CISA Advisory of Top 42 Vulnerabilities Frequently Exploited

0
[ad_1]
Exploitation of Vulnerabilities 2022

The Cybersecurity and Infrastructure Security Agency (CISA) has published a report which was co-authored by the NSA, FBI, and the FYEY (Five Eyes) from different countries.

The report provides a complete insight into the Common Vulnerabilities and Exposures (CVEs) that were frequently exploited by threat actors.

As per the report, threat actors have been relying on outdated software vulnerabilities for exploitation instead of those disclosed recently. Systems that were exposed to the internet and left unpatched were mostly targeted.

The Exploitation of Vulnerabilities in 2022

In 2022, threat actors were found to be exploiting known vulnerabilities within two years of their public exposure. Most of the exploited vulnerabilities had Proof-of-concept (PoC) available publicly.

However, timely patching of these vulnerabilities will reduce threat actor operations resulting in the malicious actors switching to a more time-consuming process like a Zero-Day exploit or conducting software supply chain operations).

Top Exploited Vulnerabilities

The most exploited vulnerability of 2022 was CVE-2018-13379 which affected Fortinet SSL VPNs. Moreover, this vulnerability was one of the most exploited in 2020 as well as in 2021.

Many organizations still haven’t patched this vulnerability which gives more space for malicious actors.

Atlassian had two vulnerabilities CVE-2021-26084 (arbitrary code execution) and CVE-2022-26134 (Remote code execution), which were exploited mostly in 2022. Both of these belong to Confluence Server and Data Center.

Microsoft Exchange email servers had three CVEs CVE-2021-34473, CVE-2021-31207, and CVE-2021-34523 which were frequently exploited in 2022. All of these vulnerabilities are known as ProxyShell which can allow a threat actor to execute arbitrary code.

VMware Workspace ONE Access, Identity Manager, and other VMware products had two vulnerabilities CVE-2022-22954 and CVE-2022-22960 which were mostly targeted by threat actors.

These vulnerabilities were RCE, Privilege Escalation, and Authentication.

Furthermore, the CISA has released a list of 42 vulnerabilities that were exploited by threat actors very often and they are yet to be patched by many organisations.

Users of the specified products are recommended to upgrade their products to the latest patched version to avoid exploitation by threat actors.

It is a best practice to keep track of the recent patches and the versions of software that are under use in an organization.

Keep yourself informed about the latest Cyber Security News by following us on GoogleNews, Linkedin, Twitter, and Facebook.


[ad_2]
Source link

Phishing campaigns are using AMP URLs to avoid detection

0
[ad_1]

Researchers have found a new phishing tactic that uses Google Accelerated Mobile Pages (AMP) URLs to look trustworthy

Researchers have found a new phishing tactic which uses Google Accelerated Mobile Pages (AMP) to make URLs look trustworthy. The tactic is designed to slip past both software and users on the lookout for strange and untrustworthy domain names.

AMP is an open-source HTML framework designed to make web content load faster on mobile devices. The framework was originally created by Google, but over 30 news publishers and several technology companies have collaborated on the project.

AMP works by stripping bloat from web pages by forcing heavy restrictions on the kind of code that can be included. If it’s slow, you can’t have it. The stripped down pages are served from caches so they load faster, and the most popular cache by far is Google’s.

The phishing technique uses the URL of a web page cached by the Google AMP Viewer. For example, the home page of the website example.com would appear in the Google AMP Viewer as https://www.google.com/amp/s/example.com.

Although they look similar, and both contain ‘example.com’, the crucial difference is the first is served from the example.com domain and the second is served from the google.com domain.

Because of that, it’s just another web page on the google.com website and therefore inherits alll the trust that very well known domain name carries with both individuals and software, like email filters. And while it’s possible to block everything under https://google.com/amp/s/, that would inevitably block huge numbers of legitimate websites as well.

Threat actors can use this technique to cloak malicious websites in the legitimacy of the google.com domain, or they can use it to trigger redirects from the AMP URL to a malicious site.

The researchers found that the Google AMP URLs have proven to be very successful at reaching users, even in environments protected by secure email gateways.

