CyberSecurity Updates

16 Dec

NIST to Retire 27-Year-Old SHA-1 Cryptographic Algorithm

Information, News

The US National Institute of Standards and Technology (NIST) this week recommended that IT professionals replace the SHA-1 cryptographic algorithm with newer, more secure ones. The first widely used method of securing electronic information and in use since 1995, SHA-1 is a slightly modified version of SHA, or ‘secure hash algorithm’, the very first standardized hash function. According to NIST, SHA-1 ‘has reached the end of its useful life’, given that the high computing capabilities…

Read More
16 Dec

GitHub Announces Free Secret Scanning, Mandatory 2FA

Information, News

Microsoft-owned code hosting platform GitHub this week announced multiple security improvements, including free secret scanning for public repositories and mandatory two-factor authentication (2FA) for developers and contributors. The secret scanning program is meant to help developers and organizations identify exposed secrets and credentials in their code. In 2022, it helped identify 1.7 million potential secrets exposed in public repositories. “Secret scanning alerts notify you directly about leaked secrets in your code. We’ll still notify our…

Read More
15 Dec

MTTR “not a viable metric” for complex software system reliability and security

Data Breaches, Malware, Social Engineering

Mean time to resolve (MTTR) isn’t a viable metric for measuring the reliability or security of complex software systems and should be replaced by other, more trustworthy options. That’s according to a new report from Verica which argued that the use of MTTR to gauge software network failures and outages is not appropriate, partly due to the distribution of duration data and because failures in such systems don’t arrive uniformly over time. Site reliability engineering…

Read More
15 Dec

CISA Releases Forty-One Industrial Control Systems Advisories

Attacks, Insights, Malware

Original release date: December 15, 2022 CISA has released forty-one (41) Industrial Control Systems (ICS) advisories on 15 December 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-22-349-01 Prosys OPC UA Simulation ICSA-22-349-02 Siemens SCALANCE X-200RNA Switch Devices ICSA-22-349-03 Siemens Multiple Denial of Service Vulnerabilities in Industrial Products ICSA-22-349-04 Siemens Multiple…

Read More
15 Dec

Attackers Use SVG Files to Smuggle QBot Malware onto Windows Systems

Attacks, Malware

It is highly recommended to implement and maintain an email security tool to help prevent malicious emails from reaching end users mailboxes. These tools utilize AV scanning and sandboxing to help identify and quarantine malicious attachments in emails. It is also recommended to implement an inbound block on HTML attachments. HTML attachments on inbound external email are generally uncommon, so the feasibility of blocking them outright should be determined to help prevent the more evasive…

Read More
15 Dec

Federal Prosecutors Charge Six Defendants Linked to Denial-of-Service Attacks

Attacks, Malware

A DDoS attack is an attempt to disrupt the traffic of a targeted server, service, or network by overwhelming it with a flood of Internet traffic. Threat actors send a massive number of requests for information to a server, site, or network, effectively shutting down a server and disrupting normal operations. To protect from such attacks, the Cybersecurity and Infrastructure Security Agency recommends the following. • Enroll in a DoS protection service that detects abnormal…

Read More
15 Dec

California Hospital Suffers Data Breach

Attacks, Malware

The ever-increasing trend of threat actors targeting healthcare organizations will likely unfortunately continue into 2023. It is unclear if this instance is a ransomware attack, but data theft is a common tactic used by ransomware operators to force victims into paying a data extortion ransom. Any impacted patients should ensure that they follow mitigation steps to protect themselves. This includes setting up credit monitoring to ensure that if data gets leaked, fraudulent accounts can not…

Read More
15 Dec

IOTW: Over 77,000 Uber employee details leaked in data breach

Attacks, Data Breaches

Rideshare company Uber has suffered a data breach after Teqtivity, a software company which provides asset management and tracking service for Uber, was targeted in a cyber attack.   The malicious party responsible for the breach posted confidential company information they claimed to have stolen in the breach to hacking forum BreachForums under the pseudonym ‘UberLeaks’. According to cyber security news site BleepingComputer, the leaked information includes “source code, IT asset management reports, data destruction…

Read More
15 Dec

Unmasking MirrorFace: Operation LiberalFace targeting Japanese political entities

Information

ESET researchers discovered a spearphishing campaign targeting Japanese political entities a few weeks before the House of Councillors elections, and in the process uncovered a previously undescribed MirrorFace credential stealer ESET researchers discovered a spearphishing campaign, launched in the weeks leading up to the Japanese House of Councillors election in July 2022, by the APT group that ESET Research tracks as MirrorFace. The campaign, which we have named Operation LiberalFace, targeted Japanese political entities; our…

Read More
15 Dec

Drupal Releases Security Updates to Address Vulnerabilities in H5P and File (Field) Paths

Attacks, Insights, Malware

Original release date: December 15, 2022 Drupal has released security updates to address vulnerabilities affecting H5P and the File (Field) Paths modules for Drupal 7.x. An attacker could exploit these vulnerabilities to access sensitive information and remotely execute code. CISA encourages users and administrators to review Drupal’s security advisories SA-CONTRIB-2022-064 and SA-CONTRIB-2022-065 and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Read More