Blog

Cybersecurity Digest #91: 05/03/2024 – 19/03/2024

Cybersecurity News

  • Researchers have demonstrated a new acoustic side-channel attack on keyboards. It can deduce user input based on their typing patterns, even in poor conditions, such as environments with noise.
  • Three types of vulnerabilities that can possibly lead to data exposure and account takeovers have been discovered in ChatGPT. One of the vulnerabilities can be exploited to install malicious plugins on ChatGPT users.
  • SIM swappers have adapted their attacks to steal a target’s phone number by porting it into a new eSIM card, a digital SIM stored in a rewritable chip present on many recent smartphone models.
  • Researchers have warned that of the critical vulnerability CVE-2024-21762 in Fortinet FortiOS. This flaw could potentially impact 150,000 exposed devices.
  • The financially motivated hacking group Magnet Goblin uses various 1-day vulnerabilities to hack servers and install malware. Windows and Linux systems are at risk.
  • The threat actors behind the BianLian ransomware have been observed exploiting security flaws in JetBrains TeamCity software to carry out their extortion-only attacks.
  • Hackers have been conducting widescale attacks on WordPress sites to inject scripts that force visitors’

More

Cybersecurity Digest #90: 20/02/2024 – 05/03/2024

Cybersecurity News

  • Lazarus Group has been exploiting a flaw in the Windows AppLocker driver as a zero-day to gain kernel-level access and turn off security tools, allowing them to bypass noisy BYOVD techniques.
  • Four new vulnerabilities have been discovered in some of the Zyxel Firewall and access point versions that are associated with Denial of Service, OS Command Injection, and Remote code execution.
  • PayPal has filed a patent application for a novel method that can identify when “super-cookie” is stolen. This could improve the cookie-based authentication mechanism and limit account takeover attacks.
  • Researchers at Guardio Labs have discovered a massive email ad fraud campaign called SubdoMailing. Threat actors have been carrying out SPF-hijacking to bypass spam security by leveraging legitimate domains to send millions of emails for malvertising and click scams for at least 16 months.
  • A dangerous vulnerability CVE-2024-23204 has been discovered in Apple Shortcuts. It could give attackers access to sensitive data across the device without the user being asked to grant permissions.
  • Cybersecurity researchers have identified two authentication bypass flaws in open-source Wi-Fi software found in Android, Linux, and ChromeOS devices that could trick users into joining a malicious clone of a legitimate network or allow an attacker to join a trusted network without a password.

More

New features of the Defensys SENSE 1.16

Defensys has released a new update of the Defensys SENSE Platform v. 1.16 to raise efficiency of companies’ information security. In the modified version detection scenarios were extended with new 15 anomalies. Additionally, the vendor has added a new section called “User profile” for object monitoring and has changed the timeline visualization for a quick artefacts collection during the investigation process.

Defensys has significantly changed the handling of monitored objects. The new section “User profile” immediately provides users with detailed data regarding all sessions of the monitored object, helps to analyze them in one tab and leave comments. Moreover, Defensys has divided event chronology into sessions and limited the display of the monitored object’s activity to one day. A wide range of data on a user’s behavior during a certain period of time is displayed for each session: anomalies, triggered alerts, users’ accounts, equipment, and overall rating. Now events of the same type are grouped in sessions to raise information value of the timeline and make it more convenient for data analysis. New functions allow CS specialists to promptly form the investigation context and to make the process of artefacts’ collection 3 times shorter.

Defensys’s team continues to improve detection features for a better cyber security posture.

More

Cybersecurity Digest #89: 06/02/2024 – 20/02/2024

Cybersecurity News

  • Google is testing a new feature to prevent malicious public websites from pivoting through a user’s browser to attack devices and services on internal, private networks.
  • Threat hunters have identified a new variant of Android malware called MoqHao. It automatically executes on infected devices without requiring any user interaction.
  • Fortinet has patched a critical vulnerability that enables unauthenticated remote code execution. The FortiOS and FortiProxy vulnerability tracked as CVE-2024-21762 has a CVSS score of 9.6.
  • LastPass has warned that a fake copy of its app is being distributed on the Apple App Store, likely used as a phishing app to steal users’ credentials.
  • Google has launched a new pilot program to fight financial fraud by blocking the sideloading of Android APK files that request access to risky permissions.
  • The first security vulnerability known as a kernel exploit has been discovered in Apple’s visionOS software. It targets the device’s operating system and could potentially be used to create malware, provide unauthorized access or jailbreak the headset so that anyone could use it.
  • Threat actors are leveraging bogus job advertisements as a lure to trick prospective targets into installing a new Windows-based stealer malware codenamed Ov3r_Stealer.

More

Case study by Defensys – Power Generating Company

Challenge

The Power generating company hadn’t had any automation programs for their cyber security processes. As the number of branches and employees increased, the Company decided to implement modern software to minimize the manual work and save valuable time.

The Defensys ACP attracted the Company’s attention, because of its automation functions and asset management capabilities from the cyber security perspective.

Implementation

On the way to the software installation our engineers faced a challenge: the Company has a lot of branches, that makes inventory process in the organization very complicated. The Defensys multi-tenancy option could not be used unless there is a clear understanding about the crossing IP addresses in the whole IT and OT infrastructure.

To keep records of assets in all branches and not to mix them all up the Developer has found a solution – the Defensys ACP could work with the same asset IP addresses from different branches and remote plants due to the ability to label the network when performing the inventory scan. Besides, the Defensys software was integrated with a SIEM system and antivirus solution in each branch.

The Power generating company doesn’t need customized processes or dashboards, because pre-installed options meet Company’s demands.

More