July 2022 Patch Tuesday forecast: A summertime lull?
June 2022 Patch Tuesday wrapped up a few loose ends we were waiting on. The Follina remote code execution vulnerability in the Microsoft Windows Support Diagnostic Tool (MSDT) was fixed. Internet Explorer came to a quiet end in most versions of the Windows 10 operating system. And finally, the Phase 2 update for CVE-2021-26414, the…
Ransomware gang publishes stolen victim data on the public Internet
The Alphv (aka BlackCat) ransomware group is trying out a new tactic to push companies to pay for their post-breach silence: a clearnet (public Internet) website with sensitive data about the employees and customers stolen from a victim organization. Like some other ransomware gangs before them, they will also probably use the compromised information to…
Windows Updates Patch Actively Exploited ‘Follina’ Vulnerability
The Follina vulnerability can and has been exploited for remote code execution using specially crafted documents. The root cause of the vulnerability has been known for at least a couple of years, but Microsoft appears to have largely ignored the issue until a researcher saw it being exploited in May. The first attacks leveraging Follina…
Beware the ‘Secret Agent’ Cloud Middleware
RSA CONFERENCE 2022 – If cloud services weren’t complicated enough for the typical business today to properly configure and secure, there’s also a lesser-known layer of middleware that cloud providers run that can harbor hidden security flaws. Researchers from Wiz.io last week at RSA Conference in San Francisco unveiled an open source, cloud middleware database…
Emotet Banking Trojan Resurfaces, Skating Past Email Security
Malware botnet Emotet has resurfaced in a more advanced form after having been taken down by joint international task force in January 2021. A prolific threat throughout the pandemic, the Emotet malware began as a banking trojan in 2014, and its operators were one of the first criminal groups to provide malware-as-a-service (MaaS). While it…
Tapping Neurodiverse Candidates Can Address Cybersecurity Skills Shortage
At a time when there countless unfulfilled cybersecurity positions worldwide, too many companies overlook neurodiverse candidates in their hiring processes. This a huge mistake as people with autism, dyslexia, and other conditions often possess skills that are well suited for cybersecurity work. Those skills include the ability to concentrate, a capacity for recognizing anomalies, and…
Microsoft Flags Attack Targeting SQL Servers With Novel Approach
Microsoft Security Intelligence this week tweeted a warning about an attack campaign targeting SQL servers and using a new approach to evade PowerShell monitoring. Instead of PowerShell, these threat actors are using sqlps.exe, a utility that comes standard with every version of SQL and functions as a “wrapper for running SQL-built CMDlets, to run commands…
SecurityWeek to Host Threat Intelligence Summit Virtual Event on May 18th
The Threat Intelligence Summit is a virtual conference that allows attendees from around the world to immerse in a virtual world to explore and discuss the latest trends and insights on cyber threat intelligence (CTI). Sessions throughout the summit and expo will examine tools and technologies to help maximize the value of threat intelligence and…
Iranian Cyberspy Group Launching Ransomware Attacks Against US
Also referred to as APT35, Magic Hound, NewsBeef, Newscaster, Phosphorus, and TA453, the advanced persistent threat (APT) actor is known for the targeting of activists, government organizations, journalists, and various other entities. In November 2021, a joint advisory from government agencies in the US, UK, and Australia warned of Iranian state-sponsored attacks targeting critical infrastructure…
Microsoft Azure Vulnerability Allowed Code Execution, Data Theft
Tracked as CVE-20220-29972, the security hole was identified in the third-party Open Database Connectivity (ODBC) data connector used in Integration Runtime (IR) in the affected Azure services to connect to Amazon Redshift. A remote attacker could have exploited the flaw to execute arbitrary commands across the IR infrastructure, impacting multiple tenants, the tech giant explains….