Alongside the use of AMP URLs, the researchers also saw:

  • Open redirects on trusted domains like microsoft.com being used.
  • Chains of redirects linking the AMP URL to the malicious site, not just a single redirect.
  • Image-based phishing emails that bypass filters looking for common phrases in text.
  • CAPTCHA services used to disrupt automated analysis.

Using CAPTCHAs, the attackers try to keep automated crawlers belonging to security vendors and researchers out, and only let humans through that are rife to be phished. I used the word “try” in that last sentence on purpose because there are several crawlers out there that are equipped with CAPTCHA solving abilities that outperform mine.

How to avoid phishing attacks

  • Don’t take things at face value. Phishing attacks often seem to come from people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
  • Take action. If you receive a phishing attempt at work, report it to your IT or security team. If you fall for a phish, make your data useless: If you entered a password, change it, if you entered credit card details, cancel the card.
  • Use a password manager. Password managers can create, remember, and fill in passwords for you. They protect you against phishing because they won’t enter your credentials into a fake site.
  • Use a FIDO2 2FA device. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.

Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW


[ad_2]
Source link

Samsung website confirms Galaxy Tab S9 FE, S9 FE+ names

0
[ad_1]

Samsung has confirmed the existence of the Galaxy Tab S9 FE and Galaxy Tab S9 FE+. An official Samsung website in France has named the two unannounced tablets, hinting at an imminent launch. The tablets feature in a list of Galaxy devices compatible with the company’s digital assistant, Bixby. The website (via) itself is a Bixby guide.

Rumors about Samsung working on new Fan Edition (FE) tablets have been doing rounds on the internet for some time now. We have already seen the devices in various certification and benchmark listings, while leaked renders have revealed their design too. However, the Galaxy Tab S9 FE and Galaxy Tab S9 FE+ continue to evade the market.

There were speculations that Samsung might unveil the new affordable tablets during the Galaxy Unpacked event last week, but it didn’t. The Korean firm only launched the Galaxy Tab S9, Galaxy Tab S9+, and Galaxy Tab S9 Ultra, all of which are true-blue flagships. The FE models got no mention anywhere, with the event also bringing the Galaxy Z Fold 5, Galaxy Z Flip 5, and Galaxy Watch 6 series.

While we still await the launch of the Galaxy Tab S9 FE and Galaxy Tab S9 FE+ or even a tentative launch date, Samsung mentioning them on its website suggests the wait won’t be much longer. The company also has the Galaxy S23 FE in the works, with rumors pointing at a September launch for it. Maybe all three FE devices will debut on the same day next month, we will have to wait and watch.

The Galaxy Tab S9 FE and S9 FE+ will be affordable flagship tablets

Samsung’s FE lineup of Galaxy devices is known for offering flagship-grade specs at a lower price point. The company makes that possible by removing some premium features from existing flagship products while keeping the basics. It should be no different with the Galaxy Tab S9 FE and Galaxy Tab S9 FE+.

Based on leaks and certification listings, the two will be stripped-down versions of the Galaxy Tab S9 and Galaxy Tab S9+, respectively. The FE models share the screen size, S Pen, battery capacity, charging speed, and more specs and features with the flagships. At the same time, they might miss out on a Dynamic AMOLED 2X display, an under-display fingerprint scanner, and the latest flagship processor. Stay tuned for more information about the upcoming FE-series Samsung tablets.

Samsung website Galaxy Tab S9 FE names confirmed


[ad_2]
Source link

Russian Hackers were behind the Microsoft teams phishing attacks

0
[ad_1]

It’s no secret over the past few months, Microsoft has had a tough time with security breaches. Now, in another concerning development, the company has recently discovered a series of highly sophisticated phishing attacks orchestrated by a Russian government-linked hacking group named Midnight Blizzard, which targeted organizations and governments by posing as technical support staff on Microsoft Teams.

How did the hack work?

Instead of using regular hacking attempts, the hackers utilized clever social engineering techniques and leveraged already-compromised Microsoft 365 accounts owned by small businesses to create deceptive domains that appeared to be legitimate technical support entities. Once these fake accounts were up and running, the hackers then sent Teams messages containing phishing lures, aiming to steal credentials from targeted organizations and ultimately trick them into approving multifactor authentication (MFA) prompts. The MFA authentication allowed the hackers to perform an account takeover.

