch of security flaws to its Known Exploited Vulnerabilities (KEV) catalog and urged federal agencies to patch these issues as a matter of urgency. The already exploited vulnerabilities affect users of the open-source Roundcube webmail server and VMware Aria Operations for Networks. Exploitation of the open-source mail server Roundcube flaws has been linked to Russian state-sponsored attacks against the Ukrainian government and other high-profile entities…

Read More
23 Jun

Millions of GitHub repositories vulnerable to RepoJacking: Report

Data Breaches, Malware, Social Engineering

Millions of GitHub repositories are potentially vulnerable to RepoJacking, which allows attackers to carry out code execution on organizations’ internal environments or on their customers’ environments, according to research by AquaSec.  AquaSec analyzed a sample of 1.25 million GitHub repositories and found that about 2.95% were vulnerable to RepoJacking, including repositories belonging to companies such as Google and Lyft.  What is RepoJacking? On GitHub, organizations have usernames and repository names. In instances such as a…

Read More
23 Jun

CISA Adds Five Known Exploited Vulnerabilities to Catalog

Attacks, Insights, Malware

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-32434 Apple Multiple Products Integer Overflow Vulnerability CVE-2023-32435 Apple iOS and iPadOS WebKit Memory Corruption Vulnerability CVE-2023-32439 Apple iOS, iPadOS, and macOS WebKit Type Confusion Vulnerability CVE-2023-20867 VMware Tools Authentication Bypass Vulnerability CVE-2023-27992 Mozilla Firefox, Firefox ESR, and Thunderbird Use-After-Free Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view…

Read More
23 Jun

IOTW: A full timeline of the MOVEit cyber attack

Attacks, Data Breaches

Ransomware gang Clop, which has taken responsibility for the cyber attack launched against document transfer service MOVEit, has announced that it has not stolen data from companies thought to be impacted by data breaches linked to the attack. These companies include the UK’s British Broadcasting Company (BBC), British Airways and high street health and beauty retailer Boots. Since June 14, Clop has been posting company profiles of companies allegedly impacted by data breaches caused by…

Read More
22 Jun

Maltego: Check how exposed you are online

Information

A primer on how to use this powerful tool for uncovering and connecting information from publicly available sources It’s a truism that personal data is a valuable asset for cybercriminals, as it allows them to tailor and otherwise improve their phishing and other social engineering attacks. The wealth and variety of personal data that is available online is leveraged for attacks and scams that target not only people but also companies. But organizations too can…

Read More