What is Cyber Security?

If someone told you they work in Cyber Security would you know what they mean? This blog aims to help you better understand the term and the global industry decades worth over $66 billion, is decades older than you may know, and is only growing increasingly more complex.

A Brief History

While computers were invented in the 1940’s it wasn’t until 1972 that anyone thought to make put into place security concepts for computers.  The 1972 ARPANET (The Advanced Research Projects Agency Network) research project which became known as the “father” of the internet. ARPANET was the first computer network that connected different research laboratories across the United States and had developed protocols for remote computer networking. Prior to the development of ARPANET, cyber security was almost unnecessary because computers could not share information with computers on another network.

Cyber Security definition

Bob Thomas, an ARPANET researcher, created a computer program named Creeper to prove that programs could

move between computers. On each computer it made it on to it left the message “I’m the creeper, catch me if you can”. To stop Creeper, another researcher (Ray Tomlinson) wrote a program Reaper to chase an delete Creeper. Later the programs Reaper and Creeper (a newer self-replicating version) would become widely accepted as the first anti-virus and computer worms.

The work of ARPANET researchers paved the way for cyber security as we know it. The new connections between computers and networks highlighted challenging vulnerabilities and how there was a need for computer security. In 1976, Operating System Structures to Support Security and Reliable Software affirmed “Security has become an important and challenging goal in the design of computer systems.”

Cyber Security

There has been almost a half century between the beginning of Cyber Security and today.  Over the years technology has developed immensely and security efforts have grown to match. Today the U.S. Cybersecurity & Infrastructure Agency defines Cyber Security as “the art of protecting networks, devices, and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity, and availability of information.” 

Almost everything we touch on a daily basis is run by computers; thus, everything we do must be done mindfully with security in mind. The following 10 tips are a baseline guide to making sure your daily life is secure from threat actors.

  1. Do not reuse the same username and password across multiple websites and applications
  2. Keep software, operating systems, and internet browser up to date.
  3. Use Multi-Factor Authentication for logging into websites and applications that have access to your PII (personally identifiable information).
  4. Avoid using public WiFi and hotspots.
  5. Utilize a reputable anti-virus software.
  6. Do not click on links or attachments from unknown senders (email or text).
  7. Manage personal information collected by applications.
  8. Lock your phone and computer screens when not in use.
  9. Keep up-to-date on the latest phishing scams.
  10. Complete a personal security and risk audit.

Remembering these tips in your daily life will help to keep you safer from threat actors in both a private and professional stance.

Cyber Security In Business

Thret actors are after your personal information but they are even more interested in organizations data. CyNtell was founded to meet the need of critical professional cyber security services to both the private and public sectors. The CyNtell cyber team understands that the needs of each business is unique in the standards the must follow due to their industry specifications, such as HIPAA, SEC, and NIST SP 800-171.

If you or your organization is looking to improve their cyber security posture, schedule a call with a CyNtell Cyber Security Expert today.

Watch Out Wednesdays: Vulnerabilities & Attacks

No threat facing businesses and individuals has grown quite like that of cyber threats. They appear in all forms, from phishing emails to exploited vulnerabilities in software.

Starting July 2020, this “Watch Out Wednesdays” blog will be updated weekly to include the latest vulnerabilities and large-scale hacks that you should Watch Out for. While this list is updated weekly, it does not contain a full list of vulnerabilities or hacks, the list will only contain the largest data breaches, hacks, and security vulnerabilities that have been released to the public.

Looking to improve your cyber security monitoring practices and reduce vulnerabilities? Take a look at CyNtell’s Continuous Monitoring or Cyber Security Protection packages.

