Dear colleagues,

We are excited to announce that Defensys has released a new update of the Defensys SGRC Platform v. 5.4. Besides all the other features that will be highlighted soon, there is an update of the content base of the SGRC for our KSA customers and partners.

Beginning this month, Defensys SGRC includes the full set of 7 NCA controls, as well as the Guide to Essential Cybersecurity Controls implementation and Cybersecurity Toolkit, all readily available in the SGRC Documents library.

Furthermore, we are pleased to inform you that Defensys SGRC now supports SDAIA PDPL, which allows to launch compliance campaigns and assess how organization aligns with personal data protection requirements.

For more information on these enhancements, please do not hesitate to reach out to us.

Thank you for your continued support.

Cybersecurity News

• Apple has sent a new batch of threat notifications to users in 92 countries who may have been targeted by mercenary spyware attacks.
• Cybersecurity researchers have disclosed the first native Spectre v2 exploit against the Linux kernel on Intel systems. It could be used to read sensitive data from the memory.
• Researchers have found multiple vulnerabilities in LG webOS running on smart TVs that could allow attackers to gain root access to the devices.
• Google has introduced a new feature for its Chrome browser, which should eliminate, or at least minimize, memory corruption vulnerabilities.
• The U.S. HHS Department has warned that hackers can be using social engineering tactics to target IT help desks across the Healthcare and Public Health sector.
• An almost 6-year-old vulnerability in the Lighttpd web server used in Baseboard Management Controllers has been detected.

Cybersecurity News

• Experts has warned of info stealer malware targeting macOS users via malicious ads and rogue websites. One of the attacks relies on sponsored ads proposed to the users while searching for “Arc Browser” on Google.
• Cisco has notified its customers of password-spraying attacks that have been targeting Remote Access VPN services of Cisco Secure Firewall devices.
• Security vulnerabilities discovered in Dormakaba’s Saflok electronic RFID locks used in hotels could be weaponized by threat actors to forge keycards and stealthily slip into locked rooms.
• Scientists have identified a vulnerability inVirtual Reality headsets that could let hackers access private information without the wearers’ knowledge.
• Researchers have developed ZenHammer, the first variant of the Rowhammer DRAM attack.

Cybersecurity News

• Researchers have demonstrated a new acoustic side-channel attack on keyboards. It can deduce user input based on their typing patterns, even in poor conditions, such as environments with noise.
• Three types of vulnerabilities that can possibly lead to data exposure and account takeovers have been discovered in ChatGPT. One of the vulnerabilities can be exploited to install malicious plugins on ChatGPT users.
• SIM swappers have adapted their attacks to steal a target’s phone number by porting it into a new eSIM card, a digital SIM stored in a rewritable chip present on many recent smartphone models.
• Researchers have warned that of the critical vulnerability CVE-2024-21762 in Fortinet FortiOS. This flaw could potentially impact 150,000 exposed devices.
• The financially motivated hacking group Magnet Goblin uses various 1-day vulnerabilities to hack servers and install malware.

Cybersecurity News

• Lazarus Group has been exploiting a flaw in the Windows AppLocker driver as a zero-day to gain kernel-level access and turn off security tools, allowing them to bypass noisy BYOVD techniques.
• Four new vulnerabilities have been discovered in some of the Zyxel Firewall and access point versions that are associated with Denial of Service, OS Command Injection, and Remote code execution.
• PayPal has filed a patent application for a novel method that can identify when “super-cookie” is stolen. This could improve the cookie-based authentication mechanism and limit account takeover attacks.
• Researchers at Guardio Labs have discovered a massive email ad fraud campaign called SubdoMailing.

Defensys has released a new update of the Defensys SENSE Platform v. 1.16 to raise efficiency of companies’ information security. In the modified version detection scenarios were extended with new 15 anomalies. Additionally, the vendor has added a new section called “User profile” for object monitoring and has changed the timeline visualization for a quick artefacts collection during the investigation process.

Defensys has significantly changed the handling of monitored objects. The new section “User profile” immediately provides users with detailed data regarding all sessions of the monitored object, helps to analyze them in one tab and leave comments. Moreover, Defensys has divided event chronology into sessions and limited the display of the monitored object’s activity to one day. A wide range of data on a user’s behavior during a certain period of time is displayed for each session: anomalies, triggered alerts, users’ accounts, equipment, and overall rating. Now events of the same type are grouped in sessions to raise information value of the timeline and make it more convenient for data analysis. New functions allow CS specialists to promptly form the investigation context and to make the process of artefacts’ collection 3 times shorter.

Cybersecurity News

• Google is testing a new feature to prevent malicious public websites from pivoting through a user’s browser to attack devices and services on internal, private networks.
• Threat hunters have identified a new variant of Android malware called MoqHao. It automatically executes on infected devices without requiring any user interaction.
• Fortinet has patched a critical vulnerability that enables unauthenticated remote code execution.

Challenge

The Power generating company hadn’t had any automation programs for their cyber security processes. As the number of branches and employees increased, the Company decided to implement modern software to minimize the manual work and save valuable time.

The Defensys ACP attracted the Company’s attention, because of its automation functions and asset management capabilities from the cyber security perspective.

Implementation

On the way to the software installation our engineers faced a challenge: the Company has a lot of branches, that makes inventory process in the organization very complicated. The Defensys multi-tenancy option could not be used unless there is a clear understanding about the crossing IP addresses in the whole IT and OT infrastructure.

To keep records of assets in all branches and not to mix them all up the Developer has found a solution – the Defensys ACP could work with the same asset IP addresses from different branches and remote plants due to the ability to label the network when performing the inventory scan. Besides, the Defensys software was integrated with a SIEM system and antivirus solution in each branch.

Cybersecurity News

• An Android remote access trojan known as VajraSpy has been found in 12 malicious applications. The malicious apps have been removed from Google Play but remain available on third-party app stores, disguised as messaging or news apps.
• Google-owned Mandiant has identified new malware employed by a China-nexus espionage threat actor known as UNC5221. It allows an unauthenticated threat actor to execute arbitrary commands on the Ivanti VPN appliance with elevated privileges.
• GitLab has released fixes to address a critical security flaw in its Community Edition and Enterprise Edition that could be exploited to write arbitrary files while creating a workspace.

In the article we continue to describe vulnerability management and challenges companies can face when setting this process, as well as share tips on how to overcome them.

Stage 4. Remediation

Remediation means taking of appropriate measures to neutralize detected vulnerabilities. It consists of installing patches/updates, stopping or disabling certain services and protocols, performing compensating measures or taking risks for non-remediation. Decisions made on detected vulnerabilities are usually indicated by appropriate statuses (e.g., compensatory measures, risk accepted or false positive). This is necessary to evaluate further actions on vulnerabilities and control their remediation.

If users decide to remediate the vulnerability, a task for IT department should be automatically created in a Service Desk system and the patch management (process of managing and applying patches, updates and software fixes) should be started.

Challenges and recommendations:

As mentioned above, vulnerabilities can be fixed using updates and patches or by modifying configuration files, but its installing process is often a complicated procedure. This may be caused by incompatibility with other programs, testing necessity, or missing access to the system for updates.