Let's talk shop!
Fancy graphics with captions!Happy Wednesday, y’all - Chad here. I hope everyone had a good Thanksgiving and enjoyed the break. We’re trying to get back on schedule with our regular posts, so in that vein, here’s your weekly Security Wrap-up. There were too many stories to post this week (yay Holidays!), so here’s a couple to check out. IKEA Hit by Email Reply-Chain CyberattackA Black Friday, indeed! According to the story, “The phishing emails were coming from internal IKEA email addresses, as well as from the systems compromised at the company’s suppliers and partners.” Stop thinking about Liz and Criss failing the IKEA test for just a second and put yourself in their employees’ shoes: valid emails from real coworkers and external contacts were suddenly malicious! I’m not sure how you could ever trust your email again. This one’s frustrating because email’s just such a good invention, you know? I’m sure some of you don’t know a life without it, but I sure do. Here’s a quick selfie o
Happy Friday, y’all - Chad here. As you hopefully saw in our announcement earlier this week, we’re currently migrating the Community and are up to our n*cks in new platform stuff, so we’re only going with a couple of security stories this week. The good news is, they’re both terrifying! 🙂 Costco discloses data breach after finding credit card skimmer Sigh…seriously? A physical skimmer got into a Costco? My card got skimmed at a gas station once, so I guess I’m just a bit sensitive to this one. That’s so annoying. Anyways, as you can imagine, getting your card of any sort skimmed can go real bad. I got lucky and my bank caught it, but man…I could own so many iPhones! “‘If unauthorized parties were able to remove information from the device before it was discovered, they may have acquired the magnetic stripe of your payment card, including your name, card number, card expiration date, and CVV,’ Costco revealed.” Call your bank, Costco customers. A stalker’s wishlist: PhoneSpy mal
honey1000×500 41.5 KB Cybercrime is big business, with cybercrime costs expected to grow by 15% per year over the next 5 years, reaching $10.5 trillion USD annually by 2025. This is up from $3 trillion back in 2015. There are many tools to help detect and deter criminals from gaining access to your IT environment, including the “honeypot,” which is a virtual trap to lure attackers. (Though if you ever want to catch Winnie the Pooh red-handed, a physical honeypot is the way to go.) When discussing cybersecurity, a honeypot is a system, device, or software that is intentionally compromised to expose opportunities for attackers so that they can be studied to improve security policies. And as our software architecture becomes more complex, threat-research has become more difficult, especially within containerization. To that end, Helix Honeypot was created to help solve some of the pain-points when doing threat-research around public-facing Kubernetes deployments. Our team did a very com
Happy Tuesday, everybody - Chad here. I hope your week is off to a trouble-free start. I’ve been informed that it’s officially “the Holidays”, and you know what that means: an uptick in cyber threats, especially things like phishing attempts. Those things can look a lot different on a mobile device or in a text, so keep your ears peeled and stay vigilant out there. Here’s a couple of security stories from this week: Apple macOS Flaw Allows Kernel-Level Compromise This may show my age (and my unfortunate allegiance), but I’ve had an Apple computer since 1987. It’s because of that experience that I always practice my “ABCs” when it comes to macOS releases: Always Be Clickingremindmetomorrowuntiltheyvepatchedtheholes – just, you know…they’re becoming pretty infamous for these kinds of OS exploits so just be patient. The new hotness will still be there after the bugs all get squashed. Signal Now Lets You Report and Block Spam Messages In related news (because I’m also a Signal user)…huzzah
On Tuesday afternoon, Adobe released out-of-band updates to patch 92 vulnerabilities across 14 products. Of the 92 vulnerabilities patched, 61 are regarded as critical remote code execution vulnerabilities by Adobe, and five are critical memory leak issues. Memory leak vulnerabilities are unintentional memory consumption by an application, which can lead to denial of service. If you use any of the products listed in the blog post here, update them ASAP! And most importantly, have a good weekend!
We’re a little late on the game here in the Automox Community, but October is Cybersecurity Awareness Month - a great month to check-in on your organization’s cybersecurity practices and make users more aware of the importance of staying safe. Through this month, you have seen plenty of educational pieces of content or advice about getting into the cybersecurity industry, but I wanted to take a moment to hear from y’all. Do you feel like your organization is well-prepared for any cyberattacks? Is cybersecurity a priority? (PS: if you are interested in reading some advice from cybersecurity experts here at Automox, you can read the blog post here!)
