SEC News

What's new arround internet

Last one

Src	Date (GMT)	Titre	Description	Tags	Stories	Notes
	2023-06-06 09:46:00	Les pare-feu zyxel sont attaqués!Rattuage urgent requis Zyxel Firewalls Under Attack! Urgent Patching Required (lien direct)	L'Agence américaine de sécurité de la cybersécurité et de l'infrastructure (CISA) a classée lundi deux défauts récemment divulgués dans les pare-feu de zyxel à son catalogue connu sur les vulnérabilités exploités (KEV), sur la base de preuves d'exploitation active. Les vulnérabilités, suivies comme CVE-2023-33009 et CVE-2023-33010, sont des vulnérabilités de débordement de tampon qui pourraient permettre à un attaquant non authentifié de provoquer un The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday placed two recently disclosed flaws in Zyxel firewalls to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities, tracked as CVE-2023-33009 and CVE-2023-33010, are buffer overflow vulnerabilities that could enable an unauthenticated attacker to cause a	Patching		★★
	2023-06-05 10:00:00	Trois façons dont l'agro-industrie peut protéger les actifs vitaux des cyberattaques Three ways agribusinesses can protect vital assets from cyberattacks (lien direct)	The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In an era where digital technology increasingly underpins food production and distribution, the urgency of cybersecurity in agriculture has heightened. A surge of cyberattacks in recent years, disrupting operations, causing economic losses, and threatening food industry security- all underscore this escalating concern. In April 2023, hackers targeted irrigation systems and wastewater treatment plants in Israel. The attack was part of an annual "hacktivist" campaign, and it temporarily disabled automated irrigation systems on about a dozen farms in the Jordan Valley. The attack also disrupted wastewater treatment processes at the Galil Sewage Corporation. In addition, in June 2022, six grain cooperatives in the US were hit by a ransomware attack during the fall harvest, disrupting their seed and fertilizer supplies. Adding to this growing list, a leading US agriculture firm also fell victim to a cyberattack the same year, which affected operations at several of its production facilities. These incidents highlight the pressing need for improved cybersecurity in the agricultural sector and underscore the challenges and risks this sector faces compared to others. As outlined in a study, “Various technologies are integrated into one product to perform specific agricultural tasks.” An example provided is that of an irrigation system which "has smart sensors/actuators, communication protocols, software, traditional networking devices, and human interaction." The study further elaborates that these complex systems are often outsourced from diverse vendors for many kinds of environments and applications. This complexity “increases the attack surface, and cyber-criminals can exploit vulnerabilities to compromise one or other parts of the agricultural application.” However, the situation is far from hopeless. By taking decisive action, we can significantly strengthen cybersecurity in the agricultural sector. Here are three strategies that pave the way toward a more secure future for the farming industry: 1. Strengthening password practices Weak or default passwords are an easily avoidable security risk that can expose vital assets in the agricultural sector to cyber threats. Arguably, even now, people have poor habits when it comes to password security. As per the findings of a survey conducted by GoodFirms: A significant percentage of people - 62.9%, to be exact - update their passwords only when prompted. 45.7% of people admitted to using the same password across multiple platforms or applications. More than half of the people had shared their passwords with others, such as colleagues, friends, or family members, raising the risk of unauthorized access. A surprising 35.7% of respondents reported keeping a physical record of their passwords on paper, sticky notes, or in planners. These lax password practices have had tangible negative impacts, with 30% of users experiencing security breaches attributable to weak passwords. Hackers can use various methods, such as brute force attacks or phishing attacks, to guess or obtain weak passwords and access sensitive inf	Ransomware Tool Vulnerability Patching		★★
	2023-06-02 20:21:30	GCP-2023-007 (lien direct)	Publié: 2023-06-02 Description	Vulnerability Patching Cloud		★★★
	2023-05-31 19:00:00	Ce que les RSR d'Apple \\ révèlent sur la gestion des patchs Mac What Apple\\'s RSRs Reveal About Mac Patch Management (lien direct)	Les mises à jour de la réponse à la sécurité rapide d'Apple \\ sont conçues pour corriger les vulnérabilités de sécurité critiques, mais combien de bien peuvent-ils faire lorsque le correctif est un processus de plusieurs semaines? Apple\'s Rapid Security Response updates are designed to patch critical security vulnerabilities, but how much good can they do when patching is a weeks-long process?	Patching		★★
	2023-05-17 10:00:00	Naviguer dans le monde complexe de la conformité à la cybersécurité Navigating the complex world of Cybersecurity compliance (lien direct)	The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Cyberattacks have become increasingly common, with organizations of all types and sizes being targeted. The consequences of a successful cyberattack can be devastating. As a result, cybersecurity has become a top priority for businesses of all sizes. However, cybersecurity is not just about implementing security measures. Organizations must also ensure they comply with relevant regulations and industry standards. Failure to comply with these regulations can result in fines, legal action, and damage to reputation. Cybersecurity compliance refers to the process of ensuring that an organization\'s cybersecurity measures meet relevant regulations and industry standards. This can include measures such as firewalls, antivirus, access management and data backup policies, etc. Cybersecurity regulations and standards Compliance requirements vary depending on the industry, the type of data being protected, and the jurisdiction in which the organization operates. There are numerous cybersecurity regulations and standards; some of the most common include the following: General Data Protection Regulation (GDPR) The GDPR is a regulation implemented by the European Union that aims to protect the privacy and personal data of EU citizens. It applies to all organizations that process the personal data of EU citizens, regardless of where the organization is based. Payment Card Industry Data Security Standard (PCI DSS) This standard is administered by the Payment Card Industry Security Standards Council (PCI SSC). It applies to any organization that accepts credit card payments. The standard sets guidelines for secure data storage and transmission, with the goal of minimizing credit card fraud and better controlling cardholders\' data. Health Insurance Portability and Accountability Act (HIPAA) HIPAA is a U.S. law that regulates the handling of protected health information (PHI). It applies to healthcare providers, insurance companies, and other organizations that handle PHI. ISO/IEC 27001 ISO/IEC 27001 is an international standard that provides a framework for information security management systems (ISMS). It outlines best practices for managing and protecting sensitive information. NIST Cybersecurity Framework The NIST Cybersecurity Framework is a set of guidelines developed by the U.S. National Institute of Standards and Technology. It provides a framework for managing cybersecurity risk and is widely used by organizations in the U.S. Importance of cybersecurity compliance Compliance with relevant cybersecurity regulations and standards is essential for several reasons. First, it helps organizations follow best practices to safeguard sensitive data. Organizations put controls, tools, and processes in place to ensure safe operations and mitigate various risks. This helps to decrease the likelihood of a successful cyber-attack. Next, failure to comply with regulations can result in fines and legal action. For example, under GDPR compliance, organizations can be fined up to	Vulnerability Patching		★★
