Blog

Cybersecurity news

• Zyxel has published a security advisory to warn admins about multiple vulnerabilities affecting a wide range of firewall, AP, and AP controller products. While the vulnerabilities aren’t rated as critical, they are still significant on their own and can be abused by threat actors as part of exploit chains.
• A new ransomware named ‘Cheers’ has appeared in the cybercrime space and has started its operations by targeting vulnerable VMware ESXi servers.
• Cybersecurity researchers have disclosed details of the latest version of the Chaos ransomware line, dubbed Yashma. The fact that it’s offered for sale also means that any malicious actor can purchase the builder and develop their own ransomware strains, turning it into a potent threat.
• A security researcher claims to have discovered an unpatched vulnerability in PayPal’s money transfer service that could allow attackers to trick victims into unknowingly completing attacker-directed transactions with a single click.
• HP Threat analysts have discovered a recent malware distribution campaign using PDF attachments to smuggle malicious Word documents that infect users with malware.
• Yet another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike beacons and backdoors on Windows, Linux, and macOS systems.

More

Defensys has updated Defensys Threat Intelligence Platform (TIP) to version 2.5. Key changes have affected the logic of enriching Indicators of compromise, working with the bulletin tool and vulnerability cards, and there have also been major changes in the system interface.

In the new version of Defensys TIP, the logic of enriching IoCs has been improved with additional context. Now users can configure the maximum number of days for storing enrichment data. After the specified period, the system will automatically re-request the enrichment data, which will help users process information related to indicators more accurately.

A significant part of the improvements in the new version of Defensys TIP is related to improvements in the bulletin tool. Threat and vulnerability bulletins are used to inform employees / community / customers / colleagues about new security threats, current vulnerabilities in software and hardware relevant to a particular infrastructure or organization. The platform now has the ability to create bulletins for multiple vulnerabilities, while in the new version it has become even more convenient to work with the vulnerabilities section: the presence of a bulletin and its identifier are displayed for each vulnerability.

In Defensys TIP 2.5, when viewing a vulnerability card, as well as when creating and editing a vulnerability bulletin, the entire structure of Common Weakness Enumeration (CWE) security defects is reflected, taking into account the attached elements.

More

Cybersecurity news

• HP has released BIOS updates to fix two high-severity vulnerabilities affecting a wide range of PC and notebook products, which allow code to run with Kernel privileges.
• Google announced a range of privacy measures that will help users retain more control over how their data is used by Google applications and displayed to the world through search.
• Microsoft has issued fixes for three zero-day vulnerabilities, including one being actively exploited in the wild, as part of its May monthly update round.
• Apple, Google and Microsoft have joined forces to expand support for passwordless logins across mobile, desktop and browsers.
• The National Institute of Standards and Technology (NIST) released an updated cybersecurity guidance for managing risks in the supply chain, as it increasingly emerges as a lucrative attack vector.
• Nozomi Networks warns of a vulnerability, tracked as CVE-2022-05-02, in the domain name system (DNS) component of the uClibc library which is used by a large number of IoT products.

Cybersecurity Blog Posts

• Adeeb Shah, Senior Security Consultant at SpiderLabs told how to avoid headaches when publishing a CVE.

More

Sometimes it is rather hard to briefly explain what threat intelligence means since many things depend on the context in which the term is used: this may be both a process and an action. There is a number of academic terms, for example, from Gartner and SANS Institute.

TI definitions

Cyber threat intelligence is a knowledge about adversaries and their motivations, intentions, and methods that is collected, analyzed, and disseminated in ways that help cybersecurity and business staff at all levels protect the critical assets of the enterprise.

Definitive Guide to Cyber Threat Intelligence

Threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to that menace or hazard.

Gartner, McMillan (2013) from Tactics, Techniques and Procedures (TTPs) to Augment Cyber Threat Intelligence (CTI): A Comprehensive Study

The set of data collected, assessed and applied regarding security threats, threat actors, exploits, malware, vulnerabilities and compromise indicators.

SANS Institute

The need for intelligence data results from the development of cybersecurity and improvements of its maturity level.

More

Cybersecurity news

• The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added seven vulnerabilities to its Known Exploited Vulnerabilities Catalog, including flaws affecting Microsoft, Linux, WSO2, and Jenkins systems.
• The Emotet malware phishing campaign is up and running again after the threat actors fixed a bug preventing people from becoming infected when they opened malicious email attachments.
• Atlassian has published a security advisory to alert that its Jira and Jira Service Management products are affected by a critical authentication bypass vulnerability in Seraph, the company’s web application security framework. The flaw is tracked as CVE-2022-0540 and comes with a severity rating of 9.9.
• Some popular virtual private networks (VPNs) may be leaving users exposed to a significant security risk. A new report by AppEsteem has found that a number of popular options put their users at risk with questionable practices.
• Researchers from Citizen Lab have published a report detailing the use of a new zero-click iMessage exploit, dubbed homeage, to install the NSO Group Pegasus spyware on iPhones belonging to Catalan politicians, journalists, academics, and activists.

More