Hi, everybody - Chad here. Happy Monday to all y’all. As you know, October is Cybersecurity Awareness Month, so let’s get to some security news already. Missouri Governor Vows to Prosecute St. Louis Post-Dispatch for Reporting Security Vulnerability In unsurprising facepalm news, a politician doesn’t understand how technology works! It’s mentioned by the story’s author as well, but to me, the worst part of this is how it could discourage other people to report vulnerabilities. I’ve never heard of anything like this before, and I hope it’s a one-off. It’s Windows XP’s 20th birthday and way too many still use it TWENTY YEARS!? It’s fine…I’m fine. Anyways, why would anyone still use a 20yr old operating system you ask? I would ask too, tbh. But the short answer is: Threat Actors Abuse Discord to Push Malware Okay first of all, how dare you!? Second…no, I don’t even need a second thing to rage about. Leave my Discord alone! FWIW, that’s the app that did me the most good during quarantine,
You may be entitled to comp- Wait, wrong intro… Hello! We are looking for some individuals that have been affected by, or know someone who has been affected by, a cyberattack. As cyberattacks grow in number, the effects on people can range from a mild inconvenience to an absolute nightmare, and we want to learn more. If you would be willing to chat with our team about your first-hand experience going through a cyberattack, feel free to reach out through this thread or via PM to discuss the opportunity further. And if you have any friends that might be interested in sharing their thoughts, please share this post. Thanks in advance for your help!
FORGET THE INTRO - OMZJ, TWITCH!! Even in a week when Facebook booted itself off the internet entirely, you likely heard/read/ranted to someone by now about the astoundingly nasty Twitch breach. So let’s talk about Twitch this week. First off, I hope you’ve already changed your password(s). Second, sigh…it’s tough to feel sorry for Twitch after some of their recent heat, but there’s really no hyperbole hyper-enough to get across how terrible this was for them. TL;DR that article - the information stolen/posted contains: The entirety of Twitch’s source code with comment history “going back to its early beginnings” Creator-payout reports from 2019 Mobile, desktop and console Twitch clients Proprietary SDKs and internal AWS services used by Twitch “Every other property that Twitch owns” including IGDB and CurseForge An unreleased Steam competitor, codenamed Vapor, from Amazon Game Studios Twitch internal “red-teaming” tools (designed to improve security by having staff pretend to be hac
We are in the process of rolling back some patches now and testing. (Update - Rollback of [KB5005613] fixed our printing problems.) BleepingComputer New Windows security updates break network printing Windows administrators report wide-scale network printing problems after installing this week's September 2021 Patch Tuesday security updates.
Hi, everybody - Chad here. Since we’re still getting to know each other, I’m going to reveal some things about myself this morning. Aside from being a super-professional Technical Community Manager and a bottomless goldmine of accidental comedy, I’m also a long-time writer/blogger/etc. A couple of weeks ago in our Security Wrap-Up post here on AA, I wrote about a single subject for a change: the unsettling uptick in ransomware attacks against the Education sector this time of year. I hope you get through the entire post as it’s got some great info, but if not…TL; DR: This is a damn scary time to be a school Admin, and between remote folks, campus folks, BYOD, yada yada, attackers know that you’re stretched pretty thin…and they’re getting downright nasty. But, I bet some patch automation will help you sleep at night. Well…maybe. I don’t know your life. But I do know network/endpoint security in the Education sector, as I was up to my chins in it for the better part of the last decade. I
Hi, everybody - Chad here. Well, luckily for all of us who live near the swimming pool at my condos, it’s back to school time! And you know what that means: no, not homework and new shoes. Today, I’m focusing solely on the now-annual and still alarming uptick in ransomware attacks in the Education sector this time of year. While it may come as no surprise to those of us in the industry, it’s still shocking to see graphs like this one from a recent Comparitech ransomware report: Screen Shot 2021-08-31 at 1.40.56 PM837×409 18.1 KB As you can clearly see, September kind of sucks - which is a sentence I haven’t had to type on the Internet since season 2 of Fringe. But in general, attackers know that as schools get back into session (especially in our post-Covid world), things will be hectic. This can present them with a window of opportunity, so to speak. If I know that a school district has ~5,000 students coming back onto campus (or worse, learning remotely) at once, then I can assume