	2023-05-15 11:18:10	Micro-Star International Signing Key volée Micro-Star International Signing Key Stolen (lien direct)	Micro-Star International & # 8212; AKA MSI & # 8212; avait sa clé de signature UEFI Stolen Le mois dernier. Cela soulève la possibilité que la clé divulguée puisse éliminer les mises à jour qui infecteraient les régions de la plupart des Nether de l'ordinateur sans déclencher un avertissement.Pour aggraver les choses, a déclaré Matrosov, MSI n'a pas un processus de correction automatisé comme Dell, HP et de nombreux fabricants de matériel plus grands.Par conséquent, MSI ne fournit pas le même type de capacités de révocation clés. La livraison d'une charge utile signée n'est pas aussi simple que tout cela.& # 8220; obtenir le type de contrôle requis pour compromettre un système de construction de logiciels est généralement un événement non trivial qui nécessite beaucoup de compétences et peut-être de la chance. & # 8221;Mais ça est devenu beaucoup plus facile ... Micro-Star International—aka MSI—had its UEFI signing key stolen last month. This raises the possibility that the leaked key could push out updates that would infect a computer’s most nether regions without triggering a warning. To make matters worse, Matrosov said, MSI doesn’t have an automated patching process the way Dell, HP, and many larger hardware makers do. Consequently, MSI doesn’t provide the same kind of key revocation capabilities. Delivering a signed payload isn’t as easy as all that. “Gaining the kind of control required to compromise a software build system is generally a non-trivial event that requires a great deal of skill and possibly some luck.” But it just got a whole lot easier...	Patching		★★★
	2023-04-26 11:00:21	Célébrer SLSA v1.0: sécuriser la chaîne d'approvisionnement des logiciels pour tout le monde Celebrating SLSA v1.0: securing the software supply chain for everyone (lien direct)	Bob Callaway, Staff Security Engineer, Google Open Source Security team Last week the Open Source Security Foundation (OpenSSF) announced the release of SLSA v1.0, a framework that helps secure the software supply chain. Ten years of using an internal version of SLSA at Google has shown that it\'s crucial to warding off tampering and keeping software secure. It\'s especially gratifying to see SLSA reaching v1.0 as an open source project-contributors have come together to produce solutions that will benefit everyone. SLSA for safer supply chains Developers and organizations that adopt SLSA will be protecting themselves against a variety of supply chain attacks, which have continued rising since Google first donated SLSA to OpenSSF in 2021. In that time, the industry has also seen a U.S. Executive Order on Cybersecurity and the associated NIST Secure Software Development Framework (SSDF) to guide national standards for software used by the U.S. government, as well as the Network and Information Security (NIS2) Directive in the European Union. SLSA offers not only an onramp to meeting these standards, but also a way to prepare for a climate of increased scrutiny on software development practices. As organizations benefit from using SLSA, it\'s also up to them to shoulder part of the burden of spreading these benefits to open source projects. Many maintainers of the critical open source projects that underpin the internet are volunteers; they cannot be expected to do all the work when so many of the rewards of adopting SLSA roll out across the supply chain to benefit everyone. Supply chain security for all That\'s why beyond contributing to SLSA, we\'ve also been laying the foundation to integrate supply chain solutions directly into the ecosystems and platforms used to create open source projects. We\'re also directly supporting open source maintainers, who often cite lack of time or resources as limiting factors when making security improvements to their projects. Our Open Source Security Upstream Team consists of developers who spend 100% of their time contributing to critical open source projects to make security improvements. For open source developers who choose to adopt SLSA on their own, we\'ve funded the Secure Open Source Rewards Program, which pays developers directly for these types of security improvements. Currently, open source developers who want to secure their builds can use the free SLSA L3 GitHub Builder, which requires only a one-time adjustment to the traditional build process implemented through GitHub actions. There\'s also the SLSA Verifier tool for software consumers. Users of npm-or Node Package Manager, the world\'s largest software repository-can take advantage of their recently released beta SLSA integration, which streamlines the process of creating and verifying SLSA provenance through the npm command line interface. We\'re also supporting the integration of Sigstore into many major	Tool Patching		★★
	2023-04-13 03:00:46	Équipe de recherche sur l'exposition à la vulnérabilité de Tripwire \\ (VERT): ce que vous devez savoir Tripwire\\'s Vulnerability Exposure Research Team (VERT): What you need to know (lien direct)	Chaque mois, à l'état de sécurité, nous publions une gamme de contenu fournie par Vert.Qu'il s'agisse d'un tour d'horizon de toutes les dernières nouvelles de la cybersécurité, de notre indice de priorité de patch qui aide à guider les administrateurs sur ce qu'ils devraient patcher, une critique de livre, des réflexions générales de l'équipe ou la plupart.Vert aide les organisations à se tenir au courant de l'environnement de cybersécurité.Vert a une longue histoire et a continué à fournir des informations exploitables pour aider à assurer la sécurité des organisations.Puisque vous ne connaissez peut-être pas la mission Vert, nous avons récemment parlé avec Tyler ... Each month, at the State of Security, we publish a range of content provided by VERT. Whether it\'s a round-up of all the latest cybersecurity news, our Patch Priority Index that helps guide administrators on what they should be patching , a book review, general musings from the team, or most notability our Patch Tuesday round-up. VERT is helping organizations stay abreast of the cybersecurity environment. VERT has a long history, and has continued to provide actionable information to help keep organizations safe. Since you may not be familiar with the VERT mission, we recently spoke with Tyler...	Vulnerability Patching		★★
	2023-03-27 05:38:59	Vert lit tout à ce sujet - Cybersecurity News 27 mars 2023 [VERT Reads All About It - Cybersecurity News March 27, 2023] (lien direct)	L'équipe d'exposition et de recherche sur la vulnérabilité Tripwire (VERT) maintient son doigt sur le pouls de cybersécurité.Découvrez certaines des histoires qui nous sont démarquées récemment: WordPress a forcé le correctif du plugin WooCommerce que le plugin WooCommerce est soumis à une vulnérabilité d'escalade de privilège où un attaquant non authentifié pourrait accéder à l'administrateur aux magasins vulnérables.Cette vulnérabilité permet aux attaquants d'identifier les administrateurs et de reprendre les sites Web vulnérables.À ce stade, la vulnérabilité n'a pas été exploitée publiquement sur Internet.Les administrateurs qui hébergent leur propre installation de ... The Tripwire Vulnerability Exposure and Research Team (VERT) keeps its finger on the cybersecurity pulse. Check out some of the stories that stood out for us recently: WordPress forced the patching of WooCommerce Plugin The WooCommerce Plugin is subject to a privilege escalation vulnerability where an unauthenticated attacker could gain admin access to vulnerable stores. This vulnerability allows attackers to impersonate administrators and take over vulnerable websites. At this point, the vulnerability was not publicly exploited on the internet. Admins that host their own installation of...	Vulnerability Patching		★★
	2023-03-20 10:00:00	Italian agency warns ransomware targets known VMware vulnerability (lien direct)	The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. News broke in early February that the ACN, Italy’s National Cybersecurity Agency, issued a warning regarding a VMware vulnerability discovered two years ago. Many organizations hadn’t yet patched the issue and became the victims of a new ransomware called ZCryptor. The malicious software wreaked havoc on Italian and European businesses by encrypting users’ files and demanding payment for the data to be unencrypted. The ACN urges VMware users to ensure their systems are backed up and updated with the most recent security patches available. With ransomware on the rise, it’s crucial that businesses take the necessary steps to protect their data and applications. ESXiArgs ransomware attacks Ransomware is a type of malware or malicious software that enables unauthorized users to restrict access to an organization’s files, systems, and networks. But it doesn’t stop there. In exchange for the keys to the kingdom, attackers will typically require a large sum in the form of cryptocurrency. There are many ways that ransomware is executed on a target system. In this case, the attacker infiltrated VMware’s ESXi hypervisor code and held entire servers for ransom. According to reports most victims were required to pay almost $50,000 USD in Bitcoin to restore access to entire business systems. The nature of these attacks lead experts to believe that this is not the work of ransomware gangs, and is more likely being executed by a smaller group of threat actors. But that doesn’t mean the damage was any less alarming. Exploiting known vulnerabilities Hackers were able to infect over 2000 machines in only twenty-four hours on a Friday afternoon before the start of the weekend. But how were they able to work so fast? As soon as software developers and providers publish fixes for specific vulnerabilities, threat actors are already beginning their plan of attack. Fortunately, the ESXiArgs vulnerability was patched two years ago (CVE-2021-21974.) Organizations that have not run this patch are at risk of becoming a victim of the latest ransomware. Unfortunately, Florida’s Supreme Court, the Georgia Institute of Technology, Rice University, and many schools across Hungary and Slovakia have also become victims of this newest ransomware attack. CISA guidance for affected systems The US Cybersecurity and Infrastructure Security Agency (CISA) issued recovery guidance for the 3,800 servers around the world affected by the ESXiArgs ransomware attacks: Immediately update all servers to the latest VMware ESXi version. Disable Service Location Protocol (SLP) to harden the hypervisor. Make sure the ESXi hypervisor is never exposed to the public internet. The CISA also offers a script on its GitHub page to reconstruct virtual machine metadata from unaffected virtual disks. What organi	Ransomware Malware Vulnerability Threat Patching Guideline		★★★