Additionally, in an effort to bypass conditional access policies, the hackers occasionally tried to add a device to the organization as a managed device through Microsoft Entra ID (formerly known as Azure Active Directory).

Furthermore, Microsoft says that they have been monitoring these attacks since late May 2023, and they have affected around 40 organizations globally, spanning various sectors, including government, non-government organizations (NGOs), IT services, technology, discrete manufacturing, and media.

Microsoft’s response

In response to the phishing attacks, Microsoft has taken immediate steps and blocked the use of malicious domains in Teams. Additionally, the company is also actively investigating the matter and working towards securing affected organizations. However, until then the investigation is complete, the company has advised users and organizations to exercise caution when engaging with unfamiliar support accounts.

“As with any social engineering lures, we encourage organizations to reinforce security best practices to all users and reinforce that any authentication requests not initiated by the user should be treated as malicious,” reads Microsoft’s blog post.


[ad_2]
Source link

Global ransomware attacks at an all-time high, shows latest 2023 State of Ransomware report

0
[ad_1]

Ransomware gangs are also starting to focus on exploiting zero-days for initial access.

Ransomware attacks have shown no signs of slowing down in 2023.

A new report from the Malwarebytes Threat Intelligence team shows 1,900 total ransomware attacks within just four countries—the US, Germany, France, and the UK—in one year.

The findings, compiled together in the 2023 State of Ransomware Report, show alarming trends in the global ransomware surge from July 2022 to June 2023. For example, the report shows that the US shouldered a hefty 43 percent of all global attacks and that ransomware attacks in France nearly doubled in the last five months.

To say ransomware gangs have been unkind to the US in the past year is an understatement.

Malwarebytes found that a total of 48 separate ransomware groups attacked the US in the observed period. To boot, there was a 75 percent increase in the average number of monthly attacks in the US between the first and second half of the last 12 months.

The UK, on the other hand, emerged as the second-largest ransomware target, enduring close to 200 ransomware attacks.

Malwarebytes tracked 32 separate ransomware groups attacking the UK, seven of which recorded more than ten known attacks. In addition, more ransomware gangs are attacking targets multiple times a month: the number of groups carrying out more than one known attack per month in the UK has climbed steadily for a year, from just one in July 2022 to eight in June 2023.

Neither France or Germany have been spared by the growing menace of ransomware, either.

Germany retained its place as the fourth most attacked country in the world, and the most attacked country outside of the anglosphere. France meanwhile experienced a disproportionately high rate of attacks on its government sector (9 percent of attacks).

Perhaps the biggest takeaway from the report, however, is that the ascension of the CL0P group—which has effectively harnessed zero-day vulnerabilities to amplify its attacks—could signal a change in the game.

A New Threat on the Horizon: CL0P

For a year and a half, LockBit, which claims to have 100 affiliates, has been the most dominant form of “Ransomware-as-a-Service” (RaaS) in the US, averaging about 24 attacks per month.

However, twice this year, in March and June, LockBit’s considerable rate of attacks was vastly exceeded by CL0P, which was otherwise dormant.

The drive behind the sudden change? CL0P used separate zero-days in GoAnywhere MFT and MOVEit Transfer to gain an edge. This gave them the ability to launch an unprecedented number of attacks within a short time frame and across a massive scale.

The use of zero-day vulnerabilities by ransomware groups like CL0P may trigger a significant shift in ransomware strategies, mirroring the adoption of the “double extortion” tactic in 2019.

If more groups start adopting CL0P’s zero-day exploitation techniques, the ransomware landscape could tilt from service-oriented attacks to a more aggressive, vulnerability-focused model—a move that could skyrocket the number of victims.

Want to learn more?

Read our 2023 State of Ransomware Report


[ad_2]
Source link

Smartphone shipments decline, as Omdia reveals top 10 smartphone OEMs

0
[ad_1]

A new report from Omdia, a research group, has surfaced. The report says that smartphone shipments have declined again, year-on-year, and they’ve been declining for eight consecutive quarters. This report has also revealed a list of the top 10 smartphone OEMs.

