CyberSecurity Updates

01 Feb

Phishing Resistance – Protecting the Keys to Your Kingdom

Insights

Credit: Shutterstock If you own a computer, watch the news, or spend virtually any time online these days you have probably heard the term “phishing.” Never in a positive context…and possibly because you have been a victim yourself. Phishing refers to a variety of attacks that are intended to convince you to forfeit sensitive data to an imposter. These attacks can take a number of different forms; from spear-phishing (which targets a specific individual within…

Read More
01 Feb

Why you might not be done with your January Microsoft security patches

Data Breaches, Malware, Social Engineering

The January patching window for your firm has probably come and gone. But has it? While January included a huge release of patches, several releases in other months have provided more than one headache for the patch management community. These are the patches and updates you need to evaluate if you haven’t already done so. BitLocker Security Feature Bypass Vulnerability In January, additional information came out about CVE-2022-41099, the BitLocker Security Feature Bypass Vulnerability. If…

Read More
01 Feb

US DOJ applies carrot-and-stick approach to Foreign Corrupt Practices Act policy

Data Breaches, Malware, Social Engineering

The US Department of Justice (DOJ) has taken a carrot-and-stick approach to its corporate enforcement policy in regard to the Foreign Corrupt Practices Act (FCPA) in an effort to entice companies to self-report when in violation of the FCPA. Assistant Attorney General Kenneth A. Polite, Jr., shared the 2022 success of the Criminal Division of the DOJ in its pursuit of corrupt and criminal activities within corporations that “threaten the public safety and national security, [and] wrongfully…

Read More
31 Jan

United States No Fly List Shared on Hacking Forum

Attacks, Malware

This list has always been kept away from the public eye. Now that it has been posted publicly and released, the U.S. government and TSA have all began investigation into the leak and into the threat actor behind the leak. The threat actor took their attack one step further by claiming to have pivoted from the AWS server into gaining access to more critical systems that would allow them to delay or cancel flights. Air…

Read More
31 Jan

Copycat Group Mimicking LockBit in Northern Europe

Attacks, Malware

To protect against ransomware attacks, organizations should:• Regularly back up data, air gap, and password protect backup copies offline.• Ensure copies of critical data are not accessible for modification or deletion• Implement network segmentation.• Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location.• Install updates/patch operating systems, software, and firmware as soon as possible.• Implement monitoring of security events on…

Read More
31 Jan

Exploit for VMware vRealize to be Released

Attacks, Malware

The VMware patch for vRealize is available now, and system administrators should update the software as soon as possible. Ensuring that vRealize is not exposed to the internet is also an important factor to consider. Below are the version details for the software patch: • VMware vRealize Log Insight◦ Fixed version: 8.10.2• VMware Cloud Foundation (VMware vRealize Log Insight)◦ Fixed Version: KB90668IOCs for potential exploitation of this vulnerability can be found here: https://www.horizon3.ai/vmware-vrealize-cve-2022-31706-iocs/ https://www.bleepingcomputer.com/news/security/researchers-to-release-vmware-vrealize-log-rce-exploit-patch-now/

Read More
31 Jan

Serious Security: The Samba logon bug caused by outdated crypto

Information

by Paul Ducklin Samba, simply put, is a super-useful, mega-popular, open-source reimplementation of the networking protocols used in Microsoft Windows, and its historical importance in internetworking (connecting two different sorts of network together) cannot be underestimated. In the late 1990s, Microsoft networking shed its opaque, proprietary nature and became an open standard known as CIFS, short for common internet file system. But there was nothing “common” or “open” about it in the early 1990s, when…

Read More
31 Jan

GitHub code-signing certificates stolen (but will be revoked this week)

Information

by Paul Ducklin Another day, another access-token-based database breach. This time, the victim (and in some ways, of course, also the culprit) is Microsoft’s GitHub business. GitHub claims that it spotted the breach quickly, the day after it happened, but by then the damage had been done: On December 6, 2022, repositories from our atom, desktop, and other deprecated GitHub-owned organizations were cloned by a compromised Personal Access Token (PAT) associated with a machine account.…

Read More
31 Jan

IoT, connected devices biggest contributors to expanding application attack surface

Data Breaches, Malware, Social Engineering

The growth of the internet of things (IoT) and connected devices are the biggest contributing factors to organizations’ expanding attack surfaces. That’s according to a new report from Cisco AppDynamics, which revealed that 89% of global IT professionals believe their organization has experienced an expansion in its attack surface over the last two years. The Shift to a Security Approach for the Full Application Stack report surveyed 1,150 IT professionals in organizations across a range…

Read More
31 Jan

Guardz debuts with cybersecurity-as-a-service for small businesses

Data Breaches, Malware, Social Engineering

Guardz, a Tel Aviv-based startup promising a broad range of out-of-the-box cybersecurity solutions for small and medium-size businesses (SMBs), has announced both a successful $10 million round of seed funding and the broad availability of its flagship product. The premise of the company’s main offering is tight API integration with Microsoft 365 and Google Workspace. Guardz automatically enrolls all user accounts upon activation, and monitors risk posture, performs threat detection on all monitored accounts and…

Read More