	2023-03-08 19:15:11	CVE-2023-27486 (lien direct)	xCAT is a toolkit for deployment and administration of computer clusters. In versions prior to 2.16.5 if zones are configured as a mechanism to secure clusters in XCAT, it is possible for a local root user from one node to obtain credentials to SSH to any node in any zone, except the management node of the default zone. XCAT zones are not enabled by default. Only users that use the optional zone feature are impacted. All versions of xCAT prior to xCAT 2.16.5 are vulnerable. This problem has been fixed in xCAT 2.16.5. Users making use of zones should upgrade to 2.16.5. Users unable to upgrade may mitigate the issue by disabling zones or patching the management node with the fix contained in commit `85149c37f49`.	Patching
	2023-02-09 09:45:00	Transforming Threat Data into Actionable Intelligence (lien direct)	Introduction In today's digital age, the threat of cyber-attacks is greater than ever. Traditional security operations, which have focused on reactive measures such as patching vulnerabilities and responding to breaches, are no longer sufficient to meet the challenges of the modern threat landscape. As a result, security organizations are shifting their focus to proactive measures to stay ahead of emerging threats. This shift towards proactive security operations is the focus of a new five-article series written by analysts at TAG Cyber. The series examines the latest trends and challenges for cybersecurity teams and explores the cutting-edge solutions that are helping security organizations become more proactive in their defense against cyber-attacks. Anomali's solutions are important in helping security operations (secops) teams move from a reactive to a proactive security program. Anomali, a leading threat intelligence provider and incident management software, offers a viable solution. Anomali's platform enables security teams to quickly and easily identify and respond to emerging threats by providing real-time visibility into the latest cyber threats and vulnerabilities, allowing organizations to take proactive measures to protect themselves from potential attacks instead of simply reacting to breaches after they have occurred. The series also delves into the strategies and technologies that can help CISOs and secops teams improve their operations. Anomali's platform is a key element in integrating threat intelligence with other technologies, such as Extended Detection and Response (XDR) and Attack Surface Management (ASM), to enhance the overall security posture of an organization. Additionally, Anomali's solutions assist with digital risk protection (DRP) in identifying and mitigating the risks associated with third-party vendors and partners. In summary, the series provides an in-depth look at the latest strategies and technologies to help CISOs and security teams become more proactive in their defense against cyber attacks. Anomali's solutions play a crucial role in this shift and assist organizations in identifying and mitigating emerging threats, integrating with other technologies, while addressing the skills gap. Article 1: Transforming Threat Data into Actionable Intelligence Christopher R. Wilder, TAG Cyber This article is the first in a series of guest blogs written by TAG Cyber analysts in conjunction with our colleagues at Anomali. Our five-part series of blogs focus on how threat-intelligence management integrates with extended detection and response (XDR) to increase operational efficiencies in an enterprise security operations environment and drive actionable prevention, detection, and response. The commercial Anomali platform demonstrates how integration between threat intelligence and XDR can work in the field. Threat intelligence is divided into three main categories: strategic, operational, and tactical. Strategic threat intelligence focuses on understanding the overall threat landscape and identifying long-term trends. It informs strategic decisions and helps organizations understand the potential risks they face. Operational threat intelligence identifies and responds to specific threats in real-time. It informs an organization’s day-to-day operations and helps protect against immediate threats. Tactical threat intelligence provides detailed information about specific threats, such as the tools, techniques, and procedures used by attackers. It also apprises tactical decisions and helps organizations respond to incidents. Threat intelligence is essential to any security program, providing organizations with the information they need to identify and respond to potential threats proactively. Threat intelligence provides operational and tactical threat intelligence to help organizations respond to specific dangers in real-time an	Malware Threat Patching Guideline		★★★
	2023-02-07 04:44:45	(Déjà vu) Tripwire Patch Priority Index for January 2023 (lien direct)	Tripwire's January 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Adobe. First on the patch priority list this month are patches for Microsoft Visio and Microsoft Office that resolve 6 vulnerabilities, including remote code execution and information disclosure vulnerabilities. Next are patches for Adobe Reader and Acrobat that 15 vulnerabilities, including arbitrary code execution, memory leak, denial-of-service, and elevation of privilege vulnerabilities. Up next are patches that affect components of the core Windows operating system. These patches...	Patching		★★
	2023-02-06 21:03:19	(Déjà vu) New Knowledge Pack Released (KP-2023-001) (lien direct)	>Includes characterizations for GOOSE, SNMP, and IEC 61850 traffic. Detections included for Moxa and DirectLogic. Playbooks added for Metasploit and Sliver C2. The post New Knowledge Pack Released (KP-2023-001) first appeared on Dragos.	Patching		★★★
	2023-02-06 19:18:00	Patching & Passwords Lead the Problem Pack for Cyber-Teams (lien direct)	Despite growing awareness, organizations remain plagued with unpatched vulnerabilities and weaknesses in credential policies.	Patching		★★★
	2023-02-01 02:00:00	Why you might not be done with your January Microsoft security patches (lien direct)	The January patching window for your firm has probably come and gone. But has it? While January included a huge release of patches, several releases in other months have provided more than one headache for the patch management community. These are the patches and updates you need to evaluate if you haven't already done so.BitLocker Security Feature Bypass Vulnerability In January, additional information came out about CVE-2022-41099, the BitLocker Security Feature Bypass Vulnerability. If you've already deployed the November or later security updates to your network and have done nothing else, you aren't done with the evaluation of this update.To read this article in full, please click here	Patching		★★★
	2023-01-18 02:00:00	Why it\'s time to review your on-premises Microsoft Exchange patch status (lien direct)	We start the patching year of 2023 looking at one of the largest releases of vulnerability fixes in Microsoft history. The January 10 Patch Tuesday update patched one actively exploited zero-day vulnerability and 98 security flaws. The update arrives at a time when short- and long-term technology and budget decisions need to be made.This is particularly true for organizations using on-premises Microsoft Exchange Servers. Start off 2023 by reviewing the most basic communication tool you have in your business: your mail server. Is it as protected as it could be from the threats that lie ahead of us in the coming months? The attackers know the answer to that question.To read this article in full, please click here	Tool Vulnerability Patching		★★
