Take action on the latest cybersecurity events

Cybersecurity advisories and events as they happen, with a clear action you can take.

published: Aug. 14, 2023
In the week of August 7th-14th, 2023 security teams have 14 advisory/vulnerability actions to address and 23 data breach incidents to learn from. Amidst this mess, 42,255,138 individuals were caught in the data breach crossfire, with the UK Electoral Commission breach stealing the spotlight as the worst incident. Industries hit hardest were Healthcare and Government, while the battle against third party breaches and ransomware continued.
Ignoring security advisories and delaying patching can lead to hacker exploitation of unpatched vulnerabilities, as demonstrated by the Gafgyt botnet's exploitation of a five-year-old vulnerability in Zyxel routers, an ongoing exploit campaign targeting Magento 2 ecommerce sites, and exploiting of hundreds of thousands of unpatched Fortinet's Forti OS and FortiProxy systems.
published: Aug. 7, 2023
Between July 31, 2023, and August 7, 2023, there were 9 advisory/vulnerability events, 26 incident/data breach events, and 4 practical knowledge items shared, indicating a slight downward trend from the previous week with 3 fewer incidents and 2 fewer critical vulnerabilities.
About a decade ago, a major bank employee accidentally sent an NSFW image to the entire company due to an auto-fill typo; while the situation was managed, the recurring issue of typos is a major cybersecurity blunder. The latest one is emails intended for the US military misdirected to Mali due to a consistent .MIL to .ML typo. Despite warnings, the problem persists, even with measures in place to intercept these emails, signaling the need for a combined awareness/tech approach.
Veritas is VERY belatedly addressing multiple long-standing vulnerabilities, including seven years old critical CVE-2016-0799, in their IT Analytics product data collection process. Veritas is issuing an Advisory and releasing a patch that involves deleting the vulnerable binaries and stopping data colection. So much confusion, it deserves a rant.
A great example of varying interests and perspectives in scoring a vulnerability severity. Cybersecurity research firm CyFox reported a supposed critical DLL hijacking vulnerability in Stremio 4.4, a popular software platform for streaming movies and TV shows. Stremio, however, disputes the severity of the vulnerability, claiming it's more of a general Windows issue. Both parties have different perspectives on the risk. The actual risk to users is present, but not critical, and requires prior compromise of the Windows device. Stremio can implement best practices to mitigate the risk.
The traditional practice of air-gapping industrial control systems (ICS) for security has faced a new challenge. Researchers from Kaspersky ICS-CERT have discovered a sophisticated second-stage malware that can bypass air-gapped defenses. The attackers gain initial access through known vulnerabilities and then deploy malware on removable storage drives to exfiltrate sensitive data from the isolated ICS networks, showcasing their advanced tactics and patient approach to achieve their malicious goals.
Cybersecurity researchers have discovered that the AWS Systems Manager Agent (SSM Agent), a legitimate tool used by AWS administrators, can be exploited as a remote access trojan (RAT) in both Windows and Linux environments. Attackers can abuse the SSM Agent to maintain access to compromised instances and perform malicious activities. Mitigation techniques include securing endpoints, removing SSM binaries from antivirus allow lists, and using VPC endpoints for Systems Manager to ensure secure and private communication between EC2 instances and the Systems Manager service.
published: July 31, 2023
The cyber awareness summary for the week between July 24, 2023, and July 31, 2023, includes 11 advisory/vulnerability events, 29 incident/data breach events, and the importance of patching critical vulnerabilities in various systems to protect against cyberattacks.
A critical security vulnerability in MS Office is used by hackers to execute remote code on targeted systems through a phishing campaign involving a malicious Word document. There is no official patch, only a workaround. So it's time for a little bit of awareness and education.