February 2021

22-28 February

15-21 February

8-14 February

1-7 February

January 2021

25-31 January

18-24 January

11-17 January

First Microsoft Patch Tuesday of 2021:
– Over 80 vulnerabilities were addressed in the first Microsoft Patch Tuesday release of 2021. There were 10 “critical” flaws, of which one was affecting the built-in anti-malware Windows Defender, CVE-2021-1647. Other software affected included Microsoft Windows, Microsoft Edge (EdgeHTML-based), Microsoft Office suite, Codecs Library, Visual Studio, SQL Server, .NET Core and Repository, and Azure. Read the complete release from Microsoft here.

1-10 January

NVIDIA High-Severity Flaws:
– Sixteen vulnerabilities have been patched by NVIDIA for their Microsoft graphics driver. These flaws range from mid to high severity flaws with the most concerning affecting the graphics drivers’ kernel mode layer. While kernel mode vulnerabilities are normally a low severity vulnerability this specific flaw contains a glitch that would allow an attacker to launch a DoS attack or escalate privileges.  Read about the other NVIDIA vulnerabilities addressed here.

Zyxel High-Severity Flaw Patched:
– A credential vulnerability hardcoded into the Zyxel networking devices could allow attackers administrative access to the Firewall and AP Controllers. The  backdoor to the Zyxel was discovered by a Dutch cybersecurity firm and affects over 100,00 devices. The vulnerability would allow threat actors to take control of the devices giving them the ability to intercept traffic, change firewall settings, create VPN accounts, and other administrative actions. Read about the full extent of the vulnerability here.

December 2020

21-31 December

Updates Released by SolarWinds:
– Following the attack on SolarWinds Orion software, the company has release updates for the SUPERNOVA Malware. The malware was created specifically for the Orion servers and allows remote threat actors to bypass authentication and utilize remote code execution. This malware was deployed into the Orion software using the SUNBURST vulnerability. Read the complete SolarWinds release here.

Incomplete Zero-day Vulnerability Patch Exposed:
-Researchers at Google’s Project Zero have discovered an incomplete patch affecting the Print Spooler API in Microsoft Windows. The vulnerability was originally discovered (CVE-2020-0986) in Sept 2020 and a patched was issued for the Windows Kernel Elevation of Privilege Vulnerability but it was not complete. This vulnerability impacts multiple Microsoft Windows 10 platforms, Microsoft Windows 8.1, various Microsoft Windows Server 2016 platforms, and Microsoft Windows Server 2019. Read more about vulnerability here.

14-20 December

Office 365 Credentials Under Attack:
– Enterprise businesses have been warned by researchers to look out for new phishing attacks using compromised legitimate business emails. This new scam utilizes these compromised emails to masquerade as a service such as eFax to convince targets to click a link. This link takes the target to never-before-seen O365 pages which leads to a credential-phishing page, once credentials are stolen the campaign sends out more emails with a new URL to avoid detection and continue the campaign. Read more about the attack here.

Critical Apple Security Update:
– Apple has released and update addressing over 60  vulnerabilities for multiples products including macOS, iOS and iPadOS, macOS Server and three more products. macOS alone had over 59 vulnerabilities addressed with some of the vulnerabilities allowing threat actors to execute arbitrary code with kernel or system privileges, bypass  privacy preferences, or even cause unexpected application termination or heap corruption. Read the Apple security release here.

Zero-Day Affecting Systems Insight Manager:
– A zero-day critical flaw affecting Hewlett Packard Enterprise Systems Insight Manager software has been disclosed by the company. The critical flaw, CVE-2020-7200, is found in recent versions of the software unpatched. Servers running these versions of the software are vulnerable to remote code execution after a threat actor attacks the logic of the Action Message Format (AMF) deserializer.  Learn more about the flaw here.

7-13 December

SUNBURST Malware Attacks SolarWinds:
– A massive attack on SolarWinds, a U.S. Federal government contractor, has affected companies globally. The cybersecurity attack against the SolarWinds Orion software took place between March and June 2020 and targeted updates to the system. The updates were found to be corrupted and weaponized by hackers. Due to the nature of SolarWinds business, over 200 businesses have reported that they were infected by the SUNBURST trojan malware in the software updates. To read SolarWinds response to the hack, go to this security advisory. To see the list of companies compromised, see this article. For breaking news on still developing news, follow this link.