	2023-01-17 11:00:00	IT/OT convergence and Cybersecurity best practices (lien direct)	The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Most of the time, the advantages of technology overshadow the recognition of challenges. IT/OT convergence has given a boost to the industry, there are many cybersecurity considerations. Due to a lack of legislation, best practices are filling the void. This article will give an overview of industrial cybersecurity best practices. According to a survey presented by Veracode in 2022, more than 75% of all software applications have security flaws that can serve as a gateway to larger environments. With the spread of industrial IT (Information Technology) / OT (Operational Technology) integration, it means that almost every infrastructure is in possible danger of cyberattacks. The two sides of the IT/OT convergence coin Industrial IT/OT convergence has been accelerated by the advantages it offers to the sector. These advantages have made production faster, cheaper, and more automated. The convergence has been advancing at such a pace that the flipside of its use has never been given serious thought until recently. With the obvious advantages, challenges have surfaced as well. The need for a comprehensive solution has already appeared in recent years, but until this day, best practices are routine. Best practices for IT/OT converged environment During the years of broad-scale IT/OT implementation, operational and cybersecurity experience has been gathered. This serves as the basis for industrial best practices and their practical implementation, which ranges from recommendations to practical steps. Regulations. Industrial regulations and legislation should set standards. Though there are some governmental initiatives – like Executive Order 14028 – for building an overall framework, the bottom-to-top need has already surfaced. CIS Controls (Critical Security Controls) Version 8 is one of those comprehensive cybersecurity bottom-to-top frameworks that are the most often referred to by legal, regulatory, and policy bodies. CIS has been developed by the global IT community to set up practical cybersecurity measures. Each version is an evolution of the previous, so it is constantly evolving as practice, and technological advancement require it. Zero Trust. In every critical infrastructure, the basic approach should be the “zero trust principle.” According to this notion, entering data, and exiting data, users, and context should be treated with the highest distrust. Risk-based approach. It is a strategy that assesses hardware and software status to prevent cybersecurity risks and mitigate possible consequences of a breach. The process has several compliance points. These include device version and patching date checkup, finding security and safety issues, and revealing the exploitation history of applied devices. The strategy is only effective if it is completed with constant threat monitoring. In this case, operators are aware of system vulnerabilities if there is no or a delayed system update.	Vulnerability Threat Patching Industrial		★★★★
	2023-01-12 15:10:00	Patch where it Hurts: Effective Vulnerability Management in 2023 (lien direct)	A recently published Security Navigator report data shows that businesses are still taking 215 days to patch a reported vulnerability. Even for critical vulnerabilities, it generally takes more than 6 months to patch. Good vulnerability management is not about being fast enough in patching all potential breaches. It's about focusing on the real risk using vulnerability prioritization to correct	Vulnerability Patching		★★★
	2023-01-12 11:00:00	Are WE the firewall? (lien direct)	As we start a new year, let's think about how we can draw up a plan to exercise our cyber fitness and make it a culture that sticks. It's a critical time to get this done as we work toward a new era where we're breaking down silos, understanding the new ecosystem movement going forward and the edge computing phenomenon. Communication, creativity, and empathy are crucial in shifting from what we call a "have-to" security mindset (i.e., "I have to take this precaution because IT said so") to a "want-to" mindset, which suggests employee buy-in to a company's security policy beyond simply ticking off a to-do box or watching a training video. Key considerations include: Do we have top-down buy-in? Are expectations communicated effectively? Are we driving accountability? Have we formed a good CRUST (Credibility & Trust)? When we say, "security culture" and "we have a positive security culture," what we perceive as security culture and what you think in your mind as security culture might be two very different things. The reason is our companies prioritize the accomplishment of security goals differently. Some basics involve patching and reducing the chances of being hit by phishing attacks, but the underlying reason why that happens differs among organizations. This article is intended to examine each of these questions and provide helpful tips for creating a culture of cybersecurity awareness. Top-down approach Isn't security something we should all be thinking about, not just the CISOs? It's interesting how people don't want to think about it. They appoint somebody, give them a title, and then say that person is now responsible for making security happen. But the reality is, within any organization, doing the right thing -- whether that be security, keeping track of the money, or making sure that things are going the way you're expecting -- is a responsibility shared across the entire organization. That's something that we are now becoming more accustomed to. The security space realizes it's not just about the security folks doing a good job. It's about enabling the entire organization to understand what's important to be more secure and making that as easy as possible. There's an element of culture change and of improving the entire organization. What's causing these softer approaches -- behavior, culture, management, and attitude more important now? Is there something about security technology that has changed that makes us need to look at how people think? We're beginning to realize that technology is not going to solve all our problems. So how do we create a top-down culture? The best recommendation would be to align business goals with good representation from multiple stakeholders, including the CEO, COO, IT Marketing, Finance, or business owner, depending on the size and structure of the firm. Appointing a "fall person" for security would make it challenging to foster a cybersecurity-aware culture. Instead, identifying a lead such as a CISO, CIO, or security director and inspiring an organization-wide, strategically aligned program would promote the most significant outcome. At a minimum, form a small security committee represented by key stakeholders and empower the security leader to fully understand the business objectives and recommend the best protection methods. Kick Start your Security Culture Communicate expectations Once we have buy-in, it's time to communicate. What good is a cybersecurity policy if the people expected to follow it do not understand who, what, why, and how? The idea of sticking with "the policy states" only goes so far. Policies should be developed with the audience in mind, covering: Purpose – why is the policy needed?	Threat Patching Guideline		★★
	2023-01-11 23:24:46	CISA: Immediate patching for Lorenz ransomware-exploited Exchange flaw needed (lien direct)	The Cybersecurity and Infrastrastructure Security Agency has updated its Known Exploited Vulnerabilities Catalog with two more security flaws, including a Microsoft Exchange privilege escalation bug, tracked as CVE-2022-41080, according to BleepingComputer.	Patching		★★
	2023-01-11 20:05:32	Tanium comments on patching and its necessities (lien direct)	The hackers tried to hide the backdoor by naming it "twitter_icon_and placed it in a legitimate location directory on the system. For five months, the web shell lay dormant on the victim network. When the hackers were ready to follow through with the attack, they used the backdoor and deployed the Lorenz ransomware in 48 hours. The comment on the incident by Tim Morris, chief security adviser at Tanium - Opinion	Ransomware Patching		★★
	2023-01-09 20:33:00	Rackspace Ransomware Incident Highlights Risks of Relying on Mitigation Alone (lien direct)	Organizations often defer patching because of business disruption fears - but that didn't work out very well for Rackspace's Hosted Exchange service.	Ransomware Patching		★★
