Blog

Cybersecurity News

• The US Cybersecurity and Infrastructure Security Agency has added a new vulnerability to its Known Exploited Vulnerabilities catalog. The vulnerability, tracked as CVE-2023-35082, can be exploited by unauthenticated attackers to access the API in older unsupported versions of MobileIron Core.
• Guardio Labs researchers have discovered a RCE vulnerability in the Opera browser for Windows and macOS, which can be utilized to run any file on the operating system.
• The Android-based PoS terminals from PAX Technology have been affected by a series of vulnerabilities that could be exploited to execute arbitrary code or commands.
• Researchers have discovered over two dozen vulnerabilities in cordless nutrunners manufactured by Bosch Rexroth that could be exploited to make the devices inoperable or their output unreliable.
• The Finish National Cybersecurity Center has warned of increased Akira ransomware attacks targeting NAS and tape backup devices of organizations in the country.
• Criminals have been exploiting a Windows Defender SmartScreen bypass vulnerability to infect PCs with Phemedrone Stealer, a malware strain that scans machines for sensitive information.
• A critical vulnerability which could allow a remote attacker to take control of other users’ accounts has been discovered in GitLab.

More

In the article we describe vulnerability management and challenges companies can face when setting this process, as well as share tips on how to overcome them.

At first, we would like to brief you with the main definitions:

Vulnerability is a flaw in information system or software which a hacker can use to penetrate the infrastructure, disrupt systems or access them. Vulnerabilities have several severity levels. One of the most widespread and serious risks is existence of an exploit for a vulnerability, especially if it`s already actively used by hackers. Exploit is a malware with data or executable code which uses vulnerabilities to conduct attacks.

Vulnerability management (VM) helps to lower the risks caused by infrastructure vulnerabilities. VM is a multi-step cyclical process of identifying, prioritizing and remediating vulnerabilities, followed by further monitoring. VM offers a choice of response way on issues connected to company’s assets: detected software vulnerabilities, configuration vulnerabilities, insecurely configured ports and other vulnerabilities that can be used by attackers. The main purpose of the process is risk minimization and systems protection from potential attacks, exploits and other forms of hacking or security breaches.

Vulnerability Management includes following steps:

1. Inventory;

More

Challenge

The bank has implemented the Service Desk solution. However, there was insufficient interaction with other systems, in particular, there was no interaction with TI tools and repositories.

The Bank wanted a comprehensive system overhaul and one of the key decisions in the global cybersecurity overhaul was the Defensys SOAR solution.

Results

Thanks to Defensys’s technologies, a number of key issues were resolved:

• Daily delivery of IoCs is now a process. The integration of Defensys SOAR with already existed TI system was set up, which generates files with new indicators every day. Special playbooks in the SOAR work frequently and pour these IoCs into information security tools. For example, Proxy and IDS systems update their block lists automatically due to this kind of automation.
• The implementation of the SOAR allows now the IoC – TI system data transfer while incidents investigation. A Bank’s TI system forms a daily file after some time, which is picked up by the Defensys SOAR and delivered to security tools. If it is necessary to urgently block the indicator of compromise, Defensys SOAR delivers it directly, bypassing TI system.
• Integration with antivirus solution was configured just to orchestrate this procedure when for example some number of scans is required as the last stage of some response playbook.

More

Defensys company announced the extension of Defensys Endpoint functionalities. New features are aimed at improving corporate network security from current cyber threats and raising efficiency of IT infrastructure monitoring process.

Defensys continues to upgrade the Endpoint technology by adding new functions for a better security level and monitoring of IT systems. In the new release Defensys has significantly upgraded technical audit section. Now users can view expertise results in a more comprehensive way, that makes vulnerabilities analysis easier and enables faster remedial action. Moreover, it’s now possible to add own policies and modify installed checks by adapting audits to particular requirements and company’s tasks.

Integration with the Defensys TDP has been added to the Defensys Endpoint v. 1.8. Due to this, lures which simulate vulnerabilities in the corporate network making it more attractive for hackers, can be placed in one click. For instance, the Defensys Endpoint helps to place such lures as false accounts, saved sessions, and SSH keys. This approach reduces the cost of deploying and updating simulated infrastructure.

Therefore, the Defensys team has also integrated the option of installing and managing Sysmon module for Windows OS into the product. Sysmon is a powerful tool for system event monitoring that can detect suspicious activity on computers and prevent potential threats.

More

Cybersecurity News

• Four vulnerabilities, one of which is rated critical, have been discovered in the Perforce Helix Core Server, with one of the vulnerabilities allowing the intruders to remotely execute commands from the LocalSystem account.
• VoIP communications company 3CX has warned its customers to disable SQL database integrations due to possible risks associated with what it describes as a potential vulnerability.
• Akamai has warned of a new Mirai-based DDoS botnet, named InfectedSlurs, actively exploiting two zero-day vulnerabilities to infect routers and video recording devices.
• A four-tier classification has been proposed in China to help with the response to data security incidents, highlighting Beijing’s concern with large-scale data leaks and hacking within its borders.
• 2023 has seen the emergence of ten new Android banking malware families, which collectively target 985 banking and trading apps from financial institutes across 61 countries.
• As a part of Patch Tuesday, Microsoft has fixed 34 vulnerabilities including one zero-day vulnerability affecting specific AMD processors.
• A critical vulnerability which can let attackers gain remote code execution to fully compromise vulnerable websites has been discovered in a WordPress plugin.

More