Hi, everybody - Chad here. Well, we’ve all survived another Patch Tuesday, and here’s a quick rundown. For more info, be sure to check out this month’s Patch Tuesday webinar or blog. August proved to be a lighter month than usual, with just 51 vulnerabilities addressed from Microsoft (seven of which are rated as critical, and only 1 being actively exploited in the wild). This shows a 56% reduction in overall vulnerabilities from July, and 33% fewer vulnerabilities on average for each month so far this year. 👏 👏 👏 On the Automox Patch Tuesday blog, @Eric writes, “This month’s vulnerabilities seem to follow a trend, impacting components in Microsoft Windows that perform network communications, internet connections, printing, file repair, and remote connections…The trend is that remote work is here to stay, making the prioritization of patching these components all the more vital.” In Adobe news, they gave everyone a break this month and only released two vulnera
Hi, everybody - Chad here. First off, Happy Tuesday! You’ve survived another Monday in 2021, and that’s no small feat! This week’s on time Security Wrap-Up is chock full of frustrating news, simple annoyances, and maybe a couple of things that even angried up my blood…real good! So, let’s get to it: New “Glowworm attack” recovers audio from devices’ power LEDs If you’re like me, you often sit on the balcony of your condo staring to the west - the glorious Red Rocks Amphitheater in the foreground, when it’s got-danged visible - and ponder the world’s seeming lack of evil geniuses. Well then, here’s a story for you. From ArsTechnica: “Researchers at Ben-Gurion University of the Negev have demonstrated a novel way to spy on electronic conversations. A new paper released today outlines a novel passive form of the TEMPEST attack called Glowworm, which converts minute fluctuations in the intensity of power LEDs on speakers and USB hubs back into the audio signals that caused those fluctuatio
Hi, everybody - Chad here. In case you missed it, today is Wednesday; not Tuesday. Good news: here’s your weekly Security Wrap-Up. Bad news: I officially need a new router. 😒 Once again, some pretty troubling stories in our little world this week. Here’s a peek at a few doozies: LockBit ransomware recruiting insiders to breach corporate networks In ransomware news, the LockBit 2.0 ransomware gang seems to be actively recruiting corporate insiders to help them breach/encrypt networks. In return, they’re promising the insider payouts of one million dollars. Various ransomware gangs operate as a Ransomware-as-a-Service organization, which consists of a core group of devs who maintain the ransomware and payment sites and recruited affiliates who breach victims’ networks and encrypt devices. While this kind of tactic sounds like a long-shot, it’s not the first time threat actors attempted to recruit an employee to encrypt their company’s network (nor will it be the last). In August
Hi, everybody - Chad here! I’ve officially taken it over, but I’m a little late to the Wrap-Up this week due in no small part to outages caused by [a certain unnamed ISP here in Colorado]. In this week’s wrap-up, we’ll take a look at a few stories that should probably raise one eyebrow per reader, minimum. An explosive spyware report shows limits of iOS, Android security In yet more Pegasus news, recent analysis has shown some serious security limitations in both iOS and Android devices, respectively. In the face of the report, many security researchers say that both Apple and Google can and should do more to protect their users against these sophisticated surveillance tools. A lot of criticism has centered on Apple in this regard, because the company has historically offered stronger security protections for its users than the fragmented Android ecosystem. In fact, the Amnesty International researchers say they actually had an easier time finding and investigating indicators of compr
Hi, everybody - it’s me, Chad! Hopefully, your week is off to a smooth start. I’m slowly but surely getting deeper into the Community here at Automox, and we figured this was a good chance for me to share some interesting security news with you. Below are a few crazy things currently happening in the world: Microsoft: Israeli Firm’s Tools Used to Target Activists, Dissidents In a pretty disturbing security story, an Israel-based company called Candiru sold spyware that exploited Windows vulnerabilities and has since been used in targeted attacks across various countries, according to new reports from both Microsoft and the University of Toronto’s Citizen Lab. The tools were being used in “precision attacks” targeting politicians, human rights activists, journalists, academics, embassy workers, and political dissidents, said Microsoft on their blog. The Microsoft Threat Intelligence Center (MSTIC) was alerted about the spyware, which led them to discover CVE-2021-31979 and CVE-2021-3377
Hi All, I am curious what services everyone is using to be alerted on new OS and 3rd party critical updates that are released or soon to be released. Is there a way to be notified through Automox when a Critical OS update is published besides manually checking the software page in the console? I am looking more for a automated email sent to me rather then checking a website or twitter feed, but all suggestions are appreciated. Thank you in advance!
