August 2021 - Page 3 of 6 - Cyber Security Minute

Third-Party Patches Available for More PetitPotam Attack Vectors

Issued by: Security Week

Disclosed in late July, PetitPotam is a remote code execution vulnerability (CVE-2021-36942) that abuses the Encrypting File System Remote (MS-EFSRPC) protocol. An attacker exploiting the bug could get a targeted server to connect to an attacker-controlled server and perform NTLM authentication. The attacker could then use other exploits to take complete control of a Windows…

Vulnerabilities

High-Severity DoS Vulnerability Patched in BIND DNS Software

Issued by: Security Week

The flaw, tracked as CVE-2021-25218, affects BIND versions 9.16.19, 9.17.16, and 9.16.19-S1. Patches are included in versions 9.16.20, 9.17.17 and 9.16.20-S1. Workarounds are also available. It’s worth noting that while the existence of the vulnerability was made public on August 18, customers received a notification one week in advance. The vulnerability can be exploited remotely…

Network Security

Prepare for Your Next Cybersecurity Compliance Audit with CIS Resources

Issued by: CSO

Reading a list of cybersecurity compliance frameworks is like looking at alphabet soup: NIST CSF, PCI DSS, HIPAA, FISMA, GDPR…the list goes on. It’s easy to be overwhelmed, and not only because of the acronyms. Many frameworks do not tell you where to start or exactly how to become compliant. Cybersecurity best practices from the…

Malware & Threats

Critical Infrastructure Attack Trends: What Business Leaders Should Know

Issued by: Security Intelligence

Amateur threat actors have been able to compromise critical infrastructure like industrial control systems (ICS) and other operational technology (OT) assets more often lately. Compromises of exposed OT assets rose over the past 18 months, according to threat researchers at Mandiant, with attackers using readily-available tools and common techniques to gain access to the systems. Attackers…

Mobile Security

Beware of COVID Pass scams

Issued by: Blog Malwarebytes

You’ve likely seen fake parcel delivery texts in the news recently, and we’ve covered a few of these ourselves. SMS missives claim a package is waiting to be delivered, and a small processing fee is required. There is no package; it’s a ruse to have people hand over their credit card details. It’s been wildly…

Vulnerabilities

BadAlloc Flaw Impacts Many Systems Running BlackBerry’s QNX Embedded OS

Issued by: Security Week

Publicly disclosed in April, BadAlloc is a collection of 25 vulnerabilities impacting many Internet of Things (IoT) and operational technology (OT) devices. The flaws can allow malicious attackers to gain control of highly sensitive systems. The issue affects C standard library (libc) implementations, real-time operating systems (RTOS), and embedded software development kits (SDKs), and could…

Software Security

ICS Vendors Assess Impact of INFRA:HALT Vulnerabilities

Issued by: Security Week

Forescout Research Labs and JFrog Security Research found a total of 14 vulnerabilities in NicheStack, a TCP/IP stack used by many operational technology (OT) vendors. The flaws, a majority of which have been assigned critical and high severity ratings, can be exploited for remote code execution, denial of service (DoS) attacks, obtaining information, TCP spoofing,…

Mobile Security

How to Avoid Smishing Attacks Targeting Subscription Service Users

Issued by: Security Intelligence

If you’re anything like me, you used delivery more during the pandemic than before. Both getting food brought to my door and meal kit boxes mean people don’t have to mask up and go out to the grocery store. But threat actors know that, too. Recent scams take advantage of people signing up for more…

Vulnerabilities

Devices From Many Vendors Can Be Hacked Remotely Due to Flaws in Realtek SDK

Issued by: Security Week

Firmware security company IoT Inspector said its researchers have identified more than a dozen vulnerabilities in SDKs provided by Realtek to companies that use its RTL8xxx chips. The security flaws can be exploited to cause a denial of service (DoS) condition and for command injection, and some of them can be leveraged by remote attackers…

Malware & Threats

Colonial Pipeline Confirms Personal Information Impacted in Ransomware Attack

Issued by: Security Week

The attack, which took place in May 2021, involved the Darkside ransomware and resulted in the Georgia-based company temporarily shutting down operations and paying $5 million to the attackers to recover stolen information. Most of the money was recovered, the US announced in June. In a notification letter sent to the Maine Attorney General’s Office,…