Microsoft Patch Tuesday Release:
– The last Patch Tuesday from Microsoft in 2020 brought in a lighter load with only 58 total flaws being addressed. The breakdown of the flaws include nine critical, 46 important, and three moderate severity patches. It also comes as welcomed relief that none of the flaws are being actively exploited at the time of the release. The patches address flaws in the following software: Windows, Edge (EdgeHTML-based), Edge for Android, ChakraCore, Office and Office Services and Web Apps, Exchange Server, Azure DevOps, Dynamics, Visual Studio, Azure SDK, and Azure Sphere. You can view the complete release notes here.

VMware Products Active Zero-Day Vulnerability Attack:
– The latest VMware vulnerability, CVE-2020-4006, is a command injection bug which allows threat actors to take control of the system after the vulnerability has been exploited. In order for threat actors to exploit the vulnerability, they must have credentials which could easily be obtained through another attack. The vulnerability which had need temporarily patched in November has been issued a patch with a “important” label. Read the full details of the vulnerability and patch here.

30 Nov – 6 December

Oracle WebLogic Servers Targeted by DarkIRC Botnet:
– A multi-featured botnet, DarkIRC, has been found in thousands of unpatched Orcale WebLogic servers with the CVE-2020-14882 vulnerability. Once infected the bot is able to preform multiple functions including remote code execution, anti-sandboxing and anti-analysis funtions, keylogging, downloading files, and more. Read the full breakdown of the DarkIRC attack on Orcale Weblogic servers here.

November 2020

23-29 November

GoDaddy Employees Vished for Crypto Service Domains:
– Cryptocurrency platforms NiceHash and Liquid were compromised when threat actors used a vishing scam to fool GoDaddy employees into handing over access credentials. It was confirmed by Liquid that the scammers were able to access their customers personal information including names, addresses, email addresses, and encrypted passwords. It is still unknown if the hackers were able to access the proof of identity files containing selfies, proof of address, and pictures of IDs. NiceHash stated that while their website went down and backend changes were made, their customers personal information was not compromised. All three companies, GoDaddy, Liquid, and NiceHash have reported that their sites are back online and safe. Read the full story here.

Laser Hacking Voice Assistants:
– Attempting to hacking smart devices voice assistants using a laser point is possible says researchers. These devices, such as Amazon Alexa, Apple Siri, Google Assistant, and Facebook portal, have all been found to launch inaudible commands when a laser is pointed directly at their microphones from as far as 360ft. Researchers from several universities conducted the simulated attacks and noted that once the voice assistant had been hacked it opens the door for threat actors to access other smart home devices that are connected to the assistant such as smartlocks. Read the full article here.

16-22 November

Mozilla Zero-Day and High Severity Vulnerabilities:
– A security bulletin from Mozilla addresses vulnerabilities in Firefox, Firefox ESR, and Thunderbird. Firefox zero-day vulnerability regarding a heap buffer overflow in Freetype, CVE-2020-1599, has been patched with the latest Firefox version 83. Four high-severity vulnerabilities with insufficient validation of user-supplied input and buffer overflow; 10 medium severity vulnerabilities; and six low-severity vulnerabilities have also been patched. Read about all the vulnerabilities and their corresponding patches here.

Critical Flaw in VMware ESXi Hypervisor Fixed:
– A few weeks after a use-after-free vulnerability was patched, along with other vulnerabililties, after being discovered during China’s Tianfu Cup hacking competition. The use-after-free vulnerability, CVE-2020-4004, is found in the  eXtensible Host Controller Interface (xHCI) USB controller of ESXi. Exploiting this vulnerability would give the threat actor the ability to execute code. Read more about the flaw here.

