Category Archives: Cybersecurity
Vulnerability in Cisco Small Business Switches
Nothing new with these Cisco Small Business Switches. A researcher, Jasper Adriaanse has identified several vulnerabilities, including ones that have been rated high severity, in Cisco’s Small Business 220 series smart switches.
These vulnerabilities were discovered to impact switches that run firmware versions earlier than 1.2.0.6 and have the web-based management interface enabled which the interface is enabled by default. In an advisory released a few days ago, Cisco said Jasper Adriaanse found a few types of security holes in the small business switches.
One of them, tracked as CVE-2021-1542 and rated high severity, can be exploited by a remote, unauthenticated attacker to hijack a user’s session and gain access to the switch’s web interface. Depending on the privileges of the targeted user, the attacker could gain admin-level access to the management interface.
Another high-severity issue is CVE-2021-1541, which allows a remote attacker with admin permissions on the … Read the rest
Ransomware Risk Management
The National institute of Standards and Technology (NIST) has released a new document called: cybersecurity framework profile for ransomware risk management. The document contains detailed steps that you can take to reduce the risk of infection and it has was to prevent ransomware attacks.
They outline these basics
NIST has provided the basic and best approach to preventing, mitigating and protecting critical data against ransomware events and they recommend the following:
- Use Antivirus Software to scan your system, emails and flash drives.
- Keep Systems up to date and all software fully patched.
- Use a services or products that blocks access to ransomware sites.
- Put a policy in place that only allows authorized apps to be used in computers.
- Restrict personal devices to internal network access resources.
- Do not provide users with local administrative privileges.
- Block use of personal apps on work computer for example: email, chat, social media.
- Provide
Phishing Attacks Growing At Rapid Pace
What’s going on?
- The frequency of phishing attacks is different for each industry and is based on the targeted firm’s size. Healthcare and manufacturing sectors are the most targeted by phishing scams.
- Social media are also lucrative targets, with social messaging apps being the main target. Accounts with single sign-on accounted for 40% of all phishing attacks.
- There are many different types of phishing attacks
SSL VPN Attacks Up Nearly 2000%
A recent report published by Nuspire outlined what activity cyber criminals have been up to. SSL VPN attacks have gone up nearly 2000%.
Increase in VPN attacks
In Q1 2021, there was a 1,916% increase in attacks against Fortinet’s SSL-VPN and a 1,527% increase in Pulse Connect Secure VPN. These vulnerabilities allow a threat actor to gain access to a network. Once they are in, they can exfiltrate information and deploy ransomware.
“2020 was the era of remote work and as the workforce adjusted, information technology professionals scrambled to support this level of remote activity by enabling a wide variety of remote connectivity methods,” said J.R. Cunningham, CSO at Nuspire. “This added multiple new attack vectors that enabled threat actors to prey on organizations, which is what we started to see in Q1 and are continuing to see today.”
Because of the significant increase in VPN and RDP … Read the rest
54% of all employees reuse passwords on multiple accounts
Yubico released the results of a study into current attitudes and adaptability to at-home corporate cybersecurity, employee training, and support in the current global hybrid working era. The report surveyed 3,006 employees, business owners, and C-suite executives at large organizations (250+ employees), who have worked from home and use work issued devices in the UK, France and Germany.
Data shows that since the start of the pandemic employees have been engaging in poor cybersecurity practices on work-issued devices, with business owners and C-level executives proving to be the worst culprits. At the same time, enterprises are falling short on cybersecurity best practices that need to be implemented for out-of-office environments.
Less than a quarter of respondents admit to even implementing 2FA since the start of the pandemic and even then, many are using less secure and less user-friendly forms of 2FA like mobile authentication apps and SMS one-time passcodes.
Polkit vulnerability provides local privilege escalation bypass
Many of the Linux distros are vulnerable to the Polkit exploit. This vulnerability provides a local privilege escalation bypass. A hacker can easily obtain root access with this vulnerability.
The vulnerability was recently discovered by GitHub Security Lab security researcher Kevin Backhouse. The vulnerability CVE-2021-3560 was publicly disclosed, and a fix was released on June 3, 2021. Make sure to update your Linux servers if you haven’t done so already.
