CyberSecurity Updates

14 Dec

How acceptable is your acceptable use policy?

Data Breaches, Malware, Social Engineering

In a world before smartphones, social media, and hybrid workplaces, an acceptable use policy was a lot easier to write—and to enforce. These days, it’s a lot more complicated. Work can take place almost anywhere, on any number of devices. An employee can accept a job and then never physically set foot in the office, working from home (or the Caribbean) on their personal laptop. That’s why an acceptable use policy, or AUP, is more…

Read More
13 Dec

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

Data Breaches, Information, Insights

InfraGard, a program run by the U.S. Federal Bureau of Investigation (FBI) to build cyber and physical threat information sharing partnerships with the private sector, this week saw its database of contact information on more than 80,000 members go up for sale on an English-language cybercrime forum. Meanwhile, the hackers responsible are communicating directly with members through the InfraGard portal online — using a new account under the assumed identity of a financial industry CEO…

Read More
13 Dec

Palo Alto Networks flags top cyberthreats, offers new zero-day protections

Data Breaches, Malware, Social Engineering

Firewall and security software vendor Palo Alto Network’s annual Ignite conference kicked off Tuesday, highlighted by several product announcements, which were unveiled alongside the company’s latest threat report. Palo Alto’s “What’s Next in Cyber” report named ransomware and business email compromise as the most common attacks faced by businesses worldwide, with supply chain threats, malicious insiders and DDoS attacks rounding out the top five. Over the course of the past year, 96% of respondents to…

Read More
13 Dec

Microsoft Releases December 2022 Security Updates

Attacks, Insights, Malware

Original release date: December 13, 2022 Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s December 2022 Security Update Guide and Deployment Information and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Read More
13 Dec

European Commission takes step toward approving EU-US data privacy pact

Data Breaches, Malware, Social Engineering

The European Commission announced Tuesday that is has officially begun the process of approving the EU-US Data Privacy Framework—hammered together to allow the flow of data between the US and the European Union—after concluding that the framework provides privacy safeguards comparable to those of the EU. After President Biden signed the executive order that implemented rules for the Trans-Atlantic Data Policy Framework in the US in October, the Commission conducted an assessment into the US legal…

Read More
13 Dec

New Python Backdoor for ESXi Servers Discovered

Attacks, Malware

It is recommended that administrators of ESXi servers monitor the existence of the files listed above, as well as any content added to the local.sh file. The local.sh file could also be a good candidate for file integrity monitoring.In addition, it would be valuable to monitor for changes to any ESXi configuration files or maintain the state of the configuration files with a configuration management platform like SaltStack, Ansible, or Puppet.Of course, proper restrictions on…

Read More
13 Dec

Researchers Release More Details about Azov as a Polymorphic Wiper

Attacks, Malware

Detection of a wiper such as this is made very difficult due to its polymorphic nature and its time-based logic trigger. It is critical for companies to maintain backups and frequently test recovery of those backups in order to help protect against the damage caused by a wiper like this. Further, companies should perform analysis on infected machines to attempt to identify when initial infection occurred to either restore to a non-infected backup or to…

Read More
13 Dec

Hackers Exploit Critical Citrix ADC and Gateway Zero-day

Attacks, Malware

Citrix has already released patches for all of the affected devices and warns that they should be updated immediately. Anyone running an older version than listed above should also update to the latest version, which will protect them from this vulnerability and potentially other vulnerabilities. According to the NSA, this vulnerability is under active exploitation by APT5, a Chinese threat actor that is known for utilizing zero-days int their attacks. Although this is the only…

Read More
13 Dec

CISA Updates Advisory on #StopRansomware: Cuba Ransomware

Attacks, Insights, Malware

Original release date: December 13, 2022 The Federal Bureau of Investigation (FBI) and CISA have updated joint Cybersecurity Advisory AA22-335A: #StopRansomware: Cuba Ransomware, originally released on December 01, 2022. The advisory has been updated to include additional indicators of compromise (IOCs). CISA encourages organizations to review the latest update to AA22-335A and apply the recommended mitigations. This product is provided subject to this Notification and this Privacy & Use policy.

Read More
13 Dec

Citrix Releases Security Updates for Citrix ADC, Citrix Gateway

Attacks, Insights, Malware

Original release date: December 13, 2022 Citrix has released security updates to address a critical vulnerability (CVE-2022-27518) in Citrix ADC and Citrix Gateway. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability has been exploited in the wild. CISA encourages users and administrators to review Citrix security bulletin CTX457836 and Citrix’s blog post for more information and to apply the necessary updates. Additionally, CISA urges organizations to review NSA’s advisory…

Read More