You are here

Home » Cybersecurity

Cybersecurity

Discourse’s Remote Code Execution (RCE) Vulnerability Should be Patched Immediately

A critical Discourse remote code execution (RCE) vulnerability, tracked as CVE-2021-41163, was remedied after the developer released a security update last week. The vulnerability can be exploited in Discourse versions 2.7.8 and earlier and thus users are urged to update to patched versions 2.7.9 or later. Discourse is an open-source platform for community discussion. In unpatched versions of Discourse, maliciously crafted requests can lead to remote code executions because of a lack of validation in “subscribe_url” values.

FBI FLASH: Indicators of Compromise Associated with the Ranzy Locker Ransomware

The FBI has published a TLP:WHITE FLASH providing indicators of compromise associated with the Ranzy Locker ransomware. The FLASH indicates that Ranzy Locker ransomware, which was first detected in late 2020, has targeted more than 30 U.S. organizations, including critical infrastructure entities. Past incidents indicate the threat actors conducted brute force attacks targeting Remote Desktop Protocol (RDP) credentials to gain access to the victims’ networks. The actors also utilized Microsoft Exchange Server vulnerabilities and phishing to compromise a victim’s network.

(Updated October 21, 2021) Insider Threat – Former Employee Indicted for Unauthorized Computer Access with Intent to Harm a Kansas Public Water District

Update - October 21, 2021

More details have been revealed about the former employee of the Post Rock Rural Water District (a.k.a., Ellsworth County Rural Water District No. 1) in Kansas who was indicted for unauthorized computer access with intent to harm, including an updated plea to guilty.

Microsoft Releases Two New Defensive Tools for Microsoft 365

Microsoft’s 365 software package is one of the most widely used products in the world but also one of the most targeted vectors where data breaches and cyberattacks occur. To protect data privacy and against data breaches, Microsoft released a Privacy Management tool. The privacy package continuously locates where personal data is stored on an enterprise network, maps it, and provides an aggregated view of an entity’s privacy posture.

Cybersecurity and the Supply Chain

Although most people are aware of the major Solar Winds attack that compromised many organizations through its supply chain, lower-scale, less sophisticated supply chains are also increasingly being exploited, specifically in the developer or mobile environments. Indeed, many entities are being compromised not because of poor enterprise security, but because of unsecured connections in their supply chains.

Security Awareness – Phishing Campaign Leverages DocuSign to Fool Low-Ranking Employees

Amidst increasing awareness of phishing attacks, one phishing campaign is using the DocuSign software to target lower ranking employees and trick them into providing login credential to scammers. In this campaign, victims receive an email impersonating someone in their organization asking them to “sign” a document by clicking on the attachment and entering their credentials. These emails are created to appear legitimate, but real DocuSign emails never ask users to enter password instead asking them to enter an authentication code emailed to them separately.

Security Awareness – Vishing Campaign Impersonates Microsoft in Attempt to gain Remote Access

As if phishing emails weren’t enough, a new vishing campaign involves threat actors posing as Microsoft employees to trick victims into granting remote access to their devices. Vishing is a variation of phishing where the attackers speak with a victim over the phone. This vishing campaign was identified by the security firm Armorblox.

Joint Cybersecurity Advisory on BlackMatter Ransomware

The Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the National Security Agency (NSA) released a joint cybersecurity advisory underscoring the persisting threat from the BlackMatter Ransomware group. The advisory includes tactics, techniques, and procedures (TTPs) associated with BlackMatter activity which could help organizations defend against this threat group. BlackMatter was first detected in July 2021 and has since targeted multiple critical infrastructure entities.

Pages

Subscribe to Cybersecurity