Some sectors have high confidence in their in-house cybersecurity expertise, while others prefer to enlist the support of an external provider to keep their systems and data secured
The post What are the cybersecurity concerns of SMBs by sector? appeared first on WeLiveSecurity
Webinar There's nothing like reading a report based on real world data to give IT teams an fresh sense of priority.β¦
The CEO of VoIP software provider 3CX has teased the imminent release of a security-focused upgrade to the companyβs progressive web application client.β¦
Bots like ChatGPT may not be able to pull off the next big Microsoft server worm or Colonial Pipeline ransomware super-infection but they may help criminal gangs and nation-state hackers develop some attacks against IT, according to Rob Joyce, director of the NSA's Cybersecurity Directorate.β¦
Malware reportedly developed by a little-known Israeli commercial spyware maker has been found on devices of journalists, politicians, and an NGO worker in multiple countries, say researchers.Β β¦
Microsoft today released software updates to plug 100 security holes in its Windows operating systems and other software, including a zero-day vulnerability that is already being used in active attacks. Not to be outdone, Apple has released a set of important updates addressing two zero-day vulnerabilities that are being used to attack iPhones, iPads and Macs.
On April 7, Apple issued emergency security updates to fix two weaknesses that are being actively exploited, including CVE-2023-28206, which can be exploited by apps to seize control over a device. CVE-2023-28205 can be used by a malicious or hacked website to install code.
Both vulnerabilities are addressed in iOS/iPadOS 16.4.1, iOS 15.7.5, and macOS 12.6.5 and 11.7.6. If you use Apple devices and you donβt have automatic updates enabled (they are on by default), you should probably take care of that soon as detailed instructions on how to attack CVE-2023-28206 are now public.
Microsoftβs bevy of 100 security updates released today include CVE-2023-28252, which is a weakness in Windows that Redmond says is under active attack. The vulnerability is in the Windows Common Log System File System (CLFS) driver, a core Windows component that was the source of attacks targeting a different zero-day vulnerability in February 2023.
βIf it seems familiar, thatβs because there was a similar 0-day patched in the same component just two months ago,β said Dustin Childs at the Trend Micro Zero Day Initiative. βTo me, that implies the original fix was insufficient and attackers have found a method to bypass that fix. As in February, there is no information about how widespread these attacks may be. This type of exploit is typically paired with a code execution bug to spread malware or ransomware.β
According to the security firm Qualys, this vulnerability has been leveraged by cyber criminals to deploy Nokoyawa ransomware.
βThis is a relatively new strain for which there is some open source intel to suggest that it is possibly related to Hive ransomware β one of the most notable ransomware families of 2021 and linked to breaches of over 300+ organizations in a matter of just a few months,β said Bharat Jogi, director of vulnerability and threat research at Qualys.
Jogi said while it is still unclear which exact threat actor is targeting CVE-2023-28252, targets have been observed in South and North America, regions across Asia and at organizations in the Middle East.
Satnam Narang at Tenable notes that CVE-2023-28252 is also the second CLFS zero-day disclosed to Microsoft by researchers from Mandiant and DBAPPSecurity (CVE-2022-37969), though it is unclear if both of these discoveries are related to the same attacker.
Seven of the 100 vulnerabilities Microsoft fixed today are rated βCritical,β meaning they can be used to install malicious code with no help from the user. Ninety of the flaws earned Redmondβs slightly less-dire βImportantβ label, which refers to weaknesses that can be used to undermine the security of the system but which may require some amount of user interaction.
Narang said Microsoft has rated nearly 90% of this monthβs vulnerabilities as βExploitation Less Likely,β while just 9.3% of flaws were rated as βExploitation More Likely.β Kevin Breen at Immersive Labs zeroed in on several notable flaws in that 9.3%, including CVE-2023-28231, a remote code execution vulnerability in a core Windows network process (DHCP) with a CVSS score of 8.8.
ββExploitation more likelyβ means itβs not being actively exploited but adversaries may look to try and weaponize this one,β Breen said. βMicorosft does note that successful exploitation requires an attacker to have already gained initial access to the network. This could be via social engineering, spear phishing attacks, or exploitation of other services.β
Breen also called attention to CVE-2023-28220 and CVE-2023-28219 β a pair of remote code execution vulnerabilities affecting Windows Remote Access Servers (RAS) that also earned Microsoftβs βexploitation more likelyβ label.
βAn attacker can exploit this vulnerability by sending a specially crafted connection request to a RAS server, which could lead to remote code execution,β Breen said. While not standard in all organizations, RAS servers typically have direct access from the Internet where most users and services are connected. This makes it extremely enticing for attackers as they donβt need to socially engineer their way into an organization. They can simply scan the internet for RAS servers and automate the exploitation of vulnerable devices.β
For more details on the updates released today, see the SANS Internet Storm Center roundup. If todayβs updates cause any stability or usability issues in Windows,Β AskWoody.comΒ will likely have the lowdown on that.
Please consider backing up your data and/or imaging your system before applying any updates. And feel free to sound off in the comments if you experience any problems as a result of these patches.
Microsoft patched 97 security flaws today for April's Patch Tuesday including one that has already been found and exploited by miscreants attempting to deploy Nokoyawa ransomware.β¦
A design flaw in Microsoft Azure β that shared key authorization is enabled by default when creating storage accounts β could give attackers full access to your environment, according to Orca Security researchers.β¦
In Brief More than 40 percent of surveyed IT security professionals say they've been told to keep network breaches under wraps despite laws and common decency requiring disclosure.β¦
Here's how to choose the right password vault for you and what exactly to consider when weighing your options
The post 10 things to look out for when buying a password manager appeared first on WeLiveSecurity
If you want to sneak malware onto people's Android devices via the official Google Play store, it may cost you about $20,000 to do so, Kaspersky suggests.β¦
The liquidators picking over the remains of FTX have released their first formal report into Sam Bankman-Fried's imploded empire β and it somehow appears things are worse than feared.β¦
Apple rolled out patches on Good Friday to its iOS, iPadOS, and macOS operating systems and the Safari web browser to address vulnerabilities found by Google and Amnesty International that were exploited in the wild.β¦
Owners of Dropcam security cameras and Nest Secure systems have been given an unwelcome deadline from Google: their smart home products will be shut off April 8 next year.β¦
Microsoft and Fortra are taking legal and technical actions to thwart cyber-criminals from using the latter company's Cobalt Strike software to distribute malware.β¦
Sponsored Feature Most economies and business sectors are dealing with extreme volatility and economic uncertainty. Even as the dislocation caused by the pandemic three years ago looked to be settling down, business leaders have had to contend with geopolitical concerns, rising interest rates, and surging inflation.β¦