A few of the vulnerable distros shared by Backhouse includes distros such as RHEL 8, Fedora 21 (or later), Ubuntu 20.04 and Debian.
“When a requesting process disconnects from dbus-daemon just before the call to polkit_system_bus_name_get_creds_sync starts, the process cannot get a unique uid and pid of the process and it cannot verify the privileges of the requesting process,” Red Hat’s security advisory explains.
The few commands which allow this exploit to work is nothing complex.
This vulnerability … Read the rest
6 In The Wild Exploits Resolved With Windows Patch Tuesday
This Tuesday Microsoft Windows Patch Tuesday has deployed a sum of 50 patches which also included critical patches to mitigate 6 vulnerabilities that are being used in the wild to run exploits on systems. Elevation vulnerability’s are no joke because hackers can log into your system as an administrator and push wide spread ransomware. I am glad they have fewer vectors for deployments.
Vulnerabilities Exploited in the Wild
Although Microsoft fixed a total of seven zero-day vulnerabilities. One was CVE-2021-31968, Windows Remote Desktop Services Denial of Service Vulnerability that was publicly disclosed but hasn’t been seen in attacks. It was issued a CVSS score of 7.5. The following below are the vulnerabilities that were recently patched.
- CVE-2021-31955 – Windows Kernel Information Disclosure Vulnerability. Rating: Important. CVSS 5.5
- CVE-2021-31956 – Windows NTFS Elevation of Privilege Vulnerability. Rating: Important. CVSS 7.8
- CVE-2021-33739 – Microsoft DWM Core Library Elevation of Privilege Vulnerability.
Fraud Awareness: What Does Fraud Look Like?
Fraud happens every day and you and your employees may not even know that you have been defrauded out of your information or money. Cyber Fraud is real and you must be vigilant.
Identifying when someone is trying to defraud you or your organization is a vital part of the day-to-day responsibilities of your employees. Here are a few red flags that might indicate a fraud attempt:
Large orders:
- When a fraudster uses stolen payment methods, they will attempt to maximize spending in a single transaction before the victim realizes their information has been stolen.
Multiple transactions in a short period of time:
- This could be a sign that someone gained unauthorized access to a customer’s account or that someone is attempting to max out a stolen credit card.
Fast shipping:
- Most consumers choose affordable shipping options. Beware of overnight or priority shipments, especially those that involve high-priced orders.
Unusual
… Read the rest
Staying Safe In The Cloud
I’m sure by now your company has you working with some cloud applications like Microsoft 365, Google Docs, Dropbox and Salesforce just to name a few. You need to be vigilant because hackers can use tactics to trick you into fake landing portals.
Did you know that Nearly 80% of organizations have experienced a cloud security hack in the past 18 months? Did you know $4.41 million is the average cost for an organization when its cloud services are hacked? Also, cloud-based cyberattacks rose 630% in a recent 3-month period. Obviously cybercrime is on the rise and hackers find creative ways into tricking you.
There is no such thing as a completely safe cloud provider and the way you go about using the cloud can have a significant impact for your organization. In these four scenarios, we will explore the security risks and tips associated with each.
… Read the rest
Scenario 1
Your
Have You Heard Of Text Message Scams Called Smishing?
Have you ever received unsolicited mobile text messages with an unfamiliar or strange web link? Well this is a trick to target recipients into clicking a link and sending the attacker private information or downloading malicious programs to a smartphone.
Fewer people are aware of the dangers of clicking links in text messages and they happen to be more trusting of text messages, so smishing is often a lucrative endeavor for obtaining credentials, banking information and private data.
Smishing is a form of phishing that involves text messaging. Victims will typically receive a deceptive text message that is intended to lure you into providing your personal or financial information. These scammers often attempt to disguise themselves as a government agency, bank, or other high ranking companies.
These criminals are looking to obtain your personally identifiable information (PII) such as: account usernames and passwords, Social Security number, date of birth, credit … Read the rest
Loading ...