Australian Federal Police say Russian threat actor behind Medibank breach
“We will be holding talks with Russian law enforcement about these individuals,” AFP Commissioner says [300 words]. What: The Australian Federal Police (AFP) has identified the threat actor behind the catastrophic attack on health-insurer Medibank as being a Russia-based group. In a statement Friday, AFP Commissioner Reece Kershaw said that investigators had managed to trace […]
Read MoreRomCom threat actor using spoofed SolarWinds, KeePass apps to distribute RAT
Targets have been Ukraine-based but IT companies, food brokers, and food manufacturers in the U.S., Brazil, and the Philippines are also in its crosshairs, BlackBerry says [300 words]. What: The operators of RomCom, a remote access trojan used in recent attacks against the Ukrainian military have now begun spoofing products from SolarWinds and KeePass to […]
Read MoreFive useful lists and tools for identifying resources with vulnerable OpenSSL in them
The OpenSSL project team will release a new version of the OpenSSL library (version 3.0.7) on Tuesday to address a critical vulnerability in version 3.0 to 3.6 of the widely used open source, command-line toolkit [184 words]. Five useful tools and lists for keeping on top of the OpenSSL vulnerability to be disclosed Nov 1. […]
Read MoreFour quick things to know about the critical bug in OpenSSL that will be disclosed Nov.1
The OpenSSL project team will release a new version of the OpenSSL library (version 3.0.7) on Tuesday to address a critical vulnerability in version 3.0 to 3.6 of the widely used open source, command-line toolkit [296 words]. Four key things to know: Impact will likely be wide: The OpenSSL team rates a vulnerability as “Critical” […]
Read MoreCritical Remote Code Execution Vulnerability in Apache Commons Text
Is this the next Log4J? [297 words] What: The Apache Foundation appears to have quietly fixed a critical remote code execution (RCE) in Apache Common Text versions 1.5 through 1.9. The vulnerability is being tracked as CVE-2022-42889. Proof of Concept code for the vulnerability is already available. NIST says the vulnerability is currently being analyzed […]
Read MoreMore than 29K+ Fortinet systems in US have admin login screen exposed to the Internet—and two other updates on CVE-2022-40684
Here’s the latest on the authentication bypass flaw (CVE-2022-40684) in FortiOS, FortiProxy, and FortiSwitchManager [300 words] As of October 13, 2022, there were 24,924 servers in the US and 196,668 units globally, that exposed the attack surface of the vulnerability— the login screen for Fortinet administrators—to the Internet. The number includes versions of Fortinet technology […]
Read MoreCISA ups the ante on asset discovery and vulnerability detection on federal networks
Key takeaway: If you aren’t already doing continuous automated asset discovery and vulnerability enumeration on discovered assets, now is a good time to get started. [259 words] What: The US Cybersecurity and Infrastructure Security Agency (CISA) this week issued Binding Operational Directive (BOD) 23-01 that requires all federal, executive branch, and agencies to implement measurable […]
Read MoreNewly disclosed vulnerability in PHP package repository highlights growing software supply chain risks
Key takeaway: Attackers are increasingly trying to infiltrate software development environments via malicious and poisoned packages on public code repositories. Robust SBOM and SCA practices are key to mitigating the threat [289 words] What: Researchers at SonarSource have disclosed a new vulnerability (CVE-2022-24828) in PHP package repository Packagist that gives attackers a way to execute […]
Read MoreAttackers Demonstrate Novel Way to Compromise EXSi Hypervisors
Key takeaway: Don’t allow vSphere Installation Bundles (VIBs) to become a vehicle for sneaking malware into your environment. (276 words) What happened: A China-based threat actor installed multiple backdoors on ESXi hypervisors at several organizations using malicious vSphere Installation Bundles. The backdoors enable a lot of bad things including persistent access, arbitrary command execution and […]
Read More