Chinese APT actor targeting unpatched SonicWall devices in credential stealing campaign
New attacks are similar to those that other China-backed actors have carried out in recent years as part of cyber espionage and data theft campaigns against US companies. A likely China-based threat actor is targeting unpatched SonicWall Secure Mobile Access 100 Series (SMA100) devices with highly persistent malware for stealing user credentials and providing the […]
Read More7 vulnerabilities that federal agencies MUST address by Nov 29
Four of the vulnerabilities are Windows zero-day bugs that Microsoft disclosed in its November security update; three affect Samsung mobile devices. The US Cybersecurity and Infrastructure Security Agency’s (CISA) Binding Operational Directive 22-01 issued in Nov. 2021 requires all federal civilian executive branch agencies to address software bugs that are listed in CISA’s Known Exploited […]
Read MoreRussia’s Iridium group deploying new ransomware payload
Prestige ransomware marks dangerous shift in strategy for threat actor Microsoft says [299 words]. What: Security researchers at Microsoft have spotted Russia-based threat group Iridium dropping a new ransomware payload dubbed “Prestige” on systems belonging to organizations in Ukraine and Poland. The Prestige campaign marks a broadening of focus for Iridium from its usual destructive […]
Read MoreNSA recommends organizations make strategic shift to memory-safe languages
Programming languages such as C and C++ rely too heavily on the programmer not making memory-related mistakes, agency says [300 words]. What: NSA says organizations should consider making a strategic shift from programming languages such as C/C++ to “memory-safe” languages such as C#, Go, Java, Ruby and Swift. With these languages, memory management does not […]
Read MoreVMware patches critical authorization bypass vulnerability in Spring Security
A critical authorization rules bypass vulnerability exists in Spring Security versions 5.7.0 to 5.7.4 and versions 5.6.0 to 5.6.8. The vulnerability gives attackers a way to potentially bypass an API gateway and access backend services with a simple “forward” [299 words]. What: VMware released Spring Security 5.6.9 and 5.7.5 on October 31 to fix the […]
Read More5 things to know about the bugs patched in OpenSSL version 3.0.7
The first: This isn’t Heartbleed redux [298 words]. What bugs were fixed: OpenSSL version 3.0.7 fixes two “high” severity vulnerabilities in OpenSSL versions 3.0.0 to 3.0.6. The vulnerabilities are CVE-2022-3786 an X.509 Email Address Variable Length Buffer Overflow and CVE-2022-3602, an X.509 Email Address 4-byte Buffer Overflow. The bugs are tied to a punycode decoding […]
Read MoreFive useful lists and tools for identifying resources with vulnerable OpenSSL in them
The OpenSSL project team will release a new version of the OpenSSL library (version 3.0.7) on Tuesday to address a critical vulnerability in version 3.0 to 3.6 of the widely used open source, command-line toolkit [184 words]. Five useful tools and lists for keeping on top of the OpenSSL vulnerability to be disclosed Nov 1. […]
Read MoreConnectWise patches critical flaw in its Recover and R1Soft Server Backup Manager technology
Vulnerability gives attackers a way to target thousands of MSPs and their downstream customers. Company urges customers to treat issue as a top priority [298 words]. What: ConnectWise has patched a critical, remote code execution vulnerability in its ConnectWise Recover and R1Soft Server Backup Manager (SBM) software. The flaw exists in ConnectWise Recover SBM v2.9.7 […]
Read MoreFour quick things to know about the critical bug in OpenSSL that will be disclosed Nov.1
The OpenSSL project team will release a new version of the OpenSSL library (version 3.0.7) on Tuesday to address a critical vulnerability in version 3.0 to 3.6 of the widely used open source, command-line toolkit [296 words]. Four key things to know: Impact will likely be wide: The OpenSSL team rates a vulnerability as “Critical” […]
Read MoreCISA will adopt TLP version 2.0 on Nov. 1
Prepare now for move to the new version of FIRST’s standard for sharing security information [300 words]. What: Beginning Nov. 1, 2022, CISA will officially adopt version 2.0 of the Forum of Incident Response and Security Teams (FIRST) Traffic Light Protocol (TLP) standard to facilitate information sharing among cybersecurity incident response teams. TLP 2.0 will […]
Read More