9-15 November

Two Chrome Zero-Day Vulnerabilities:
– Windows, Mac, and Linux users be advised that Google has released information on two actively exploited critical Zero-Day Chrome vulnerabilities. Zero-Day CVE-2020-16013 is found in the V8 JavaScript rendering engine and causes “inappropriate implementation in V8” JavaScript code. Zero-Day CVE-2020-16017 is a use-after-free memory corruption bug; use-after-free is a Chrome component that isolates individual site’s data from one another. Read more about both zero-day vulnerabilities and patches here.

Microsoft Patch Tuesday Release:
– Microsoft has released the November Patch Tuesday update covering 112 total vulnerabilities. The vulnerabilities are classified as the following: 17 critical, 93 important, and 2 low severity. Each of the critically listed vulnerabilities involve remote execution flaws. The release also includes a patch for the vulnerability, CVE-202017087, discussed in last week’s update below. View all the patches and release notes here.

2006 Windows Vulnerability PoC Released:
– Proof of Concept (PoC) exploit for an unpatched Windows vulnerability from 2006 has been released. Found by a Tenable researcher, the vulnerability is a local privilege escalation that can be exploited bu non-admin process to elevate privileges to SYSTEM when PsExec is executed remotely or locally on the targeted computer. The details and PoC exploit were released after Microsoft failed to patch the vulnerability within 90 days. The security flaw impacts Windows versions between Windows XP and Windows 10, and PsExec versions from 1.7.2(2006 version) to 2.2 (latest version). Read the full details here.

2-8 November

Google Reports Windows Zero-Day Vulnerability:
– Project Zero from Google has reported details on an actively exploited zero-day vulnerability, CVE-2020-17087, found in the Windows operating system. This new vulnerability piggybacks on a Chrome vulnerability that allows a malicious actor to escape the Chrome sandbox environment and run the code directly in Windows. Google has released a patch for the Chrome vulnerability already and states that users who have updated their browser will not be affected through remote execution though local execution may be possible. You can read the full details here.

Android Vulnerability Patches Released by Google:
– Google made 30 patches available for the Android operating system with vulnerabilities in the Android runtime, Framework, Media Framework, and System components. The highest severity critical bug, CVE-2020-0449, found in System can be exploited for remote code execution. This bug has been found along with 16 other System specific vulnerabilities, Framework has six vulnerabilities, and one for Android runtime. Access the full report on the patches here.

Cisco Patch for VPN Product Vulnerability Coming Soon:
– Designed to provide remote workers with secure VPN access, the Cisco AnyConnect Secure Mobility Client contains a flaw that can be exploited by a local, authenticated attacker. The AnyConnect software flaw was not found to have any workarounds, but users can disable Auto Update or Enable Scripting settings to prevent malicious actors to exploit the flaw. Read more about the AnyConnect vulnerability here.

October 2020

26 Oct – 1 Nov

Oracle WebLogic Active Exploitation:
– A Critical Remote Code Execution vulnerability (CVE-2020-14882) found in a console component of the Oracle WebLogic Server allows unauthenticated, remote attackers to execute commands on the affected servers. One the vulnerability is exploited through a crafted HTTP request it can lead to complete control of the host. Read about the vulnerability here.

Malicious Apps Removed from Play Store:
– Over 20 Android apps were removed from the Google Play Store after being found that they were deploying intrusive ads. The findings on the apps found that the 21 malicious apps had been downloaded almost eight million times. Read the complete article and see the list of apps here.

TrickBot Variants Active Despite Recent Shutdown:
– Despite being recently shutdown through a joint effort between U.S. Cyber Command and Microsoft, TrickBot is back after the operators made a quick pivot. TrickBot’s creators moved portions of the code to Linux attempting to broaden the scope of target victims. TrickBot was first found in 2016 as a Windows-based financial Trojan used to perform a wide range of malicious activities included credential theft and ransomware attacks. Read more about TrickBots latest return here.

