You are here

Home » Cybersecurity

Cybersecurity

Apple Releases Security Updates to Fix Multiple Zero-Days, but be Wary of Overhyping

Prior to this publishing, you may already be aware of the recent Apple security updates released to patch against exploits being attributed to the NSO Group’s Pegasus spyware. According to CitizenLab, the exploit, dubbed FORCEDENTRY has been leveraged since at least February 2021 and is tracked as CVE-2021-30860. CitizenLab describes FORCEDENTRY as a zero-day, zero-click exploit against iMessage that could lead to arbitrary code execution by processing a maliciously crafted PDF. Reuters states it more plainly as, the vulnerability lies in how iMessage automatically renders images.

Who Needs New Exploits when you have 500,000 Fortinet VPN Account Credentials Leaked on the Dark Web

Attention: If your utility uses Fortinet FortiOS SSL VPNs, you are encouraged to review this activity and address accordingly, especially if you haven’t applied security updates since 2018. WaterISAC has previously advised members of active exploitation of the vulnerability referenced in this post (CVE-2018-13379) and urged members to address older patches for Fortinet devices – see (Fortinet

Ransomware Reprise? – REvil Ransomware Group Reemerges

The ransomware group REvil has just reappeared after going offline shortly after its attack on Kaseya over the July 4th weekend. REvil is responsible for some of the most disruptive ransomware attacks. For example, in June, REvil targeted Brazil’s JBS SA, one of the world’s largest meat suppliers. In July, REvil exploited a zero-day vulnerability in the Kaseya VSA remote management software to encrypt approximately 60 managed service providers (MSPs) and more than 1,500 of its clients. Shortly after these high-profile attacks, REvil’s online infrastructure went dark for no apparent reason.

Vulnerability Management – Exploitation of Zero-day Vulnerability in Microsoft MSHTML Leveraging Office Documents

Attention: Given widespread use of Microsoft Windows and Office applications that potentially use this component, system administrators are encouraged to review available advisories for CVE-2021-40444 and address accordingly for impacted systems within their environment. CISA has posted a current activity report, Microsoft Releases Mitigations and Workarounds for CVE-2021-40444

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - September 7, 2021

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

Alerts, Updates, and Bulletins:

Cyber Resilience – Insureds, Know Thy Exclusions

The cyber insurance industry has definitely matured in recent years, but it’s far from being all grown-up (aren’t we all). However, a recent observation by critical infrastructure security industry veteran and evangelist Dale Peterson points out some attempted adjustments by insurers in response to increased claims, including raising rates (varying between 11% and 40%) and building in more exclusions. Two notable exclusions that would result in a claims denial noted by Dale, the presence or vulnerability of: (vulnerable versions of) SolarWinds Orion and Microsoft Exchange.

Ransomware Want Ads

Cybersecurity firm KELA posted a report based on recent observations of ransomware discussions in dark web forums on what ransomware groups/actors are looking for in the ideal target. According to the report, approximately 40% of listings were created by players in the Ransomware-as-a-Service (RaaS) space. Here’s the quick list of desirables that some ransomware operators are willing to pay on average up to $100,000 for valuable initial access services:

CISA Insights on Risk Considerations for Managed Service Provider Customers

The Cybersecurity and Infrastructure Security Agency (CISA) released a new Insights, Risk Considerations for Managed Service Provider Customers (MSPs), which provides a framework that government and private sector organizations (to include small and medium-sized businesses) outsourcing some level of IT support to MSPs can use to better mitigate against third-party risk. As CISA notes, IT managed services can provide cost benefits and operational efficiencies to many organizations. However, managing these services can be complex, costly, and time-consuming.

Pages

Subscribe to Cybersecurity