CyberSecurity Updates

16 Nov

Firefox fixes fullscreen fakery flaw – get the update now!

Information

by Paul Ducklin Firefox’s latest once-every-four-weeks security update is out, bringing the popular alternative browser to version 107.0, or Extended Support Release (ESR) 102.5 if you prefer not to get new feature releases every month. (As we’ve explained before, the ESR version number tells you which feature set you have, plus the number of times it’s had security updates since then, which you can reocncile this month by noticing that 102+5 = 107.) Fortunately, there…

Read More
16 Nov

Euro Authorities Warn World Cup Fans Over Qatari Apps

Attacks, Malware

Neil Jones, director of cybersecurity evangelism at Egnyte, argued that the data collected by the apps could also be a treasure trove for would-be cyber-criminals. “If you plan to travel to the event, I would strongly recommend the purchase of a burner phone, if the privacy-limiting capabilities cannot be disabled,” he added. “If prompted, allow only the minimum permissions for the application to function on your device. Strongly consider limiting other users’ access to view…

Read More
16 Nov

SQL Injection Vulnerability and Logical Access Flaw Found in Zendesk Explore

Attacks, Malware

The Zendesk team did an exceptional job at patching this vulnerability in a timely manner. If this vulnerability was discovered by threat actors before the Varonis team, or if this vulnerability was left unpatched, the flaw would have been considered a critical vulnerability in the Zendesk application; attackers would have the capabiilty to steal any information from the database that they wanted. Since many organizations have external user registration enabled by default and any user…

Read More
16 Nov

Spotify Backstage Development Portal Builder Vulnerable to RCE

Attacks, Malware

Bleeping Computer reporter Bill Toulas notes that “While this number isn’t large, Backstage is used by many large firms, including Spotify, Netflix, Epic Games, Jaguar/Land Rover, Mercedes Benz, American Airlines, Splunk, TUI, Oriflame, Twilio, SoundCloud, HBO Max, HP Inc, Siemens, VMware, and IKEA”.It is highly recommended that systems administrators update Backstage to the latest version, version 1.7.2. It is also recommended to use logic-less template engines whenever possible, as they don’t introduce the opportunity for…

Read More
16 Nov

US Gov Warning: Start Hunting for Iranian APTs That Exploited Log4j

Information, Malware, News

The U.S. government on Wednesday issued a blunt recommendation for organizations running VMWare Horizon servers: Initiate threat-hunting activities to find and expel Iranian APT actors that used the Log4j crisis to slip undetected into corporate networks. According to a joint advisory from CISA and the FBI, Iranian government-sponsored hackers hit at least one Federal Civilian Executive Branch (FCEB) organization with an exploit for a Log4j vulnerability in an unpatched VMware Horizon server.  From the advisory…

Read More
16 Nov

Offboarding processes pose security risks as job turnover increases: Report

Data Breaches, Malware, Social Engineering

Organizations across multiple industries are struggling to mitigate potential risks—including loss of end-user and storage devices as well as unauthorized use of SaaS applications—during their offboarding process, according to new research conducted by YouGov in partnership with Enterprise Technology Management (ETM) firm Oomnitza. Over the last 18 months, employee turnover has increased, with the US Department of Labor estimating that by the end of 2021, a total of 69 million people—more than 20% of Americans—had…

Read More
16 Nov

Disneyland Malware Team: It’s a Puny World After All

Information, Insights

A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode, an Internet standard that allows web browsers to render domain names with non-Latin alphabets like Cyrillic. The Disneyland Team’s Web interface, which allows them to interact with malware victims in real time to phish their login credentials using phony bank websites. The Disneyland Team uses common misspellings for top…

Read More
16 Nov

Mozilla Releases Security Updates for Multiple Products

Attacks, Insights, Malware

Original release date: November 16, 2022 Mozilla has released security updates to address vulnerabilities in Thunderbird, Firefox ESR, and Firefox. An attacker could exploit these vulnerabilities to cause user confusion or conduct spoofing attacks. CISA encourages users and administrators to review Mozilla’s security advisories for Thunderbird 102.5, Firefox ESR 102.5, and Firefox 107 for mitigations and updates. This product is provided subject to this Notification and this Privacy & Use policy.

Read More
16 Nov

CISA and FBI Release Advisory on Iranian Government-Sponsored APT Actors Compromising Federal Network

Attacks, Insights, Malware

Original release date: November 16, 2022 Today, CISA and the Federal Bureau of Investigation (FBI) published a joint Cybersecurity Advisory (CSA), Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester. The CSA provides information on an incident at a Federal Civilian Executive Branch (FCEB) organization in which Iranian government-sponsored APT actors exploited a Log4Shell vulnerability in unpatched VMware Horizon server. The CSA includes a malware analysis report (MAR), MAR-10387061-1-v1 XMRig Cryptocurrency Mining…

Read More
16 Nov

Palo Alto releases PAN-OS 11.0 Nova with new evasive malware, injection attack protection

Data Breaches, Malware, Social Engineering

Palo Alto Networks has announced PAN-OS 11.0 Nova, the latest version of its PAN-OS software, featuring new product updates and features. These include the Advanced WildFire cloud-delivered security service to help protect against evasive malware and the Advanced Threat Prevention (ATP) service, which protects against injection attacks. The cybersecurity vendor also revealed new web proxy support and enhanced cloud access security broker (CASB) integration with new SaaS security posture management (SSPM) capabilities. In a press…

Read More