19-25 October

Chrome Zero-Day Under Active Attack (21 Oct):
– If you are using a Chrome browser on a Mac, Windows, or Linux computer you need to update your Chrome browser immediately to version 86.0.4240.11. Google released this updated version  to combat active exploitation of a zero-day vulnerability, CVE-2020-15999. The vulnerability is a type of memory-corruption flaw called a heap buffer overflow in Freetype. Learn more about the active exploitation here.

12-18 October

Microsoft Warns Android Users of New Ransomware:
– A new strain of malware takes advantage of incoming call notifications and Home button to lock Android devices behind a ransom note. MalLocker.B, a known Android ransomware,  has resurfaced with new tricks to delivering ransomware demands on devices infected with the malware. The Windows 365 Defender Research Team discovered the ransomware variant and states “This new mobile ransomware variant is an important discovery because the malware exhibits behaviors that have not been seen before and could open doors for other malware to follow.” Read the full story here.

Hackers Pose as Antivirus Software:
– Chinese state-sponsored hackers, APT 31, may be posing as antivirus software provider McAfee to deceive high-profile victims into downloading malicious software. APT 31 saw a bit of limelight in June when Google’s security team announced the group had been attempting to interfere in Joe Biden’s presidential campaign. “(The malware) would allow the attacker to upload and download files as well as execute arbitrary commands,” wrote Google security researcher. Read the full update here.

Microsoft’s Patch Tuesday News:
– Microsoft’s Patch Tuesday released on October 13th addresses 87 total vulnerabilities to include 11 critical vulnerabilities. All of the critical vulnerabilities are remote code execution bugs which allows threat actors to gain complete control over an unpatched system. The summary bulletin release addresses Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, Azure Functions, Microsoft Echange Server, Visual Studio, Microsoft .Net Framework, Microsoft Dynamics, and Adobe Flash Player. Read the full statement here.

5-11 October

New Security Vulnerabilities Reported in Apple Devices:
– After three months of analysis, between June and September, on several online Apple services, a team of five security researchers have released their findings. A total of 55 vulnerabilities were found: 11 critical, 29 high severity, 13 medium, and 2 of low severity. The researchers took part in Apple’s Bug Bounty program to analyze the services. Most of the vulnerabilities found affected the iCloud software and allowed for threat actors to potentially hijack a users iCloud account, steal photos, access calendar information, videos, and documents. The flaws also could have allowed threat actors to forward the same exploit to all of the users contacts. At the time of the announcement, Apple took steps to patch the flaws. Learn more about the flaws here.

28 Sept -4 Oct

Use of Ransomware Increased 50% Globally:
– Check Point Research found that there had been a 50%daily increase in ransomware attacks during the #rd Quarter of 202 versus the first half of the year. The United States saw an almost doubled amount of attacks (~98%) between July and the end of September making it the number one target of ransomware attacks globally. Researchers believe that the surge in attacks is due to the ongoing COVID-19 pandemic which has forced businesses to make rapid changes to their business structures. Learn more about the increase in attacks here.

Cisco Releases Patches for High Severity Vulnerabilities:
– Two high-severity vulnerabilities discovered in IOS XR software after being exploited in the wild have been issued patches. The CyNtell Threat Research team wrote about one of the flaws, CVE-2020-3566, in a previous update of the blog (31 Aug-3 Sept). Since that update, another zero-day unauthenticated DoS vulnerability, CVE-2020-3569, was identified. Both flaws have been subsequently patched within the latest Cisco IOS XR Software release 6.6.3. Learn more about the vulnerabilities and patches here.

