CyberSecurity Updates

08 Dec

JSON-based SQL injection attacks trigger need to update web application firewalls

Data Breaches, Malware, Social Engineering

Security researchers have developed a generic technique for SQL injection that bypasses multiple web application firewalls (WAFs). At the core of the issue was WAF vendors failing to add support for JSON inside SQL statements, allowing potential attackers to easily hide their malicious payloads. The bypass technique, discovered by researchers from Claroty’s Team82, was confirmed to work against WAFs from Palo Alto Networks, Amazon Web Services (AWS), Cloudflare, F5, and Imperva. These vendors have released…

Read More
08 Dec

Internet Explorer 0-day exploited by North Korean actor APT37

Attacks, Malware

TAG also identified other documents likely exploiting the same vulnerability and with similar targeting, which may be part of the same campaign. Although this campaign mainly targets South Korea, the tactic of using current events to lure potential victims into downloading malware is common and individuals should always verify the source of a link or document.Organizations should use the following preventative measures to protect themselves from an attack:• Implement network segmentation.• Install updates/patch operating systems,…

Read More
08 Dec

New Zerobot Malware Has 21 Exploits for BIG-IP, Zyxel, D-Link Devices

Attacks, Malware

It is highly recommended to make sure that all devices, including any network or IoT devices, that are exposed to the Internet are up-to-date on patching. The main infection vector of Zerobot is using one of the 21 exploits it supports to infect an Internet accessible device and propagating within the network from there. By making sure that all devices are properly patched, the attack surface that Zerobot can use to infect an environment is…

Read More
08 Dec

MENA IKEA Locations Affected by Vice Society

Attacks, Malware

Vice Society tends to target organizations that have the potential to pay out higher ransoms. To protect against Vice Society and other ransomware groups, companies should consider adopting a defense in depth strategy. Some suggestions for protecting against ransomware from the FBI and CISA include: • Maintain offline backups of data, and regularly maintain backup and restoration. By instituting this practice, the organization ensures they will not be severely interrupted, and/or only have irretrievable data.•…

Read More
08 Dec

New Ransom Payment Schemes Target Executives, Telemedicine

Information, Insights

Ransomware groups are constantly devising new methods for infecting victims and convincing them to pay up, but a couple of strategies tested recently seem especially devious. The first centers on targeting healthcare organizations that offer consultations over the Internet and sending them booby-trapped medical records for the “patient.” The other involves carefully editing email inboxes of public company executives to make it appear that some were involved in insider trading. Alex Holden is founder of…

Read More
08 Dec

Removing the Barriers to Security Automation Implementation

Information, News

Implementation of security automation can be overwhelming, and has remained a barrier to adoption Previously, I wrote about balancing security automation and the human element to accelerate security automation initiatives. Equally important to address are the implementation aspects of security automation, which are holding many organizations back. In fact, a recent survey (PDF) found that while trust in security automation is rising, technology is the top barrier to adoption. And in Twitter poll, Allie Mellen,…

Read More
08 Dec

CISA Releases Phishing Infographic

Attacks, Insights, Malware

Original release date: December 8, 2022 Today, CISA published a Phishing Infographic to help protect both organizations and individuals from successful phishing operations. This infographic provides a visual summary of how threat actors execute successful phishing operations. Details include metrics that compare the likelihood of certain types of “bait” and how commonly each bait type succeeds in tricking the targeted individual. The infographic also provides detailed actions organizations and individuals can take to prevent successful phishing…

Read More
08 Dec

CISA Releases Three Industrial Control Advisories

Attacks, Insights, Malware

Original release date: December 8, 2022 CISA has released three (3) Industrial Control Systems (ICS) advisories on 08 December 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-22-342-01 Advantech iView ICSA-22-342-02 AVEVA InTouch Access Anywhere ICSA-22-342-03 Rockwell Automation Logix Controllers   This product is provided subject to this Notification and this…

Read More
08 Dec

IOTW: Metallica encourages fans to seek and destroy crypto scams

Attacks, Data Breaches

Metal band Metallica has warned fans of scammers posing as them and offering fake cryptocurrency giveaways ahead of the launch of their album, 72 Seasons. ⚠️ pic.twitter.com/KmlofVdiBM — Metallica (@Metallica) December 6, 2022 In a tweet, the band warned fans that any websites, YouTube channels and livestreams claiming to offer Metallica cryptocurrency were fake. To avoid getting scammed, the band urged fans to “always look for official verification before believing something wild and crazy to…

Read More
08 Dec

Fantasy – a new Agrius wiper deployed through a supply‑chain attack

Information

ESET researchers analyzed a supply-chain attack abusing an Israeli software developer to deploy Fantasy, Agrius’s new wiper, with victims including the diamond industry ESET researchers discovered a new wiper and its execution tool, both attributed to the Agrius APT group, while analyzing a supply-chain attack abusing an Israeli software developer. The group is known for its destructive operations. In February 2022, Agrius began targeting Israeli HR and IT consulting firms, and users of an Israeli…

Read More