CyberSecurity Updates

28 Jan

SwiftSlicer: New destructive wiper malware strikes Ukraine

Information

Sandworm continues to conduct attacks against carefully chosen targets in the war-torn country ESET researchers have uncovered a new wiper attack in Ukraine that they attribute to the Sandworm APT group. Dubbed SwiftSlicer, the destructive malware was spotted on the network of a targeted organization on January 25th. It was deployed through Group Policy, which suggests that the attackers had taken control of the victim’s Active Directory environment. Some of the wipers spotted by ESET in…

Read More
28 Jan

Are you in control of your personal data? – Week in security with Tony Anscombe

Information

Data Privacy Week is a reminder to protect your data – all year round. Here are three privacy-boosting habits you can start today. Every action we  take on the internet generates data that is shared with online services and other parties. It stands to reason, then, that we need to assert control over how much and what kind of personal information we hand over to online services and generally limit the amount of our data…

Read More
28 Jan

Hive ransomware servers shut down at last, says FBI

Information

by Naked Security writer Six months ago, according to the US Department of Justice (DOJ), the Federal Bureau of Investigation (FBI) infiltrated the Hive ransomware gang and started “stealing back” the decryption keys for victims whose files had been scrambled. As you are almost certainly, and sadly, aware, ransomware attacks these days typically involve two associated groups of cybercriminals. These groups often “know” each other only by nicknames, and “meet” only online, using anonymity tools…

Read More
27 Jan

Killnet Targets German Entities with DDoS Attacks

Attacks, Malware

DDoS attacks can have devastating consequences if performed successfully. The use of the internet will not go away, and with the world increasingly going more digital, the likelihood of DDoS attempts will continue to grow. It is important to dedicate resources towards protecting against these types of attacks with a vigilant DDoS mitigation approach. Cyberattacks Target Websites of German Airports, Admin

Read More
27 Jan

Exploit Released for Critical Windows CryptoAPI Spoofing Bug

Attacks, Malware

It is highly recommended to install security patches on all Windows systems in an environment, particularly any that are exposed to the Internet. As vulnerabilities are discovered, maintaining a consistent patching cycle for devices can help reduce attack surface and prevent an environment from being breached. Threat actors have been known to still use fixed vulnerabilities that are months old, due to inconsistent patching among many systems around the world. It is also recommended to…

Read More
27 Jan

U.S. Federal Agencies Fall Victim to Cyber Attack Utilizing Legitimate RMM Software

Attacks, Malware

The authoring organizations encourage network defenders to:• Implement best practices to block phishing emails.• Audit remote access tools on your network to identify currently used and/or authorized RMM software.• Review logs for execution of RMM software to detect abnormal use of programs running as a portable executable.• Use security software to detect instances of RMM software only being loaded in memory.• Implement application controls to manage and control execution of software, including allow listing RMM…

Read More
27 Jan

ISC Releases Security Advisories for Multiple Versions of BIND 9

Attacks, Insights, Malware

Original release date: January 27, 2023 The Internet Systems Consortium (ISC) has released security advisories that address vulnerabilities affecting multiple versions of the ISC’s Berkeley Internet Name Domain (BIND) 9. A remote attacker could exploit these vulnerabilities to potentially cause denial-of-service conditions and system failures. CISA encourages users and administrators to review the following ISC advisories CVE-2022-3094, CVE-2022-3488, CVE-2022-3736, and CVE-2022-3924 and apply the necessary mitigations. This product is provided subject to this Notification and…

Read More
27 Jan

Hackers abuse legitimate remote monitoring and management tools in attacks

Data Breaches, Malware, Social Engineering

Security researchers warn that an increasing number of attackers are using legitimate remote monitoring and management (RMM) tools in their attacks to achieve remote access and control over systems. These tools are commonly used by managed service providers (MSPs) and IT help desks so their presence on an organization’s network and systems might not raise suspicion. Researchers from Cisco Talos reported this week that one particular commercial RMM tool called Syncro was observed in a…

Read More
27 Jan

Critical Vulnerability Impacts Over 120 Lexmark Printers

Information, News

Printer and imaging products manufacturer Lexmark this week published a security advisory to warn users of a critical vulnerability impacting over 120 printer models. The issue, tracked as CVE-2023-23560 (CVSS score of 9.0), is described as a server-side request forgery (SSRF) flaw in the Web Services feature of newer Lexmark devices, which could be exploited to execute arbitrary code. “Successful exploitation of this vulnerability can lead to an attacker being able to remotely execute arbitrary…

Read More
27 Jan

BIND Updates Patch High-Severity, Remotely Exploitable DoS Flaws

Information, News

The Internet Systems Consortium (ISC) this week announced patches for multiple high-severity denial-of-service (DoS) vulnerabilities in the DNS software suite BIND. The addressed issues could be exploited remotely to cause named – the BIND daemon that acts both as an authoritative name server and as a recursive resolver – to crash, or could lead to the exhaustion of the available memory. The first of the security defects, tracked as CVE-2022-3094, can be exploited by sending…

Read More