Blog

Cybersecurity News

• Google intends to enforce a new set of rules, which will result in a large number of extensions being delisted. These rules are meant to crack down on a series of practices extension developers have been recently employing to flood the Web Store with shady extensions or boost install counts for low-quality content.
• The threat actors behind the Shade ransomware have called it quits, releasing 750,000 encryption keys on GitHub and publicly apologizing to victims affected by the malware. User “shade-team” posted four files on the code repository, one containing the file keys and four “ReadMe” files with decryption instructions and other information.
• Google Project Zero security researchers have discovered multiple vulnerabilities in ImageIO, the image parsing API used by Apple’s iOS and macOS operating systems. 14 vulnerabilities were identified, 5 of which affected Apple’s ImageIO framework, and 9 impacting the OpenEXR library, a high dynamic range (HDR) image file format created for computer imaging applications.
• Two severe security flaws were discovered in the open-source SaltStack Salt configuration framework that could allow an adversary to execute arbitrary code on remote servers deployed in data centers and cloud environments.

More

Cybersecurity News  

• Intel addressed nine security vulnerabilities with the April 2020 Platform Update, all of them being high and medium severity security flaws impacting multiple software products, firmware, and platforms.
• Сybersecurity experts at ReversingLabs revealed over 700 malicious gems — packages written in Ruby programming language — that supply chain attackers were caught recently distributing through the RubyGems repository. The malicious campaign leveraged the typosquatting technique where attackers uploaded intentionally misspelled legitimate packages in hopes that unwitting developers will mistype the name and unintentionally install the malicious library instead.
• A proof-of-concept remote code execution (RCE) exploit for the Windows 10 CVE-2020-0796 ‘wormable’ pre-auth remote code execution vulnerability was developed and demoed today by researchers at Ricerca Security. The security vulnerability, also known as SMBGhost, was found in the Microsoft Server Message Block 3.1.1 (SMBv3) network communication protocol and it only impacts systems running Windows 10, version 1903 and 1909, as well as Server Core installations of Windows Server, versions 1903 and 1909.
• The OpenSSL Project released a security update for OpenSSL that patches a high-severity vulnerability, tracked as CVE-2020-1967, that can be exploited by attackers to launch denial-of-service (DoS) attacks.

More

Cybersecurity News

• FBI Warns of Teleconferencing and Online Classroom Hijacking During COVID-19 Pandemic and gives some recommendations. The FBI has received multiple reports of conferences being disrupted by pornographic and/or hate images and threatening language. Due to these problems, different companies and organizations decided not to use Zoom. For example, Elon Musk’s SpaceX recently banned its employees from using Zoom, citing “significant privacy and security concerns,” while Taiwan’s cabinet has told government agencies to stop using the app.
• Microsoft announced that its plan to disable the security protocols TLS 1.0 and TLS 1.1 in the company’s browsers has been postponed in light of current global events. Initially the company wanted to disable the security protocols in the first half of 2020 . Newer versions of the TLS protocol enable more modern cryptography and are broadly supported across modern browsers.
• Security researcher Bill Demirkapi publicly disclosed several critical vulnerabilities on most HP machines running Windows. As he said that there were still unpatched vulnerabilities after some his reports. So, a patch was released on April 1 that the HP Product Security Response Team (PSRT) said fixes “potential escalation of privilege and arbitrary file deletion”

More

Currently, there is an increase in the number of information security incidents around the world, both leading to large financial losses and damaging the reputation of organizations.  The effective functioning of the information security management system and compliance with international information security standards will reduce the number of information security incidents and increase the level of organization security as a whole. The main guidance documents on incident management include:

ISO/IEC 27001:2005 Information security management system. Requirements. It is one of the fundamental standards in this field. It provides recommendations for the development, implementation, use and support of both information security management system as a whole, and approaches to the management of information security incidents.

ISO/IEC TR 18044:2004 Information security incident management. This document is intended for information security, information systems, services and networks unit managers and establishes recommendations for the management of information security incidents regarding the planning, use, and review process, as well as on this process improvement.

ISO/IEC 27035:2011 Information technology — Security techniques — Information security incident management. The standard covers the processes for managing information security events, incidents and vulnerabilities. It expands on the information security incident management section of ISO/IEC 27002. 

More