Previous reports that we’ve seen have focused on the top 5 smartphone OEMs, so this will be interesting to check out. Before we get to it, however, do note that this report is for Q2 2023, of course.

Omdia has revealed top 10 smartphone OEMs, as shipments declined yet again

Omdia reports that smartphone shipments totaled 265.9 million units in Q2 this year. That’s a 9.5% decrease compared to the same period last year, and a 1.2% decline compared to Q1 this year.

Samsung is first-placed, as expected. The company managed to ship 53.3 million smartphones, and faced a 14.3% decline YoY. Apple is second with 43.2 million units shipped, and is facing a decline of 11.7%.

Xiaomi managed to claim third place with 33.2 million shipped units, as the company’s sales declined 15.7% YoY: OPPO Group (includes OnePlus too) managed to squeeze itself to fourth place with 25 million sold smartphones, which is 10.5% less than a year before.

Transsion managed to claim fifth place

The fifth place is reserved for… Transsion. We’ve talked about that company recently, when Canalys’ report surfaced. That Chinese OEM includes Tecno, Infinix, and iTel brands. Transsion shipped out 24.5 million smartphones, and is actually one of two smartphone manufacturers who has seen YoY growth. It grew by 38.4%.

Vivo claimed sixth place with 22.3 million sold units, and has declined 10.1% YoY. HONOR is seventh with 14.1 million sold smartphones, and has seen a decline of 6.6%. Motorola is eighth with 10.4 million sold smartphones, and has declined 18.2%.

Realme has seen quite a considerable decline in shipments, as it sold 24.6% fewer smartphones than a year ago. Huawei closes out the top 10 list with 7.4 million smartphone shipments, which is actually 15.6% more than in Q2 2022.

You can check out the entire list in the image below, and that table considers more information, including a comparison with Q1 2023 for every brand.

Omdia top 10 smartphone manufacturers Q2 2023


[ad_2]
Source link

Possible iPhone 15 series launch date has been tipped

0
[ad_1]

Apple is expected to announce its iPhone 15 series in the near future, and a possible launch date has just been tipped. This report comes from 9to5Mac, as multiple sources shared the same info.

The iPhone 15 series launch date tipped for September 13

It seems like carriers have asked their employees not to take days off on September 13 due to a major smartphone announcement. Now, this is not necessarily Apple that we’re talking about, but it almost certainly is.

Apple usually announces its iPhones in September, and despite the fact a recent rumor said it may happen in October this year, this could be it. Also, September 13 is Wednesday, as was last year’s event (September 7). Apple usually does it on Tuesdays, but it chose to do things differently last year.

Now, if the phones do get announced on September 13, pre-orders will kick off on September 15, on a Friday. The phones will then become available on September 22, quite probably.

Having said that, last year, the iPhone 14 Plus sales were late due to supply issues. The same could happen with at least one of the iPhone 15 Pro models this year. Apple is allegedly having problems with displays for Pro models (at least one of them), so… we’ll see.

All models will feature Type-C ports, first iPhones ever to include them

The entire iPhone 15 series will feature Type-C ports this year. These four phones will actually debut Type-C for iPhones, as the EU basically forced Apple’s hand this time around. All devices will also feature a Dynamic Island cutout.

The iPhone 15 Pro models will come with a better camera setup, thinner bezels, and a titanium frame, based on rumors. The iPhone 15 Pro Max model will set itself apart by also having a periscope telephoto camera, unlike the iPhone 15 Pro.

Despite these changes, the demand for the iPhone 15 series is tipped to be lower than for the iPhone 14 series. We’ll see if that’ll pan out.


[ad_2]
Source link

What is BEC Attacks (Business Email Compromise)?

0
[ad_1]
BEC Attacks

BEC, an acronym for Business Email Compromise, is a sophisticated form of cybercrime. Cyber threats have become a pressing concern in a world where almost every aspect of our lives is digitized. One of these threats that have been growing exponentially in recent years is the BEC attacks.

What Are BEC Attacks? 

These attacks are carefully orchestrated scams perpetrated by cybercriminals to trick businesses into transferring money or sensitive information. The attackers usually impersonate a high-ranking official in the company, such as the CEO or CFO, and send an email request for a wire transfer or confidential data to another employee.