September 2020

21-27 September

Instagram Gave Hackers Remote Access To Your Phone:
– Or at least that would have been what the headlines read if the critical vulnerability, CVE-2020-1895, had not been detected by Check Point researchers. The flaw, a heap overflow security issue, affects all versions of the Instagram app for Android prior to the version 128.0.0.26.128. Threat actors could have taken advantage of this flaw by simply sending users a specially craft image, this would allow the hacker to take control of the device. Not only did the flaw allow for remote control but also remote execution of arbitrary code, access to private messages, and posting or deleting photos from their accounts. Read more about the flaw here.

Unsecured Bing Server Exposes Users:
– Back-end Microsoft Bing server has left sensitive data on the search engine’s mobile app users unprotected. The security vulnerability exposes users search history, service details, and GPS coordinates, among other sensitive data. The database that stores the information does not store personal details such as names or addresses. After the issue was brought to Microsoft’s attention, they issued a patch in the September Patch Tuesday release. Read more about the data leak here.

14-20 September

Attacker Hijack Firefox for Android:
– ESET security research has alerted the Android community that a new vulnerability in Firefox for Android. The vulnerability is found in the SSDP (Simple Service Discovery Protocol) engine for the browser and can be exploited by a threat actor targeting Firefox installed Android devices on the same Wi-Fi network as the attacker. Read more about how this can affect Android devices here.

Android 11 Security and Privacy Features:
– Android OS has long been plagued by security issues, with the release of Android 11 last week Google has released the specs of five newly built in features in hopes to squash previous issues. The new features include: One-time Permissions, Permission Auto-Reset for Unused Apps, Quick Security Patches via Play Store Modules, Scoped Storage Enforcement to Protect Data, and Restricting Unnecessary Background Location Access. Learn about each of the features here.

7-13 September

Microsoft’s Patch Tuesday Release:
– Over 120 new patches released by Microsoft for September’s Patch Tuesday release. Affected by the recently released patches are Microsoft Windows, Edge browser, Internet Explorer, ChakraCore, SQL Server, Exchange Server, Office, ASP.NET, OneDrive, Azure DevOps, Visual Studio, and Microsoft Dynamics. The new patches are aimed at repairing 23 critical, 105 important, and one moderate severity vulnerabilities. None of the vulnerabilities are known to be publicly or currently under attack per Microsoft’s release. Get the full release information here.

Unpatched Bluetooth Flaw Allows Easy Targeting:
– Bluetooth SIG issues a statement for users and vendors of a newly reported unpatched vulnerability that affects hundreds of millions of devices globally.  The flaw was found in the Cross-Transport Key Derivation (CTKD) of devices that support both the Basic Rate/Enhanced Data Rate (BR/EDR) and Bluetooth Low Energy (BLE) standard. Named “BLURtooth” (CVE-2020-15802, the flaw affects devices powered with Buetooth 4.0 or 5.0 technology allowing hackers to connect to a targeted device by overwriting the authenticated key or reducing encryption key strength. Read the full vulnerability details and impact here.

New Flaw in Visa Contactless Payment:
– A new flaw has been discovered with Visa’s contactless payment. Read the CyNtell blog about Visa’s contactless payment woes here.

31 Aug-6 September

Critical WordPress File Manager Exploit:
– The File Manager plugin for WordPress has been found to contain a critical remote execution vulnerability. File Manager allows WordPress administrators to edit, delete, upload/download, archive, copy and paste files and folders directly from the WordPress backend. The vulnerability would allow a threat actor to run arbitrary code om the target due to the inclusion of the open-source file manager library called elFinder. At the time of discovery, File Manager was used on over 700,000 websites; the vulnerability has since been patched. Read the full details on the vulnerability here.

Cisco Issues Warning Over Zero-Day Flaw:
– Cisco has issued a warning for a zero-day flaw in its router software. The flaw would allow a threat actor to carry out memory exhaustion attacks on devices affected by the vulnerability. A memory exhaustion attack is when an attack exploits the weakness within a system that allocates memory to occupy a significant amount of memory resources. The flaw, CVE-2020-3566, was first discovered at the end of August 2020 and affects all Cisco devices running Internetwork Operating System (IOS) XR Software.While the vulnerability has been addressed by Cisco, there is no timeline for when a patch for the vulnerability will be released. Learn the full details of the vulnerability and follow along with developments on the patch here.