	2023-01-04 16:30:00	Anomali Cyber Watch: Machine Learning Toolkit Targeted by Dependency Confusion, Multiple Campaigns Hide in Google Ads, Lazarus Group Experiments with Bypassing Mark-of-the-Web (lien direct)	The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Backdoors, Data breaches, North Korea, Phishing, and Typosquatting. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity. Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence PyTorch Discloses Malicious Dependency Chain Compromise Over Holidays (published: January 1, 2023) Between December 25th and December 30th, 2022, users who installed PyTorch-nightly were targeted by a malicious library. The malicious torchtriton dependency on PyPI uses the dependency confusion attack by having the same name as the legitimate one on the PyTorch repository (PyPI takes precedence unless excluded). The actor behind the malicious library claims that it was part of ethical research and that he alerted some affected companies via HackerOne programs (Facebook was allegedly alerted). At the same time the library’s features are more aligned with being a malware than a research project. The code is obfuscated, it employs anti-VM techniques and doesn’t stop at fingerprinting. It exfiltrates passwords, certain files, and the history of Terminal commands. Stolen data is sent to the C2 domain via encrypted DNS queries using the wheezy[.]io DNS server. Analyst Comment: The presence of the malicious torchtriton binary can be detected, and it should be uninstalled. PyTorch team has renamed the 'torchtriton' library to 'pytorch-triton' and reserved the name on PyPI to prevent similar attacks. Opensource repositories and apps are a valuable asset for many organizations but adoption of these must be security risk assessed, appropriately mitigated and then monitored to ensure ongoing integrity. MITRE ATT&CK: [MITRE ATT&CK] T1195.001 - Supply Chain Compromise: Compromise Software Dependencies And Development Tools \| [MITRE ATT&CK] T1027 - Obfuscated Files Or Information \| [MITRE ATT&CK] Picus: The System Information Discovery Technique Explained - MITRE ATT&CK T1082 \| [MITRE ATT&CK] T1003.008 - OS Credential Dumping: /Etc/Passwd And /Etc/Shadow \| [MITRE ATT&CK] T1041 - Exfiltration Over C2 Channel Tags: Dependency confusion, Dependency chain compromise, PyPI, PyTorch, torchtriton, Facebook, Meta AI, Exfiltration over DNS, Linux Linux Backdoor Malware Infects WordPress-Based Websites (published: December 30, 2022) Doctor Web researchers have discovered a new Linux backdoor that attacks websites based on the WordPress content management system. The latest version of the backdoor exploits 30 vulnerabilities in outdated versions of WordPress add-ons (plugins and themes). The exploited website pages are injected with a malicious JavaScript that intercepts all users clicks on the infected page to cause a malicious redirect. Analyst Comment: Owners of WordPress-based websites should keep all the components of the platform up-to-date, including third-party add-ons and themes. Use	Malware Tool Vulnerability Threat Patching Medical	APT 38 LastPass	★★
	2022-12-20 20:46:00	Anomali Cyber Watch: APT5 Exploited Citrix Zero-Days, Azov Data Wiper Features Advanced Anti-Analysis Techniques, Inception APT Targets Russia-Controlled Territories, and More (lien direct)	The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Backdoors, Belarus, China, Data wiping, Russia, Ukraine and Zero-days. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity. Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence APT5: Citrix ADC Threat Hunting Guidance (published: December 13, 2022) On December 13, 2022, the US National Security Agency published a report on the ongoing exploitation of Citrix products. Citrix confirmed that this critical remote code execution vulnerability (CVE-2022-27518, CTX474995) affects Citrix Application Delivery Controller™ (Citrix ADC) and Citrix Gateway versions: 12.1 and 13.0 before 13.0-58.32. Active exploitation of the CVE-2022-27518 zero-day was attributed to China-sponsored APT5 (Keyhole Panda, Manganese, UNC2630) and its custom Tricklancer malware. Analyst Comment: All customers using the affected builds are urged to install the current build or upgrade to the newest version (13.1 or newer) immediately. Anomali Platform has YARA signatures for the Tricklancer malware, network defenders are encouraged to follow additional NSA hunting suggestions (LINK). Check md5 hashes for key executables of the Citrix ADC appliance. Analyze your off-device logs: look for gaps and mismatches in logs, unauthorized modification of user permissions, unauthorized modifications to the crontab, and other known signs of APT5’s activities. MITRE ATT&CK: [MITRE ATT&CK] Exploit Public-Facing Application - T1190 Tags: actor:APT5, actor:UNC2630, actor:Manganese, actor:Keyhole Panda, CVE-2022-27518, CTX474995, Citrix ADC, Citrix Gateway, Zero-day, China, source-country:CN Linux Cryptocurrency Mining Attacks Enhanced via CHAOS RAT (published: December 12, 2022) In November 2022, a new cryptojacking campaign was detected by Trend Micro researchers. Unlike previously-recorded campaigns that aim at installing a cryptomining software, this one is utilizing a remote access trojan (RAT): a Linux-targeting version of the open-source Chaos RAT. This Go-based RAT is multi-functional and has the ability to download additional files, run a reverse shell, and take screenshots. Analyst Comment: Implement timely patching and updating to your systems. Monitor for a sudden increase in resource utilization, track open ports, and check the usage of and changes made to DNS routing. MITRE ATT&CK: [MITRE ATT&CK] External Remote Services - T1133 \| [MITRE ATT&CK] Network Service Scanning - T1046 \| [MITRE ATT&CK] Command and Scripting Interpreter - T1059 \| [MITRE ATT&CK] Scheduled Task - T1053 \| [MITRE ATT&CK] Screen Capture - T1113 \| [MITRE ATT&CK] Remote Access Tools - T12	Malware Tool Vulnerability Threat Patching Prediction	APT 5	★★★
	2022-12-19 14:51:00	BrandPost: Why a Culture of Awareness and Accountability Is Essential to Cybersecurity (lien direct)	Effective cybersecurity relies only in part on technology. Even as tools and systems become more powerful, avoiding security mishaps is still largely dependent on people doing the right thing. From following best practices for updating and patching systems and software to knowing and understanding the everyday risks posed by phishing emails, malicious websites, or other attack vectors, everyone - not just the dedicated IT/security professionals - has some level of responsibility for cybersecurity.The organizations with the best chance of minimizing threats are those that build and sustain a culture of awareness and accountability. Here are some ways to do that:To read this article in full, please click here	Patching		★★
	2022-12-15 14:06:47	Action1 Launches Continuous Patch Compliance with Automated Remediation of Security Vulnerabilities (lien direct)	Action1 Launches Continuous Patch Compliance with Automated Remediation of Security Vulnerabilities The new version empowers IT teams to establish a consistent patching strategy once and never think of it again, and provides them with complete visibility and control over the patching status. - Product Reviews	Patching		★★
	2022-12-13 22:29:24	CrowdStrike Services Helps Organizations Prioritize Patching Vulnerabilities with CrowdStrike Falcon Spotlight (lien direct)	When the CrowdStrike Services team conducts a proactive security engagement, such as a Cybersecurity Maturity Assessment or Tabletop Exercise, it often uses CrowdStrike Falcon® Spotlight to identify what vulnerabilities exist in the environment. Unfortunately, this can be a disheartening experience, as many organizations we see have millions, even tens of millions, of unpatched vulnerabilities. It's […]	Patching		★★
	2022-12-08 02:00:00	Microsoft\'s rough 2022 security year in review (lien direct)	We soon close out the security year of 2022. Only time will tell what 2023 will bring, but for IT and security admins of Microsoft networks, 2022 has been the year of blended attacks, on-premises Exchange Server flaws, and vulnerabilities needing more than patching to mitigate. Here's a month-by-month look at the past year.January: A bad start for on-premises Microsoft Exchange Server vulnerabilities It seems fitting that 2022 began with the release of the Microsoft Exchange Server remote code execution vulnerability (CVE-2022-21846). It raises the question for anyone still with an on-premises Exchange Server: Do you have the expertise to keep it safe especially if you are targeted? Exchange 2019 is the only version under mainstream support at this time. If you are still running Exchange Server 2013, it reaches end of support on April 11, 2023. Your window of opportunity to make an easy transition is closing. Migrate to Exchange online or on-premises Exchange 2019 or consider a different email platform completely.To read this article in full, please click here	Vulnerability Patching		★★★★★
