Category Archives: Cybersecurity
Your Cyber Defenses Can Always Be Better
Protect your organization from cyber threats with NIST’s Cybersecurity Framework. This customizable tool helps improve your security posture.
In today’s digital age, cybersecurity is more important than ever. The rise of the internet and the increasing reliance on technology has led to a greater need for effective cybersecurity measures. Unfortunately, cyber threats are constantly evolving, making it difficult for businesses and organizations to keep up. This is where the National Institute of Standards and Technology (NIST) comes in. NIST provides a framework that can help businesses and organizations improve their cyber defenses.
What is NIST?
NIST is a non-regulatory agency of the United States Department of Commerce. Its mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology. One of NIST’s key functions is to develop and promote cybersecurity standards and best practices. NIST is a leader in cybersecurity research and development, and its … Read the rest
5 Critical VMware ESXi Vulnerabilities
It has been alerted; five security vulnerabilities could lead to major potential issues for VMware ESXi customers. This includes command execution and DoS. VMware has issued a critical security update to patch its ESXi customers. Exploitation of these vulnerabilities could give hackers access to virtual machine environments.
VMware suggested that patching ESXi servers immediately is your best option, but you could also remove USB controllers from your VMs as a workaround. However, regarding to this advisory “that may be infeasible at scale and does not eliminate the potential threat like patching does.”
Noted Vulnerabilities
- CVE-2021-22040: Use-after-free vulnerability in XHCI USB controller (CVSS 8.4)
- CVE-2021-22041: Double-fetch vulnerability in UHCI USB controller (CVSS 8.4)
- CVE-2021-22042: ESXi ‘settingsd’ unauthorized access vulnerability (CVSS 8.2)
- CVE-2021-22043: ‘ESXi settingsd’ TOCTOU vulnerability (CVSS 8.2)
- CVE-2021-22050: ESXi slow HTTP POST denial of service vulnerability (CVSS 5.3)
VMware has said that there haven’t seen any attacks in the … Read the rest
Hackers Exploiting Cisco RV VPN Routers
Security researchers have found critical vulnerabilities in Cisco Small Business RV VPN routers. The bugs could allow attackers to take control of the router with root privileges, get access to customer data, and conduct DDOS attacks.
Why are they even still used? Well, the RV series of VPN appliances is affordable and functional. They can easily connect remote workers to a company network with no hassle. Each appliance has a built-in firewall, VPN, encryption, and authentication features.
Cisco disclosed 15 vulnerabilities affecting their RV product line this week. Some of the bugs can be exploited alone, but others can be chained together to lead to a variety of bad outcomes. These issues remain unpatched at the time of writing.
According to Cisco, the bugs affect products that the company makes. Cisco’s advisory said: “An attacker could exploit these vulnerabilities by sending malicious packets to the affected systems.”
- Execute arbitrary
Windows Update deploying malware powered by GitHub C2 Server
According to a report from Malwarebytes on Thursday, North Korean cyber-espionage group’s latest attack was found to be very similar to other attacks from the group. Malwarebytes analysts have discovered that the APT group has been using a new technique that involves spear phishing to steal user data and cryptocurrency.
The focus of the phishing campaign is consistent with the APT group’s style – they impersonate big, global brands. In this case, they pretended to be a huge military and defense company.
Korean hackers are rampaging. They are one of the most active cyber-attackers in the world. The US considers them to be a huge threat. They have been caught red handed attacking companies and stealing secrets for years. Their leader is Lazarus, who has been active since at least 2009. This group is responsible for many cyber attacks, including the WannaCry ransomware attack that has been in the news.… Read the rest
Android Malware steals your money, then wipes your phone
For years, malware has been an issue for computers. While there are different levels of severity, it is extremely dangerous when targeting your smartphone.
Apple’s closed ecosystem is incredibly protective. It has few checks and balances. As a result, it’s very difficult for hackers to infiltrate Apple products and leave malware behind. Unfortunately, Android is the opposite. Its open nature makes it easy for hackers to infiltrate, leaving Android users vulnerable to malicious code.
A new version of a virus has been discovered. Read on to find out how a Brazillian malware became a powerful threat.
Here’s the back story
A Remote Access Trojan (RAT) known as BRATA has been around since 2019. At the time, it was used as spyware and exclusively targeted Android users in Brazil. It was able to capture a victim’s screen in real-time.