They’re not just any random email scams; BEC attacks are highly targeted and involve a great deal of planning and research. The cybercriminals behind them often know a lot about their targets and use this information to make their fraudulent requests seem legitimate. So, it’s no surprise that these attacks pose a significant threat to businesses of all sizes and industries worldwide.

Understanding BEC Attacks 

Process and Mechanics of a BEC Attack

Understanding how BEC attacks work is the first step in preventing them. The process often starts with extensive research. The attackers gather information about the target company and its employees. They look for information such as who is in charge of finances, who they report to, and when these officials will likely be out of the office.

Once they’ve gathered enough information, they craft a convincing email. This email is usually disguised as originating from a high-ranking official and sent to an employee with the authority to transfer funds or access sensitive information. The email will request a wire transfer, often with a sense of urgency to pressure the employee into acting quickly without questioning the request’s legitimacy.

The mechanics of these attacks are what makes them so effective. The attackers exploit the trust and authority of high-ranking officials to bypass traditional security measures. And because the emails are so well-crafted, they can be tough to detect.

Common Forms of BEC Attacks

There are several common forms of BEC attacks. The most common is ‘CEO Fraud,’ where the attacker impersonates the CEO or another top executive. They send an email to an employee in finance, requesting an urgent wire transfer.

Another form is ‘Invoice Scams.’ In these cases, attackers impersonate a vendor or supplier and send a fake invoice to the company. The invoice will typically request payment to a new account controlled by the attacker.

There’s also ‘Account Compromise.’ Here, an attacker hacks into an employee’s email account and sends fraudulent emails to vendors listed in their email contacts. The email will request that future payments are sent to a new account.

The Targets and Motives Behind BEC Attacks

The targets of BEC attacks are typically businesses that work with foreign suppliers or regularly perform wire transfer payments. However, any business can be a target. The motive behind these attacks is simple: money. Cybercriminals are looking for the easiest way to get their hands on your cash.

Prevention of BEC Attacks 

The best way to deal with BEC attacks is to prevent them from happening in the first place. Prevention requires a multi-faceted approach that includes technical, administrative, and human elements.

Email Security Measures

The first line of defense against BEC attacks is implementing robust email security measures. It is essential to use email filtering solutions that can detect and block phishing emails. These solutions can flag emails from outside your organization that are crafted to look like they’re from within.

Furthermore, you should also implement Domain-based Message Authentication, Reporting & Conformance (DMARC), an email authentication protocol. DMARC can prevent attackers from spoofing your organization’s domain in their phishing attempts, significantly reducing the chances of a successful BEC attack.

Multi-Factor Authentication (MFA)

Multi-factor authentication is another crucial element in preventing BEC attacks. MFA requires users to provide two or more forms of identification before they can access their email accounts or other sensitive systems. This could be something they know (like a password), something they have (like a physical token or a smartphone), or something they are (like a fingerprint or other biometric data).

By implementing MFA, even if a criminal manages to steal an employee’s login credentials through a phishing attack, they would still need the additional factor(s) to access the account. This significantly increases the difficulty for attackers, often deterring them from attempting to compromise your business.

Employee Training

The human element is often the weakest link in cybersecurity. Therefore, regular employee training is essential in preventing BEC attacks. Employees should be taught to identify phishing emails and be aware of the tactics used by cybercriminals in these attacks.

Moreover, it should be emphasized that everyone, regardless of their position in the company, could be a target. Regularly updated training programs can help employees stay abreast of the latest threats and the best practices to mitigate them.

Verify Requests

Given the nature of BEC attacks, it is crucial to establish a process to verify requests for funds or sensitive information, especially if they are unexpected or come from high-ranking individuals. This could be as simple as making a phone call to the person making the request.

The more significant the request, the more critical it is to verify it through multiple channels. This practice can significantly reduce the chances of an employee inadvertently complying with a fraudulent request.

Incident Response Plan

Even with the best preventative measures in place, it’s essential to be prepared for the worst-case scenario—a successful BEC attack. This is where an incident response plan comes into play.