	2022-12-07 11:00:00	Cyberattacks could worsen the global energy crisis (lien direct)	The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. War, economic instability, external threats, and global politics affect the energy sector of a country or region. In addition, cyberattacks on critical infrastructure can cripple the strained energy market. Europe is facing a severe energy crisis, and European governments are getting prepared for this winter by managing the demands and keeping energy reserves. The EU (European Union) also accelerated the work to improve critical infrastructure defence and resilience. This energy crisis is the outcome of Russia’s war in Ukraine (attacks on pipelines to disrupt the supply chain) and strict Russian policies towards European countries. Cyberattacks on the energy sector In addition to the physical challenges, the growing cyberattacks on the energy sector could worsen the energy crisis. According to Energy Security Sentinel, thirteen cyberattacks targeted energy infrastructure this year, making it the highest number of annual attacks over the last six years. Oil and electricity were the most vulnerable infrastructure, followed by gas and shipping. The cyberattacks don’t only target critical European infrastructure. In 2021, the Colonial Pipeline in the United States was affected by the ransomware attack, which caused authorities to declare a regional emergency in 17 states and Washington, D.C. The same year, Saudi Aramco – Saudi Arabia’s state oil giant, came under cyberattack. In that case, the hackers asked for $50m extortion money. Why is the energy sector is a target for cyberattacks? The energy sector is a lucrative target for financially motivated cybercriminals; they know the companies tend to be financially sound and can pay the heavy ransom to keep their operations running. The economic activities of a country also rely on the energy sector; thus, a disruption can cause substantial damage. For example, a six-hour winter black-out in France could result in damages totalling over €1.5 billion ($.1.7 billion). It motivates state-sponsored hackers to target the opponent’s critical infrastructure to achieve political outcomes. Despite the critical nature of the industry, the energy infrastructure is particularly vulnerable for three primary reasons: Large attack surface Lack of skilled professionals Digitalization and integration Large attack surface Attack surface refers to all the possible entry points into any system. The energy sector has a broad attack surface. Their attack surface includes distribution networks, supply chains, partners, powerlines, smart meters and so on. Generally, organizations don’t have the capability to monitor or tag their assets, which increases the risk and can leave unprotected doors of entry. Lack of skilled professionals People working in critical infrastructure are typically not equipped with the skills required to protect the infrastructure from cyberattacks. Even organizations investing in security products and solutions face the human resource problem, which makes them vulnerable. Interestingly, the public and private sectors are joining forces to overcome the skilled profe	Patching Guideline		★★★★
	2022-11-28 18:23:25	Google says Google should do a better job of patching Android phones (lien direct)	Project Zero calls out Android and Pixel for not fixing a GPU vulnerability.	Patching		★★★
	2022-11-23 02:00:00	How to reset a Kerberos password and get ahead of coming updates (lien direct)	Do you recall when you last reset your Kerberos password? Hopefully that was not the last time I suggested you change it, back in April of 2021, when I urged you to do a regular reset of the KRBTGT account password. If you've followed my advice, you are already one step ahead of the side effects caused by the November updates that introduced Kerberos changes.While many of you may be waiting to install the “fixed” versions of the updates that deal with the introduced authentication issues, or you may wish to install the out-of-band updates that will fix the side effects, there are more steps to do this patching month and in the months ahead.To read this article in full, please click here	Patching		★★★★
	2022-11-21 22:06:09	Joint CyberSecurity Advisory on a U.S. Federal Agency Breached by Iranian Threat Actors (lien direct)	FortiGuard Labs is aware of a joint advisory (AA22-320A) issued by Cybersecurity and Infrastructure security Agency (CISA) and the Federal Bureau of Investigation (FBI) on November 16, 2022. The advisory is related to an Iranian government-sponsored campaign where threat actors breached an unnamed U.S. federal agency and deployed a crypto miner and a hacktool to the compromised network.Why is this Significant?This is significant because threat actors backed by the Iranian government compromised a U.S. federal agency and deployed XMRig (crypto miner) and Mimikatz (a post-exploit tool used for credential harvesting).In February 2022, Iranian threat actors reportedly compromised a federal government agency by exploiting CVE-2021-44228, also known as Log4Shell, in an unpatched VMware Horizon server. This signifies the importance of timely patching of vulnerable systems.How did the Attack Occur?The initial infection vector was exploitation of CVE-2021-44228 (Log4Shell) in a vulnerable VMware Horizon server. Once the attacker got a foot in the door to the victim's network, the attacker downloaded and installed XMRig (mining software for Monero cyrptocurrency) after excluding the victim's C:\ drive from scanning by Windows Defender. The attacker leveraged RDP to move laterally to other systems on the victim's network, deployed PsExec (a free Microsoft tool execute processes on other systems) and Mimikatz (an open-source tool for credential harvesting) and implanted Ngrok (a dual use tunneling tool). Also, the attacker accessed the domain controller and retrieved a list of machines that belong to the domain furthering compromise.What is CVE-2021-44228 (Log4Shell)?CVE-2021-44228 is a remote code execution vulnerability in the popular Java-based logging utility Log4j2. The vulnerability was disclosed to the public by Apache in early December, however Proof-of-Concept (PoC) code for CVE-2021-44228 was believed to be available earlier.FortiGuard Labs previously released Outbreak Alert and Threat Signal for CVE-2022-44228. See the Appendix for a link to "Outbreak Alert: Apache Log4j2 Vulnerability" and "Apache Log4J Remote Code Execution Vulnerability (CVE-2021-44228)".What is the Status of Coverage? FortiGuard Labs detects the malicious files in the advisory that are available with the following AV signatures:Riskware/CoinMinerPossibleThreatAll reported network IOCs in the advisory are blocked by Webfiltering.FortiGuard Labs has IPS coverage in place for CVE-2021-44228 (Log4Shell):Apache.Log4j.Error.Log.Remote.Code.Execution	Tool Vulnerability Threat Patching		★★★
	2022-11-14 11:00:00	Stories from the SOC: Fortinet authentication bypass observed in the wild (lien direct)	Executive summary: Fortinet’s newest vulnerability, CVE-2022-40684, allowing for authentication bypass to manipulate admin SSH keys, unauthorized downloading of configuration files, and creating of super admin accounts, is put a big target on the back’s of unpatched and exposed Fortinet devices. An AT&T Managed Extended Detection and Response (MXDR) customer was involved in a true positive compromise that was discovered through a threat hunt initiated off an Intrusion Protection System (IPS) alert from Fortinet. With coordination between customer and MXDR and the customer’s network and security teams, the threat was remediated and contained, and the vulnerable devices were patched. Investigation The initial investigation began during a tactical check-in with the customer, who mentioned an investigation regarding an IPS detection for two IP addresses that were attempting the authentication bypass exploit. If we pivot to the event, we can see Fortinet created detections for potentially unauthorized API requests to the cmdb filepath. Through Fortinet’s advisory on the vulnerability, we learned that potential malicious activity would originate from a user Local_Process_Access and would utilize the Node.js or Report Runner interface. Reports indicate that some of the handlers for API connections check certain conditions, including IP address being a loopback address and User-Agent being either Report Runner or Node.js. Off that information, we’re able to turn our attention to potential true positives that weren’t picked up by the IPS. Doing a quick filter on the Local_Process_Access user produced some interesting events: This doesn’t look good. The first event we can see the attacker manage to successfully download the Local Certificate: This allows the attacker to see certificate information such as email address for the certificate owner, IP address of the Fortigate, company name, location where the Fortigate was installed, and other sensitive details. These local certificates a generated and provided to the Certificate Authority (CA) for environment trust. Shortly after, the attacker managed to download the system config of the Fortigate: Finally, a few hours later they managed to upload a script and run it to create a super_admin user: This is where the observable activity ended from the Local_Process_User and newly created admin account. Remediation began at this point. Response After discovery of the administrator account, a network administrator was urgently contacted and was able to remove the account. During the remediation process, the network administrator observed that the management port’s external interface had HTTPS open, which is likely how the attacker gained the initial foothold. It’s believed the super_admin account that was c	Vulnerability Threat Patching