In early 2016, a malware called BRATA spread online. It masqueraded as … Read the rest
New UEFI Bootkit called MoonBounce
Researchers have discovered a sophisticated new type of malware that targets UEFI and its called MoonBounce. The Bootkit or also known as rootkit malware is suspected to be associated with (advanced persistent threat 41). APT41 is a group of hackers who have been robbing businesses for many years.
Researchers at Kaspersky Labs discovered a new type of malware. This is the third known type that infects UEFI firmware. The first two types were FinFisher and ESPecter.
- The malware is injected into the SPI flash part of the motherboard, signifying that it cannot be removed even after hard disk replacement.
- The injection is stored in the CORE_DXE component, which is called during the early boot sequence of UEFI.
- Once the MoonBounce rootkit malware makes its way inside the OS, it may reach out to a server to obtain further payloads.
- Additionally, the infection chain does not leave any evidence and works
Benefits Of Lean Six Sigma In The IT Sector
This article I am recognizing the many benefits of Lean Six Sigma in the IT sector. I believe that Lean Six Sigma can help IT professionals with their company’s growth, if they have a sincere mindset.
Many IT organizations are under pressure to improve their service and process capability. In the quest for improvement methodologies, these businesses often adopt a “pick one” strategy. However, it is possible to integrate Lean and Six Sigma and reap the full benefits that these methodologies can bring to the table.
For businesses to be successful, they must work hard to go above and beyond. Lean Six Sigma is a rigorous method of eliminating defects in any process. It is a data-driven approach and methodology for ensuring near perfection. This approach must not produce more than 3.4 defective results per million opportunities. In order to achieve lean six sigma quality, businesses must focus on improving … Read the rest
SSRF Vulnerability In VMware Authentication
Researchers have found that VMware has a server-side request forgery (SSRF) vulnerability could allow an attacker to obtain administrative JSON Web Tokens (JWT) in versions of the VMware authentication software.
This serious security vulnerability was found in a popular service called VMware Workspace ONE Access. It’s used to provide multi-factor authentication, conditional access, and single sign-on to web and mobile apps. The vulnerability could enable malicious actors to read the full response of HTTP requests. This vulnerability is tracked as CVE-2021-22056. It has a severity score of 5.5, or ‘moderate’.
Security researchers Shubham Shah and Keiran Sampson discovered the bug that could lead to the leaking of JWTs. This would give malicious actors full access to vulnerable systems. JWTs are strings that act as a way to identify users. They contain JSON-encoded data, making them convenient for embedding information. They are typically used as session identifiers for mobile and web … Read the rest
This Year You Should Expect Stronger Cyber Security Regulations
The government is cracking down on cyber security. According to The Wall Street Journal, and companies are expected to comply with the more stringent cyber security regulations.
In early 2021, a SolarWinds and Microsoft hack occurred. They have been linked to Russia and China, respectively. President Joe Biden has issued a presidential executive order that mandates cyber attack reporting in some critical infrastructure sectors. The confirmation of a new National Cyber Director has also occurred. He is Chris Inglis and will oversee the cybersecurity efforts of the U.S. government.
Later in 2021, Kaseya and JBS SA were hit by ransomware. This is a big deal for critical infrastructure companies, because more regulation will likely follow. According to Sidley Austin LLP Partner Sujit Raman: “I think we’re going to see more regulations, because the government is going to have to step in and say, ‘Look, this is a national security … Read the rest
Microsoft Warns Log4j Flaw Attacks Remain High
Microsoft has warned that Windows and Azure customers should be on high alert after spotting state-sponsored and cyber-criminal hackers probing systems for a flaw in the Log4j. Microsoft says it spotted attackers using the Log4j flaw through December.
The Apache open source project disclosed on December 9 and will likely take a long time to fix the Log4j flaw. The problem is widespread because the open source project is used in many applications and services.
Microsoft says that this problem is not just in your organization; it’s everywhere. The company has released updates to its security software to help you identify the vulnerability and protect yourself from attackers.
… Read the rest“Exploitation attempts and testing have remained high during the last weeks of December. We have observed many existing attackers adding exploits of these vulnerabilities in their existing malware kits and tactics, from coin miners to hands-on-keyboard attacks,” the Microsoft 365 Defender Threat
Loading ...