CyberSecurity Updates

12 Jan

Third-Party Benefits Administrator Suffers Data Breach

Attacks, Malware

Affected parties are being notified by BBA and should not refrain from asking BBA how they plan to remediate the issue. Staying vigilant after becoming a victim of a data breach is extremely important. Refraining from interacting with unfamiliar senders who request payment or other personal information is a crucial element of such vigilance. Since Social Security numbers were part of the impacted data in this case, affected parties should reach out to credit bureaus…

Read More
12 Jan

IcedID Malware Strikes Again: Active Directory Domain Compromised in Under 24 Hours

Attacks, Malware

Since the initial infection vector relates to a phishing email containing a malicious ZIP file, it is recommended to implement and maintain proper email security controls. Email security controls, such as AV scanning and sandboxing, can help prevent phishing emails from reaching end users, thus potentially preventing the malware from infecting a workstation, to begin with. It is also recommended to maintain appropriate endpoint security controls. Most of the behaviors exhibited by this attack post-compromise…

Read More
12 Jan

House Lawmakers Introduce Bill to Create National Digital Reserve Corps

Attacks, Malware

This legislation aligns with the current administration’s whole government approach to improving the nation’s cyber security posture. The government and the private sector have looked for creative ways to fill critical information technology and cyber security roles. At a time when the U.S. military is struggling to reach its recruitment goals, incentivizing reservist roles may be the best option for the government. Source: https://www.fedscoop.com/house-lawmakers-introduce-bill-to-create-national-digital-reserve-corps/

Read More
12 Jan

Drupal Releases Security Update to Address Vulnerability in Private Taxonomy Terms

Attacks, Insights, Malware

Original release date: January 12, 2023 Drupal has released a security update to address a vulnerability affecting private vocabulary modules for Drupal 8.x. An unauthorized user could exploit this vulnerability to bypass access permissions to create, modify, and delete private vocabulary terms. CISA encourages users and administrators to review Drupal’s security advisory SA-CONTRIB-2023-001 and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Read More
12 Jan

CloudSek launches free security tool that helps users win bug bounty

Data Breaches, Malware, Social Engineering

Cybersecurity firm CloudSek has launched BeVigil, a tool that can tell users how safe the apps installed on their phone are, and helps users and developers win bug bounty by helping them identify and report bugs in the code. BeVigil scans all the apps installed on a user’s phone and rates them as dangerous, risky, or safe. Running as a web application for the past one year, BeVigil has already scanned over a million apps…

Read More
12 Jan

IOTW: LastPass facing class action lawsuit following data breach

Attacks, Data Breaches

An anonymous plaintiff has filed a class action lawsuit against password management company LastPass after the company suffered two data breaches within four months in 2022. The suit, which was filed by an anonymous plaintiff referred to as ‘John Doe’ with the United States District Court of Massachusetts, alleges that LastPass failed to “exercise reasonable care in securing and safeguarding highly sensitive consumer data”. The lawsuit also alleges that bad actors could “wreak financial havoc…

Read More
12 Jan

Cybersecurity spending and economic headwinds in 2023

Data Breaches, Malware, Social Engineering

Now that everyone, their brother, sister, and dog have chimed in on cybersecurity predictions for 2023, here are a few observations based on some recent ESG research. First the numbers: 53% of organizations will increase IT spending in 2023, 30% say IT spending will remain flat in 2023, and 18% forecast a decrease in IT spending. As for cybersecurity, 65% of organizations plan to increase cybersecurity spending in 2023. These numbers mean that some organizations…

Read More
12 Jan

CISA Releases Twelve Industrial Control Systems Advisories

Attacks, Insights, Malware

Original release date: January 12, 2023 CISA released twelve Industrial Control Systems (ICS) advisories on January 12, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.  CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-23-012-01 Sewio RTLS Studio ICSA-23-012-02 RONDS Equipment Predictive Maintenance Solution ICSA-23-012-03 InHand Networks InRouter ICSA-23-012-04 Panasonic Sanyo CCTV Network Camera ICSA-23-012-05 SAUTER Controls Nova 200 – 220…

Read More
11 Jan

StrongPity espionage campaign targeting Android users

Information

ESET researchers identified an active StrongPity campaign distributing a trojanized version of the Android Telegram app, presented as the Shagle app – a video-chat service that has no app version ESET researchers identified an active campaign that we have attributed to the StrongPity APT group. Active since November 2021, the campaign has distributed a malicious app through a website impersonating Shagle – a random-video-chat service that provides encrypted communications between strangers. Unlike the entirely web-based,…

Read More
11 Jan

Cybercriminals bypass Windows security with driver-vulnerability exploit

Data Breaches, Malware, Social Engineering

The Scattered Spider cybercrime group has recently been observed attempting to deploy a malicious kernel driver using a tactic called bring your own vulnerable driver (BYOVD) — a warning to security professionals that the technique, which exploits longstanding deficiencies in Windows kernel protections, is still being employed by cybercriminals, according to cybersecurity company CrowdStrike. In this latest BYOVD attack, which was observed and stopped by CrowdStrike’s Falcon security system, Scattered Spider attempted to deploy a…

Read More