September 2023 - Page 4 of 4 - Cyber Security Minute

The Defense Window is Closing: Why Declining Dwell Times Is Concerning

Issued by: CSO Online

While ransomware still dominates the threat landscape, recent Sophos research finds attacker dwell time decreased in 2022, from 15 to 10 days, for all attack types. For ransomware cases, the dwell time decreased from 11 to 9 days, while the decrease was even greater for non-ransomware attacks. The dwell time for the latter declined from…

Mobile Security

Google addressed an actively exploited zero-day in Android

Issued by: Security Affairs

Google released September 2023 Android security updates that address tens of vulnerabilities, including a zero-day flaw tracked as CVE-2023-35674 that was actively exploited in the wild. This high-severity vulnerability CVE-2023-35674 resides in the Framework component, a threat actor could exploit the issue to escalate privileges without requiring user interaction or additional execution privileges. “There are…

Malware & Threats

MITRE and CISA Release Open Source Tool for OT Attack Emulation

Issued by: SecurityWeek

The new Caldera for OT extension is the result of a collaboration between the Homeland Security Systems Engineering and Development Institute (HSSEDI) and CISA, to help improve the resilience of critical infrastructure. The Caldera cybersecurity platform provides automated adversary emulation, security assessments, and red-, blue-, and purple-teaming, and uses the MITRE ATT&CK framework as its…

Vulnerabilities

Exploit Code Published for Critical-Severity VMware Security Defect

Issued by: SecurityWeek

In an updated advisory, the virtualization technology giant confirmed the public release of exploit code that provides a roadmap for hackers to bypass SSH authentication and gain access to the Aria Operations for Networks command line interface. The exploit code and root-cause analysis, released by SinSinology researcher Sina Kheirkhah, documents the problem as a case…