Hope you’re ready for quite a doozy of a Patch Tuesday for July, because we have a lot to cover here. This Patch Tuesday comes in hot with Microsoft’s 116 vulnerabilities (over double June’s 49 vulnerabilities), 12 of which are critical severity, and 2 that have already been exploited in the wild. July represents a dramatic shift from the relatively light releases we’ve witnessed over previous months and highlights an uptick in zero-day exploits and the urgency needed to keep pace with a growing list of threats. While all eyes have been on the Windows Print Spooler (aka PrintNightmare, CVE-2021-34527) due to its scope of impact and high probability of exploitation, there are plenty of other vulnerabilities to keep your eye on. CVE-2021-34473 and CVE-2021-34523 are a pair of high-priority vulnerabilities found in Microsoft’s Exchange Server solution. CVE-2021-34473, a remote code execution vulnerability found and disclosed via the Zero Day initiative, allows an attacker to execute code
Happy Tuesday! I have some great security news available below, and I didn’t know we’d see SolarWinds so soon… check out the articles below - Unpatched critical RCE bug allows industrial and utility takeovers A critical remote code execution (RCE) vulnerability in Schneider Electric programmable logic controllers (PLCs), titled ‘ModiPwn,’ allows unauthenticated cyberattackers to gain root-level control over PLCs used in manufacturing, building automation, healthcare, and enterprise environments. The vulnerability (CVE-2021-22779) takes advantage of undocumented commands in device code and impacts the Modicon M340, M580, and other models from the Modicon series. If exploited, it could impact production lines, conveyor belts, elevators, HVACs, and other automated devices. The vulnerability is rated 9.8 out of 10 on the CVSS vulnerability-rating scale, making it critical. At the moment, Schneider has released a set of mitigations for the bug but no full patch is available yet. Google’s Ce
At the core of any successful vulnerability management remediation process is an alignment of competent resources, security best practices, and continuous assessment. With cyberattacks becoming an ever-growing part of our daily lives, it’s important that organizations put a functional vulnerability management remediation process in place. But first, we should ask the question, what exactly is vulnerability management? Well, in ideal circumstances, you can plan for the following items: Cyber Security Governance outlines executive management’s strategic direction in setting scope, remediation cycle, term objectives, budget, and realistic expectations of performance as negotiated with stakeholders. Cyber Security Strategy that defines roles, responsibilities, prioritizations of what is critical or required to protect for both business continuity and legal reasons such as regulatory compliance needs. Program Solutions such as vulnerability management scanners to enumerate vulnerabili
Members of the Ransomware Task Force (an organization of over 60 members from software companies, government agencies, cybersecurity vendors, and more) were recently a part of a Reddit AMA where they answered questions about the ransomware epidemic and what we can do collectively to stop it. If you’re interested in learning more about cybersecurity, the members of the Task Force and other Redditors have a lot of really awesome feedback to share. Check out the AMA here: https://www.reddit.com/r/IAmA/comments/oaytta/we_are_hackers_and_cyber_defenders_working_to/
Welcome to this week’s Security Wrap-Up! We have some patched bugs and some really interesting info about the adoption of the Golang language in malware attacks. Check it out - NVIDIA patches high-severity GeForce spoof-attack bug NVIDIA’s gaming graphics software, GeForce Experience, has suffered a major vulnerability that opens the door to a remote attacker that can exploit the bug to steal or manipulate data on a vulnerable Windows computer. NVIDIA has released a software patch for the flaw, which is present in its GeForce Experience (versions 3.21 and prior) software. A 3.23 GeForce update is available now to mitigate the bug. Tracked as CVE-2021-1073, the bug carries a CVSS severity of 8.3. The company warned, “NVIDIA GeForce Experience software contains a vulnerability where, if a user clicks on a maliciously formatted link that opens the GeForce Experience login page in a new browser tab instead of the GeForce Experience application and enters their login information, the malici
Happy Wednesday, everyone! We have some new security updates and topics for you to sink your teeth into. Check them out - Strange malware stops you from visiting pirate websites Last Thursday, Sophos researchers uncovered a malware campaign focused on “block[ing] infected users from being able to visit a large number of websites dedicated to software piracy.” Samples were buried in archives disguised as software packages promoted through the Discord chat service, whereas others are distributed via torrent. Numerous software brands, games, productivity tools, and cybersecurity solutions have been used to hide the malware, meaning that it’s targeting a broad subset of people who might not want to purchase a software license. If the malware’s executable is double-clicked, a message pop-up appears which claims the victim’s system is missing a crucial .DLL file. In the background, the malware is fetching a secondary payload, dubbed ProcessHacker, from an external website. This payload is re
Already have an account? Login
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.