Security Spotlight: Navigating the Cybersecurity Landscape and Illuminating the Dark Corners of the Web

WME Cybersecurity Briefings No. 002

A new phishing kit is on the loose.

It’s targeting your hard-earned coins. This sneaky scam uses SMS, voice calls, and even fake single sign-on pages to trick you into giving up your info. Once they have it, they’ll be off with your crypto faster than you can say “blockchain.” Be vigilant and don’t fall for their tricks.

News for Ivanti users

The Five Eyes intelligence alliance just issued a security alert. They have warned of critical vulnerabilities in Ivanti gateways that could be exploited by attackers. Ivanti has stated that they are not aware of any successful attacks leveraging these vulnerabilities. However, they are releasing a new security tool to address the identified issues. These flaws could potentially grant unauthorized access to your systems. Keep yourself updated on the latest security advisories.

GitHub Automatically Scanning Public Repositories for Secrets by Default. 

This helps protect your sensitive information from falling into the wrong hands. Public repos can sometimes contain sensitive information like API keys, passwords, or tokens. So, hackers can easily scan public repos for this information. GitHub’s secret scanning feature identifies and flags potential secrets in your code. This helps you take action to remove or secure the secrets before they can be exploited.

A New cyberattack technique, Silver SAML discovered.

This attack exploits vulnerabilities in identity provider systems. So, it allows hackers to gain access to applications you use. Unlike Golden SAML attacks, Silver SAML doesn’t require access to Active Directory Federation Services, making it even more dangerous. Keep your software updated to protect yourself.

A New Malware Targeting Linux Users.

A new variant of the BIFROSE malware has been discovered. It’s using sneaky tactics to avoid detection. This malware targets Linux systems and can steal your data. The good news is that researchers are aware of the threat and are working on ways to protect users. In the meantime, be vigilant and only download software from trusted sources.

Russian government software backdoored with North Korean malware.

Hackers are exploiting a backdoor in Russian government software to deploy the Konni RAT malware. This is a serious development as it shows that even government systems are not immune to cyberattacks. The attackers are believed to be North Korean threat actors and this is not the first time they have targeted Russia.

US Offers $15 Million Bounty for LockBit Ransomware Leaders

The big price tag is on the heads of the leaders of the LockBit ransomware gang. LockBit is a notorious cybercriminal group that’s been shaking down companies around the world with ransomware attacks. They steal sensitive data, encrypt it, and then demand hefty ransoms to unlock it. This move by the US shows they’re serious about cracking down on cybercrime. But will it be enough to take down LockBit for good?

New vulnerabilities expose Android and Linux devices to hackers.

These Wi-Fi vulnerabilities could allow attackers to trick you into joining a fake Wi-Fi network and gain unauthorized access to a trusted network you’re already on. These vulnerabilities affect devices that use wpa_supplicant or Intel’s iNet Wireless Daemon (IWD). Patch your devices as soon as possible. Android users can manually configure the CA certificate of any saved enterprise network. This will help prevent the attack.

Russian Cyber Actors Target Cloud Environments

Russian cyber actors are adapting their tactics to target cloud-based systems. These actors can exploit service and dormant accounts, use stolen access tokens, and register new devices to gain access to cloud environments. They may also use MFA fatigue, a technique where they bombard users with MFA requests to bypass multi-factor authentication.

Apple Releases Security Updates to Address Vulnerabilities in Multiple Products

According to the CISA, Apple has released security updates to address vulnerabilities in Safari, macOS, watchOS, tvOS, and iPadOS. These vulnerabilities could be exploited by malicious actors to gain control of affected devices. It is recommended that users/admins apply the necessary updates ASAP.

CISA Identifies Exploited JetBrains TeamCity Vulnerability

CISA has added a new vulnerability to its catalog of Known Exploited Vulnerabilities (KEVs). This vulnerability affects JetBrains TeamCity. Malicious actors could potentially exploit this vulnerability to gain unauthorized access to systems. CISA recommends that all organizations update JetBrains TeamCity to version 2023.11.4 or later. The Federal Civilian Executive Branch (FCEB) agencies are mandated to update their systems by a specific deadline.

Critical vulnerabilities found in Cisco Secure Client and Cisco Secure Client for Linux

Malicious actors could exploit these vulnerabilities to compromise affected devices and potentially gain complete control. Cisco Secure Client Carriage Return Line Feed Injection Vulnerability resides in the way Cisco Secure Client processes carriage return and line feed characters. An attacker could exploit this to inject malicious code into a user’s system. Whereas, Cisco Secure Client for Linux with ISE Posture Module Privilege Escalation Vulnerability is specific to the ISE Posture Module component within Cisco Secure Client for Linux. If exploited, it could allow an attacker to escalate their privileges on the system. Consequently, they could gain unauthorized access and control.

Chirp Systems: All Versions of Chirp Access Affected

The vulnerability is due to the use of hard-coded credentials in the Chirp Access source code. This means that the login credentials are stored directly in the code, rather than being securely stored elsewhere. An attacker could exploit this vulnerability by gaining access to the source code and then using the hard-coded credentials to log in to Chirp Access systems. This could allow them to illegally control systems and gain unrestricted physical access.

Windows Management Experts

Now A Microsoft Solutions Partner for:  

  • Data & AI
  • Digital and App Innovation
  • Infrastructure
  • Security

The Solutions Partner badge highlights WME’s excellence and commitment. Microsoft’s thorough evaluation ensures we’re skilled, deliver successful projects, and prioritize security over everything. This positions WME in a global tech community, ready to innovate on the cloud for your evolving business needs.

Microsoft Solutions Partner Logos - Data & AI PNG
Microsoft Solutions Partner Logos - Digital & App Innovation PNG
Microsoft Solutions Partner Logos - Infrastructure PNG
Microsoft Solutions Partner Logos - Security PNG

Why not reach out to us at WME?

Contact us and let us transform your business’s security into a strategic advantage for your business. Be sure, with WME, you’re just beginning a path toward a more streamlined and secure future.

501 Cambria Ave. STE #384,
Bensalem, PA 19020

Phone: (888) 307-0133
Press 1 at the Menu

WME Cybersecurity Briefings

Footer - 2023-11-07
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.