CyberSecurity Updates

26 Sep

Cisco Releases Security Updates for IOS and IOS XE Software

Attacks, Insights, Malware

Cisco released its September 2024 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication to address vulnerabilities in IOS and IOS XE. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.   CISA encourages users and administrators to review the following and apply the necessary updates:  September 2024 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication

Read More
25 Sep

Timeshare Owner? The Mexican Drug Cartels Want You

Information, Insights

The FBI is warning timeshare owners to be wary of a prevalent telemarketing scam involving a violent Mexican drug cartel that tries to trick people into believing someone wants to buy their property. This is the story of a couple who recently lost more than $50,000 to an ongoing timeshare scam that spans at least two dozen phony escrow, title and realty firms. One of the phony real estate companies trying to scam people out…

Read More
25 Sep

Threat Actors Continue to Exploit OT/ICS through Unsophisticated Means

Attacks, Insights, Malware

CISA continues to respond to active exploitation of internet-accessible operational technology (OT) and industrial control systems (ICS) devices, including those in the Water and Wastewater Systems (WWS) Sector. Exposed and vulnerable OT/ICS systems may allow cyber threat actors to use default credentials, conduct brute force attacks, or use other unsophisticated methods to access these devices and cause harm.    CISA urges OT/ICS operators in critical infrastructure sectors to apply the recommendations listed in Defending OT Operations…

Read More
25 Sep

ASD’s ACSC, CISA, and US and International Partners Release Guidance on Detecting and Mitigating Active Directory Compromises

Attacks, Insights, Malware

Today, the Australian Signals Directorate Australian Cyber Security Centre (ASD ACSC), the Cybersecurity and Infrastructure Security Agency (CISA), and other U.S. and international partners released the joint guide Detecting and Mitigating Active Directory Compromises. This guide informs organizations of recommended strategies to mitigate common techniques used by malicious actors to compromise Active Directory. Active Directory is the most widely used authentication and authorization solution in enterprise information technology (IT) networks globally. Malicious actors routinely target…

Read More
21 Sep

FBI, CISA warning over false claims of hacked voter data – Week in security with Tony Anscombe

Information

Video With just weeks to go before the US presidential election, the FBI and the CISA are warning about attempts to sow distrust in the electoral process 20 Sep 2024 With just weeks to go before the US presidential election, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are urging the public to ignore claims of stolen voter information. The agencies emphasize that “having access to voter registration data…

Read More
20 Sep

Influencing the influencers | Unlocked 403 cybersecurity podcast (ep. 6)

Information

Video How do analyst relations professionals ‘sort through the noise’ and help deliver the not-so-secret sauce for a company’s success? We spoke with ESET’s expert to find out. 19 Sep 2024 The sixth episode of ESET’s Unlocked 403 cybersecurity podcast has host Alžbeta Kovaľová picking the brains of Zuzana Legáthová, ESET’s Senior Manager of Analyst and Tester Relations, about topics that run the gamut: Zuzana’s role at ESET and the importance of analyst relations programs…

Read More
20 Sep

Versa Networks Releases Advisory for a Vulnerability in Versa Director, CVE-2024-45229

Attacks, Insights, Malware

Versa Networks has released an advisory for a vulnerability (CVE-2024-45229) affecting Versa Director. A cyber threat actor could exploit this vulnerability to exercise unauthorized REST APIs. CISA urges organizations to apply necessary updates, hunt for any malicious activity, report any positive findings to CISA, and review the following for more information: Versa Advisory

Read More
19 Sep

This Windows PowerShell Phish Has Scary Potential

Information, Insights

Many GitHub users this week received a novel phishing email warning of critical security holes in their code. Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. While it’s unlikely that many programmers fell for this scam, it’s notable because less targeted versions of it are likely to be far more successful against the average…

Read More
19 Sep

ESET Research Podcast: EvilVideo

Information

ESET Research ESET researchers discuss how they uncovered a zero-day Telegram for Android exploit that allowed attackers to send malicious files posing as videos ESET Research 17 Sep 2024  •  , 1 min. read Telegram, with nearly a billion monthly users, is a juicy target for cybercriminals, especially if they can exploit a zero-day vulnerability to spread malicious code. ESET malware researcher Lukáš Štefanko ran into one such exploit – which ESET named EvilVideo –…

Read More
19 Sep

Understanding cyber-incident disclosure

Information

Business Security Proper disclosure of a cyber-incident can help shield your business from further financial and reputational damage, and cyber-insurers can step in to help Tony Anscombe 18 Sep 2024  •  , 4 min. read ‘Seek legal advice’, this has to be my top recommendation if you have suffered a cyber-incident that could be deemed material, involves personally identifiable information, or if your business is classed as critical infrastructure. Cybersecurity teams around the globe are…

Read More