CyberSecurity Updates

20 Jul

HotPage: Story of a signed, vulnerable, ad-injecting driver

Information

Malware research involves studying threat actor TTPs, mapping infrastructure, analyzing novel techniques… And while most of these investigations build on existing research, sometimes they start from a hunch, something that looks too simple. At the end of 2023, we stumbled upon an installer named HotPage.exe that deploys a driver capable of injecting code into remote processes, and two libraries capable of intercepting and tampering with browsers’ network traffic. The malware can modify or replace the…

Read More
20 Jul

The complexities of cybersecurity update processes

Information

Digital Security If a software update process fails, it can lead to catastrophic consequences, as seen today with widespread blue screens of death blamed on a bad update by CrowdStrike Tony Anscombe 19 Jul 2024  •  , 2 min. read Cybersecurity is often about speed; a threat actor creates a malicious attack technique or code, cybersecurity companies react to the new threat and if necessary, adjust and adopt methods to detect the threat. That adoption…

Read More
20 Jul

Beyond the blue screen of death: Why software updates matter

Information

Digital Security The widespread IT outages triggered by a faulty CrowdStrike update have put software updates in the spotlight. Here’s why you shouldn’t dread them. 19 Jul 2024  •  , 3 min. read In the realm of computing, few things are as unsettling as encountering a blue screen of death (BSOD) on your Windows system. The ominous screen with its cryptic error messages invokes a mix of alarm and frustration even among many seasoned technology…

Read More
19 Jul

Global Microsoft Meltdown Tied to Bad Crowdstrike Update

Information, Insights

A faulty software update from cybersecurity vendor Crowdstrike crippled countless Microsoft Windows computers across the globe today, disrupting everything from airline travel and financial institutions to hospitals and businesses online. Crowdstrike said a fix has been deployed, but experts say the recovery from this outage could take some time, as Crowdstrike’s solution needs to be applied manually on a per-machine basis. A photo taken at San Jose International Airport today shows the dreaded Microsoft “Blue…

Read More
19 Jul

Widespread IT Outage Due to CrowdStrike Update

Attacks, Insights, Malware

Note: CISA will update this Alert with more information as it becomes available. Update 7:30 p.m., EDT, July 19, 2024:  The CrowdStrike guidance is updated with additional guidance regarding impacts to specific environments, e.g., Azure, AWS.  For additional information: Update from the United Kingdom’s National Cyber Security Centre (NCSC-UK) Update from the Australian Cyber Security Centre (ACSC) Update from the Canadian Centre for Cyber Security (CCCS) Threat actors continue to use the widespread IT outage for phishing…

Read More
18 Jul

Oracle Releases Critical Patch Update Advisory for July 2024

Attacks, Insights, Malware

Oracle released its quarterly Critical Patch Update Advisory for July 2024 to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review the following Oracle Critical Patch Update Advisory and apply the necessary updates:  July 2024 Critical Patch Update Advisory

Read More
18 Jul

Ivanti Releases Security Updates for Endpoint Manager

Attacks, Insights, Malware

Ivanti released security updates to address vulnerabilities in Ivanti Endpoint Manager (EPM) and Ivanti Endpoint Manager for Mobile (EPMM). A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review the following Ivanti advisories and apply the necessary updates: Security Advisory EPM Security Advisory Ivanti Endpoint Manager for Mobile (EPMM)

Read More
18 Jul

Small but mighty: Top 5 pocket-sized gadgets to boost your ethical hacking skills

Information

While blue teams defend, red teams attack. They share a common goal, however – help identify and address gaps in organizations’ defenses before these weaknesses can be exploited by malicious actors. The blue/red team exercises provide invaluable insights across the technical, procedural and human sides of security and can ultimately help organizations fend off actual attacks. We recently looked at a few open-source tools that blue teams may use while defending against simulated attacks, as…

Read More
17 Jul

Hello, is it me you’re looking for? How scammers get your phone number

Information

Scams Your humble phone number is more valuable than you may think. Here’s how it could fall into the wrong hands – and how you can help keep it out of the reach of fraudsters. Márk Szabó 15 Jul 2024  •  , 7 min. read What might be one of the easiest ways to scam someone out of their money – anonymously, of course? Would it involve stealing their credit card data, perhaps using digital…

Read More
15 Jul

Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks

Data Breaches, Information, Insights

At least a dozen organizations with domain names at domain registrar Squarespace saw their websites hijacked last week. Squarespace bought all assets of Google Domains a year ago, but many customers still haven’t set up their new accounts. Experts say malicious hackers learned they could commandeer any migrated Squarespace accounts that hadn’t yet been registered, merely by supplying an email address tied to an existing domain. Until this past weekend, Squarespace’s website had an option…

Read More