CyberSecurity Updates

03 Nov

French hospital crippled by cyberattack – Week in security with Tony Anscombe

Information

As another hospital falls victim to ransomware, Tony weighs in on the much-debated issue of banning ransomware payouts A major hospital near Paris has been hit by a ransomware attack that crippled its computer and medical systems and forced it to send patients to other healthcare facilities. The criminals demand $10 million from the hospital for restoring access to its systems, which the facility refused to pay. In this week’s video, Tony wonders if the…

Read More
03 Nov

The OpenSSL security update story – how can you tell what needs fixing?

Information

by Paul Ducklin Yesterday, we wrote about the waited-for-with-bated-breath OpenSSL update that attracted many column-kilometres of media attention last week. The OpenSSL team announced in advance, as it usually does, that a new version of its popular cryptographic library would soon be released. This notification stated that the update would patch against a security hole with a CRITICAL severity rating, the project’s highest. Unlike companies such as Apple, who deliberately announce forthcoming security patches simply…

Read More
03 Nov

White House ransomware summit highlights need for borderless solutions

Data Breaches, Malware, Social Engineering

The US White House this week convened its Second International Counter Ransomware Initiative Summit (CRI), bringing together leaders from 36 countries and the European Union in person to build on the work of its first ransomware summit in 2021. At a press briefing before the Summit, a White House spokesperson said, “While the United States is facilitating this meeting, we don’t view this solely as a US initiative. It’s an international partnership that spans most…

Read More
03 Nov

Making the case for security operation automation

Data Breaches, Malware, Social Engineering

According to ESG research, 52% of organizations believe that security operations are more difficult today than they were two years ago, due to factors such as the dangerous threat landscape, growing attack surface, and the volume/complexity of security alerts. In analyzing this data, I see a common theme: scale. Security teams must be able to scale operations to deal with the increasing volume of everything coming at them. Faced with a global cybersecurity skills shortage,…

Read More
02 Nov

OpenSSL Releases Patches for Two High Severity Vulnerabilities

Attacks, Malware

Patches have been released by most of the major Linux distributions. While the severity of one of the vulnerabilities was downgraded, both are still rated as high severity. Organizations should apply the OpenSSL patch via standard system package update systems such as apt, yum, rpm, dnf, and pacman.The Netherlands’ National Cyber Security Centre has created a useful resource for system administrators to determine if the operating systems or software they manage are vulnerable and if…

Read More
02 Nov

Malicious Android Apps With 1M+ Installs Found on Google Play

Attacks, Malware

To keep adware away from devices, avoid installing apps from unofficial Android stores. Reading user reviews and monitoring battery usage and network data activity also helps determine if the device is running suspicious software. Keeping Google’s Play Protect feature active is also a good way to keep the device safer. Any Android devices that have one of the above apps present should remove that app and run a full system scan using Play Protect or…

Read More
02 Nov

United States Government Employees Exposed to Mobile Attacks from Outdated Mobile Operating Systems

Attacks, Malware

With bring your own device (BYOD) policies becoming more and more common in the workplace, this report is a prime example of how an organization may be left vulnerable if these policies are not properly implemented. Organizations need to ensure that employees are properly updating devices in an efficient manner. Failure to keep devices current could lead to those devices becoming the vector for initial access within an environment. An attacker may use a compromised…

Read More
02 Nov

Dropbox suffers data breach following phishing attack

Attacks, Data Breaches

Cloud storage company Dropbox has suffered a data breach after its employees were targeted by a phishing attack. The attack, which took place on October 14, saw a malicious actor pose as code integration and delivery platform CircleCI in order to harvest login credentials and authentication codes from employees and gain access to Dropbox’s account on code repository site GitHub, as CircleCI login information can be used to access Github.  Through the attack, the hacker…

Read More
02 Nov

Fortinet Patches 6 High-Severity Vulnerabilities

Information, News

Fortinet on Tuesday informed customers about 16 vulnerabilities discovered in the company’s products, including six flaws that have been assigned a ‘high’ severity rating. One of the high-severity issues affects FortiTester and it allows an authenticated attacker to execute commands via specially crafted arguments to existing commands. FortiSIEM is affected by a vulnerability that allows a local attacker with command-line access to perform operations on the Glassfish server directly via a hardcoded password. The remaining…

Read More
02 Nov

TikShock: Don’t get caught out by these 5 TikTok scams

Information

Are you aware of the perils of the world’s no. 1 social media? Do you know how to avoid scams and stay safe on TikTok? TikTok continues to shock us all by breaking records and widening its audience, yet unfortunately with such a broad reach, scammers inevitably remain not too far behind. In only six years it has become the dominant social media platform for sharing and viewing short videos and now boasts that viewers…

Read More