	2022-11-09 02:00:00	Why it\'s time to review your Microsoft patch management options (lien direct)	You have several options to manage patching on Microsoft networks: let machines independently update or use a third-party patching tool, Windows Software Update Services (WSUS), or another Microsoft management product. If you are still using WSUS as your key patching tool, you may want to review your options. Microsoft is developing additional patching tools that will allow you to better manage systems and control administrative access.Is WSUS on the way out? Microsoft has long kept the status quo for WSUS, its on-premises patching product. It still supports WSUS, but Microsoft does not appear to be making new investments in the platform. Case in point, if your WSUS server fails on syncing, disable the Windows category of “Windows Insider Dev Channel.” Selecting this category creates an error message during synchronization. Microsoft is aware of the issue but has not given any estimated time for a fix. WSUS has not been updated in years. If you are considering using WSUS as your go-to patching platform, budget for a subscription to WSUS Automated Maintenance, which includes scripts and routines to optimize WSUS.To read this article in full, please click here	Patching
	2022-11-02 10:00:00	AT&T Cybersecurity Insights Report: Focus Energy and Utilities (lien direct)	As energy and utilities companies strive to use the edge to innovate new solutions for delivering more efficient and resilient services, cybersecurity risks to carrying out those business missions loom large. Ransomware attackers and other cybercriminals have increasingly found energy and utilities organizations a profitable target, lobbying high-profile attacks in the last few years that have threatened safety and uptime in the process. Operational and security experts at these companies are well aware of the balancing act they must achieve under these conditions, according to a new industry breakout of the AT&T Cybersecurity Insights Report. Released this week, the AT&T Cybersecurity Insights Report: Focus on Energy and Utilities shows that technologists in these organizations are called upon by the business to roll out edge use cases such as remote-control operations, self-healing assets, and intelligent grid management. At the same time, they must ensure these deployments are done with cybersecurity as a central component, as the impact of attacks against this vertical's edge-connected assets could have drastic consequences for companies tasked with delivering the most vital resources for modern living. Rapid rate of energy and utility innovation One of the key areas examined by the AT&T Cybersecurity Insights Report is the rate of adoption of edge computing, the use cases in play, and their stage of maturity. This was tracked across six major sectors. This latest industry report dives into the trends for companies that provide services and resources such as electricity, oil and gas, water, and sewer. The study shows that some 77% of energy and utilities respondents worldwide are planning to implement, have partially implemented, or have fully implemented an edge use case. The study dug into nine industry-specific use cases and examined their stage of adoption across the energy and utilities sector. Combining the mid-stage and mature stage adoption rates reveals that the use of edge computing in infrastructure leak detection has the highest combined adoption maturity (82%) among survey respondents. Some examples of how this looks in action includes using sensors to gauge the flow of water in a municipal water system and using the low latency of edge connections to monitor that data in real time for drops or spikes in pressure that could indicate the need for preventive maintenance or immediate servicing of equipment. This is of course a single example in a broad range of use cases currently under exploration in this sector. Edge computing has opened up tremendous opportunities for energy and utilities companies to solve tough problems across the entire value chain, including the safe acquisition of energy supplies on the front end of the supply chain, the proper monitoring of consumption of energy and resources on the back end, and the efficient use of facilities and equipment to run the functions between the two phases. Some additional examples most commonly cited were: Remote control operations Geographic infrastructure exploration, discovery, and management Connected field services Intelligent grid management Interestingly, in spite of many energy companies engaged in proof-of-concept and insulated projects, overall the sector's rate of mature adoption was the least prevalent compared to all other sectors, sitting at about 40%. Survey analysis indicates this isn't from a lack of interest, but instead a product of the justifiably cautious nature of this industry, which keeps safety and availability top of mind. The fact that this market segment had the highest level of adoption in mid-stage compared to other industries offers a clue that these companies are all-in on edge deployments but taking their time considering and account	Ransomware Vulnerability Threat Patching Guideline
	2022-11-02 09:30:00	OpenSSL Security Advisory Downgraded to High Severity (lien direct)	Experts still recommend patching affected systems	Patching
	2022-11-01 21:21:06	OpenSSL dodges a security bullet (lien direct)	The critical security vulnerability turned out to be two serious vulnerabilities. Still, they need patching ASAP.	Vulnerability Patching
	2022-10-31 11:29:11	Apple Only Commits to Patching Latest OS Version (lien direct)	People have suspected this for a while, but Apple has made it official. It only commits to fully patching the latest version of its OS, even though it claims to support older versions. From ArsTechnica: In other words, while Apple will provide security-related updates for older versions of its operating systems, only the most recent upgrades will receive updates for every security problem Apple knows about. Apple currently provides security updates to macOS 11 Big Sur and macOS 12 Monterey alongside the newly released macOS Ventura, and in the past, it has released security updates for older iOS versions for devices that can’t install the latest upgrades...	Patching
	2022-10-30 11:10:13	OpenSSL Gives Heads Up to Critical Vulnerability Disclosure, Check Point Alerts Organizations to Prepare Now (lien direct)	30/10/2022 Highlights: The OpenSSL project, the very basic element of the secured internet we all know, announced patching a critical severity security vulnerability While details are yet to be shared, organizations are called to remain alerted and prepare to patch and update systems this coming Tuesday, November 1st Because OpenSSL is so widely used, The…	Vulnerability Patching
	2022-10-27 14:06:50	Upcoming Critical OpenSSL Vulnerability: What will be Affected?, (Thu, Oct 27th) (lien direct)	Some here may still remember Heartbleed. Heartbleed was a critical OpenSSL vulnerability that surprised many organizations, and patching the issue was a major undertaking. Heartbleed caused OpenSSL and other open source projects to rethink how they address security issues and how they communicate with their users. OpenSSL started to pre-announce any security updates about a week ahead of time.	Vulnerability Patching