An effective incident response plan should outline the steps immediately after detecting a BEC attack. This includes identifying and isolating affected systems, investigating the breach, notifying affected parties, and reporting the incident to the relevant authorities.

Use of Secure Email Gateways

Secure email gateways can be a valuable tool in the fight against BEC attacks. These solutions provide an additional layer of security, filtering incoming and outgoing emails to identify potential threats.

They use techniques such as link protection and attachment sandboxing to protect against malicious content. Moreover, they can also detect and block emails that attempt to spoof your organization’s domain, reducing the risk of BEC attacks.

Regular Monitoring

Last, regular monitoring of your email systems and network activity can help detect unusual behavior that may indicate a BEC attack. This could include abnormal login patterns, unexpected email forwarding rules, or sudden changes in email volume.

Monitoring tools can automate this process, alerting your IT team to potential threats so they can take swift action. Regular auditing of your systems can also help identify any security gaps that must be addressed.

Conclusion

To summarize, understanding and preventing BEC attacks is critical in today’s digital world. It requires a combination of robust technical measures, comprehensive employee training, and vigilant monitoring. Remember, the cost of preventing these attacks is far less than the potential financial and reputational damage they can cause. So, stay informed, stay prepared, and stay safe.


[ad_2]
Source link

Hey, are you REALLY ready to go on vacation? (No, you aren’t)

0
[ad_1]

We’ve made a handy flow chart to help IT and security folk decide if they’re ready to go on vacation.

Are you ready for a challenge? A real challenge? Do you laugh in the face of shark cages, scoff at the Marathon des Sables, and waft a dismissive finger in the direction of the Everest ascent? Are you ready to conquer the impossible?

If so, then you might be ready for the ultimate challenge—taking a vacation while working in IT or computer security. Our handy flow chart will help you decide if you’re ready (TL;DR, you aren’t, but you already knew that).

Click on the image to view it full size.


Malwarebytes EDR and MDR removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW


[ad_2]
Source link

You can play these mini-games on Galaxy Z Flip 5 cover screen

0
[ad_1]

You can play some fun games on the Galaxy Z Flip 5‘s cover screen. The 3.4-inch squarish display supports a bunch of mini-games that can quickly freshen up your mood. The only catch is that you need Good Lock. If you have access to this customization suite from Samsung, here’s how to activate mini-games on the cover screen of your Galaxy Z Flip 5.

To get started, you must download Good Lock on your foldable. If you live in a supported region, you can find the app on the Galaxy Store. You can click here or manually search for the app on the store if the link doesn’t work. Once Google Lock is installed, download and install the MultiStar module on your Galaxy Z Flip 5. It’s available on the Galaxy Store too (click here).

Now, open the MultiStar app and tap on the I ♡ Galaxy Foldable menu at the top. Go to the Game Widget section and activate the widget. When done, go back to the homescreen, fold your Galaxy Z FLip 5, and turn on the cover screen. Finally, swipe to the left side of the screen until you find the Games Widget. Tap on it and voila! You have a dozen mini-games to play on the cover screen.

A list provided by SamMobile has the following titles: Back Bounce, Cake Slice Ninja, Carrom Clash, Color Burst, CubeTower, Daily Solitaire, Gold Adventures, Moving, Northern Heights, Pin The Ufo, Retro Drift, and Tiger Run. All of these games are optimized for the Galaxy Z Flip 5’s cover screen, so you should get smooth gameplay. It’s unclear if Samsung plans to add more games in the future.

The Galaxy Z Flip 5 can run any app on the cover screen

The Galaxy Z Flip 5’s larger cover screen isn’t just about playing mini-games, though. The screen is big enough to run any app, and it does. Unfortunately, Samsung doesn’t offer this capability by default and instead, it wants you to manually enable the feature using Good Lock.

The problem is that Good Lock isn’t available globally, blocking some Galaxy Z Flip 5 users from getting the best out of their new foldable. Thankfully, there’s a third-party alternative that offers the same function. The CoverScreen OS app allows you to run any app on the new Samsung foldable’s external display. Hopefully, the Korean firm will roll out Good Lock globally to ensure that users don’t have to rely on third-party software.


[ad_2]
Source link