CyberSecurity Updates

15 Dec

MTTR “not a viable metric” for complex software system reliability and security

Data Breaches, Malware, Social Engineering

Mean time to resolve (MTTR) isn’t a viable metric for measuring the reliability or security of complex software systems and should be replaced by other, more trustworthy options. That’s according to a new report from Verica which argued that the use of MTTR to gauge software network failures and outages is not appropriate, partly due to the distribution of duration data and because failures in such systems don’t arrive uniformly over time. Site reliability engineering…

Read More
15 Dec

CISA Releases Forty-One Industrial Control Systems Advisories

Attacks, Insights, Malware

Original release date: December 15, 2022 CISA has released forty-one (41) Industrial Control Systems (ICS) advisories on 15 December 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-22-349-01 Prosys OPC UA Simulation ICSA-22-349-02 Siemens SCALANCE X-200RNA Switch Devices ICSA-22-349-03 Siemens Multiple Denial of Service Vulnerabilities in Industrial Products ICSA-22-349-04 Siemens Multiple…

Read More
15 Dec

Attackers Use SVG Files to Smuggle QBot Malware onto Windows Systems

Attacks, Malware

It is highly recommended to implement and maintain an email security tool to help prevent malicious emails from reaching end users mailboxes. These tools utilize AV scanning and sandboxing to help identify and quarantine malicious attachments in emails. It is also recommended to implement an inbound block on HTML attachments. HTML attachments on inbound external email are generally uncommon, so the feasibility of blocking them outright should be determined to help prevent the more evasive…

Read More
15 Dec

Federal Prosecutors Charge Six Defendants Linked to Denial-of-Service Attacks

Attacks, Malware

A DDoS attack is an attempt to disrupt the traffic of a targeted server, service, or network by overwhelming it with a flood of Internet traffic. Threat actors send a massive number of requests for information to a server, site, or network, effectively shutting down a server and disrupting normal operations. To protect from such attacks, the Cybersecurity and Infrastructure Security Agency recommends the following. • Enroll in a DoS protection service that detects abnormal…

Read More
15 Dec

California Hospital Suffers Data Breach

Attacks, Malware

The ever-increasing trend of threat actors targeting healthcare organizations will likely unfortunately continue into 2023. It is unclear if this instance is a ransomware attack, but data theft is a common tactic used by ransomware operators to force victims into paying a data extortion ransom. Any impacted patients should ensure that they follow mitigation steps to protect themselves. This includes setting up credit monitoring to ensure that if data gets leaked, fraudulent accounts can not…

Read More
15 Dec

IOTW: Over 77,000 Uber employee details leaked in data breach

Attacks, Data Breaches

Rideshare company Uber has suffered a data breach after Teqtivity, a software company which provides asset management and tracking service for Uber, was targeted in a cyber attack.   The malicious party responsible for the breach posted confidential company information they claimed to have stolen in the breach to hacking forum BreachForums under the pseudonym ‘UberLeaks’. According to cyber security news site BleepingComputer, the leaked information includes “source code, IT asset management reports, data destruction…

Read More
15 Dec

Unmasking MirrorFace: Operation LiberalFace targeting Japanese political entities

Information

ESET researchers discovered a spearphishing campaign targeting Japanese political entities a few weeks before the House of Councillors elections, and in the process uncovered a previously undescribed MirrorFace credential stealer ESET researchers discovered a spearphishing campaign, launched in the weeks leading up to the Japanese House of Councillors election in July 2022, by the APT group that ESET Research tracks as MirrorFace. The campaign, which we have named Operation LiberalFace, targeted Japanese political entities; our…

Read More
15 Dec

Drupal Releases Security Updates to Address Vulnerabilities in H5P and File (Field) Paths

Attacks, Insights, Malware

Original release date: December 15, 2022 Drupal has released security updates to address vulnerabilities affecting H5P and the File (Field) Paths modules for Drupal 7.x. An attacker could exploit these vulnerabilities to access sensitive information and remotely execute code. CISA encourages users and administrators to review Drupal’s security advisories SA-CONTRIB-2022-064 and SA-CONTRIB-2022-065 and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Read More
15 Dec

API Security Firm FireTail Raises $5 Million

Information, News

API security startup FireTail this week announced that it has raised $5 million in an early-stage financing round led by Paladin Capital Group, with participation from General Advance, Secure Octane, Zscaler, and angel investors. Founded in 2021, the Mclean, Virginia-based firm proposes a new approach to securing Application Programming Interfaces (APIs), helping organizations build API inventories and eliminate security issues associated with them. Already seeing early adopters across North America, Asia-Pacific, and Europe, FireTail says…

Read More
15 Dec

CISA Consolidates Twitter Accounts

Attacks, Insights, Malware

Original release date: December 15, 2022 CISA has consolidated its social media presence on Twitter. Three accounts — @ICSCERT, @Cyber, and @CISAInfraSec — are no longer active. Additionally, the @USCERT_gov Twitter account is now renamed @CISACyber. The following current active Twitter accounts will include posts on content previously covered on the now-inactive accounts. @CISACyber will cover updates relevant to the industrial control systems community along with the latest vulnerability management info, threat analysis, and other…

Read More