	2022-10-27 10:00:00	11 Cybersecurity investments you can make right now (lien direct)	This blog was written by an independent guest blogger. The average cost of a data breach will continue to rise, which means companies need to start planning accordingly. To protect your business, you need to invest in cybersecurity. Here are 11 areas you should focus on. Cyber insurance Cyber insurance is designed to protect businesses from the financial repercussions of a cyber-attack. It can cover costs such as business interruption, data recovery, legal expenses, and reputational damage. It is increasingly common across industries and at companies of all sizes, even small businesses, which have become a growing target of cybercriminals. Cyber insurance has also become a new compliance requirement in many industries, including healthcare, finance, and retail. In the event of a data breach, companies are often required to notify their customers and partners, which can be costly. Cyber insurance can help cover these expenses. Employee training Employees are often the weakest link in a company's cybersecurity defenses. They may not be aware of the latest cyber threats or how to protect themselves from them. That's why it's important to provide employees with regular training on cybersecurity risks and best practices. There are many different types of employee training programs available, ranging from in-person seminars to online courses. Some companies even offer financial incentives for employees who complete training programs. In the remote work era, employee education also increasingly means arming remote workers with knowledge that will keep company data safe while they are working on networks that might not be well secured. This is especially the case if you know people are connecting via public networks at cafes, co-working spaces, and airports. Endpoint security Endpoints are the devices that connect to a network, such as laptops, smartphones, and tablets. They are also a common entry point for cyber-attacks. That's why it's important to invest in endpoint security, which includes solutions such as antivirus software, firewalls, and encryption. You can invest in endpoint security by purchasing it from a vendor or by implementing it yourself. There are also many free and open-source solutions available. Make sure you test any endpoint security solution before deploying it in your environment. Identity and access management Identity and access management (IAM) is a process for managing user identities and permissions. It can be used to control who has access to what data and resources, and how they can use them. IAM solutions often include features such as Single Sign-On (SSO), which allows users to access multiple applications with one set of credentials, and two-factor authentication (2FA), which adds an extra layer of security. IAM solutions can be deployed on-premises or in the cloud. They can also be integrated with other security solutions, such as firewalls and intrusion detection systems. Intrusion detection and prevention Intrusion detection and prevention systems (IDPS) are designed to detect and prevent cyber-attacks. They work by monitoring network traffic for suspicious activity and blocking or flagging it as needed. IDPS solutions can be deployed on-premises or in the cloud. There are many different types of IDPS solutions available, ranging from simple network-based solutions to more sophisticated host-based ones. Make sure you choose a solution that is right for your environment and needs. Security information and event management Security information and event management (SIEM) solutions are designed to collect and analyze data from a variety of security	Data Breach Spam Malware Vulnerability Patching
	2022-10-20 16:00:00	Third-party application patching: Everything you need to know for your business (lien direct)	>Categories: BusinessIn this post, we cover the importance of third-party application patching and the challenges it can solve for your organization. (Read more...)	Patching
	2022-10-13 20:48:10	October 2022 Patch Tuesday: 13 Critical CVEs, One Actively Exploited Bug, ProxyNotShell Still Unpatched (lien direct)	Microsoft has released 84 security patches for its October 2022 Patch Tuesday rollout. Of these, 13 vulnerabilities are rated Critical, while the remaining 71 are rated Important. It should be noted that this month's patching update does not include patches for ProxyNotShell, despite the active exploitation of two related vulnerabilities; CrowdStrike offers recommendations on mitigation […]	Patching
	2022-10-06 08:11:34	Canonical lance Ubuntu Pro pour accroître la protection et la sécurité de l\'Open Source (lien direct)	Canonical lance Ubuntu Pro pour accroître la protection et la sécurité de l'Open Source. La nouvelle offre de maintenance de sécurité en bêta de Canonical couvre la correction et le patching des CVE pour tous les paquets d'Ubuntu ainsi que pour une grande variété d'applications et d'outils Open Source. - Produits	Patching
	2022-09-29 23:56:38	Aunalytics Launches Security Patching Platform as a Service (lien direct)	Expedited software patching and updating recognized as one of the most important processes to protect against system compromise from cyberattacks.	Patching
	2022-09-22 14:21:04	Joint CyberSecurity Alert (AA22-264A) Iranian Threat Actors Targeting Albania (lien direct)	The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) today released a joint Cybersecurity Advisory that highlights recent campaigns targeting the Government of Albania in July and September of this year.Attacks have been attributed to threat actors named "HomeLand Justice" and their modus operandi appears to be disruption (rendering services offline) and destruction (wiping of disk drives and ransomware style encryption). It was observed that the threat actors also maintained persistence for over a year before these attacks were carried out. Other observed attacks were the exfiltration of data such as email, credentials and lateral movement. The attacks have been attributed to the government of Iran.What are the Technical Details of this Attack?Per the Joint Advisory, the threat actors used CVE-2019-0604, which is a vulnerability in Microsoft SharePoint (public facing) to obtain initial access. The threat actor used several webshells to establish and maintain persistence. Persistence and lateral movement were then established after compromise for several months before campaign activity began.Other observations were the usage of Remote Desktop Protocol (RDP), Server Message Block (SMB) and File Transfer Protocol (FTP) to maintain access. Once this was established, the attackers then moved on and compromised the targets Microsoft Exchange servers (further details are unknown) to create a rogue Exchange account to allow for further privilege escalation via the addition of an Organization Management role. Exfiltration and compromise of the Exchange server occurred over 6-8 months where roughly 20GB of data was exfiltrated. The attackers also leveraged VPN access, using compromised accounts, where Advanced port scanner, Mimikatz and LSASS tools were used. To cap off the campaign, the threat actors finally used a file cryptor via the victim's print server via RDP which would then propagate the file cryptor internally. This targeted specific file extensions, and after encryption, leaving a note behind. Furthering damage and adding insult to injury, hours after encryption took place, the threat actor will kick off another final devastating attack. The wiping of targeted disk drives.Is this Attack Widespread?No. Attacks are targeted and limited in scope.Any Suggested Mitigation?Due to the complexity and sophistication of the attack, FortiGuard Labs recommends that all AV and IPS signatures, (including but not limited to) the update and patching of all known vulnerabilities within an environment are addressed as soon as possible. Also, providing awareness and situational training for personnel to identify potential social engineering attacks via spearphishing, SMShing, and other social engineering attacks that could allow an adversary to establish initial access into a targeted environment is recommended.What is the Status of Coverage?For publically available samples, customers running the latest AV definitions are protected by the following signatures:BAT/BATRUNGOXML.VSNW0CI22!trW32/Filecoder.OLZ!tr.ransomW32/GenCBL.BUN!trW32/PossibleThreatRiskware/Disabler.B	Ransomware Vulnerability Threat Patching
	2022-09-15 19:00:00	Popular IoT Cameras Need Patching to Fend Off Catastrophic Attacks (lien direct)	Several models of EZVIZ cameras are open to total remote control by cyberattackers, and image exfiltration and decryption.	Patching
	2022-09-12 14:30:00	6 patch management best practices for businesses (lien direct)	>Categories: BusinessPatching is a thorn in the side of many businesses today: Everything from keeping up with the volume of patches to prioritizing what needs to be patched first can cause major delays in a business's patching process. In this post, we'll give you six patch management best practices for businesses. (Read more...)	Patching
	2022-09-09 13:33:13	Responsible Disclosure for Cryptocurrency Security (lien direct)	Stewart Baker discusses why the industry-norm responsible disclosure for software vulnerabilities fails for cryptocurrency software. Why can't the cryptocurrency industry solve the problem the way the software and hardware industries do, by patching and updating security as flaws are found? Two reasons: First, many customers don't have an ongoing relationship with the hardware and software providers that protect their funds—nor do they have an incentive to update security on a regular basis. Turning to a new security provider or using updated software creates risks; leaving everything the way it was feels safer. So users won't be rushing to pay for and install new security patches...	Patching

Last update at: 2024-05-09 12:08:02
See our sources.

To see everything: Our RSS (filtrered)