August 2020

24-30 August

High-Severity Bug in Google Chrome:
– A critical high-severity bug found in Google Chrome (CVE-2020-6492) has been patched. The flaw is a use-after-free vulnerability in the Web Graphics Library (WebGL) element of Chrome Browser. This element of the Javascript API could have allowed for threat actors to control the use-after-free exploit allowing them to execute arbitrary code. A use-after-free specifically refers to when someone intentionally attempts to access memory after is has been freed; in the case of a use-after-free flaw exploit can result in the potential of arbitrary code execution or in some case enable complete remote code execution capabilities. Read the full release on the Google Chrome bug here.

Flaws in Apache Web Server Software:
– Three critical flaws in the Apache Web Server Software, uncovered by a Google Project Zero researchers, has been patched by the Apache Foundation. One flaw allowed for remote code execution making it possible for threat actors to change or delete data. The second critical flaw may have led to memory corruption due to concurrent log pool usage. The most worrisome flaw used a specifically designed “Cache-Digest” header to cause memory corruption leading to a crash and denial-of-service. Read more about the flaws and how to make sure your Apache Web Server is patched here.

17-23 August

Emotet Is Running Again:
– Emotet an email-based malware was fixed and began botnet-driven spam campaigns and ransonware attacks again on August 6th. In early February 2020, researchers found a vulnerability in the malware Emotet that acted as a kill-switch and stopped the malware from being able to operate between Feb 6 and Aug 6, 2020. Unfortunately for us, the malware has been patched and is running now. Read more about Emotet here.

Canadian Government Systems Attacked:
– Canadian officials detected around 300K attack attempts to access accounts on at least 24 government systems this over the two past weeks. Threat actors attacked a CRA portal using a botnet to unleash a technique called “credential stuffing” to access GCKey accounts. GCKey accounts allows Canadians to access Canadian government services such as Employment Insurance, Veterans services, My Service Canada accounts, and more. Read the full scope of the attacks here.

10- 16 August

Microsoft’s Patch Tuesday Release:
– The August Patch Tuesday release from Microsoft included 120 vulnerabilities. 17 of the addressed vulnerabilities are labeled as critical and 103 as important as affect Microsoft Windos, Edge HTML-based, Chromium-based, ChakraCore, Internet Explorer, MS Office, MS Office Services and Web Apps, Microsoft Windows Codecs Library, .NET Framework, and Microsoft Dynamics. Two of the vulnerabilities are zero-days in the Windows OS and related products. See the full release here.

Amazon Alexa Has A New Skill:
– Cyber security researchers have discovered several critical vulnerabilities in Amazon’s Alexa. With one vulnerability threat actors can install malicious software allowing them to spy on individuals remotely using only a web link.The vulnerabilities originated from a flaw in one of Amazon’s subdomains. Check out the researchers complete findings here.

3-9 August

Vulnerability Scanning Tool for Kubernetes:
– KubiScan, not a vulnerability but a scanning tool was showcased at Black Hat USA 2020. This open source Kubernetes tool was announced and show cased on the opening morning. KubiScan will all cluster administrators with containerized environments to be able to shrink their attack surface. Read more about the tool here.

High-Risk Windows TeamViewer Vulnerability:
– The software application TeamViewer has been found to contain a vulnerability with the severity rating of 8.8. The TeamViewer software was designed to allow remote control, desktop sharing, online meetings, and more which has seen an uptick in usage since the beginning of remote work due to the COVID19 pandemic. The vulnerability, named CVE-2020-13699, would allow threat actors to remotely attack and crack user passwords which could lead to a more complete system exploitation. Learn the complete details on the vulnerability here.

July 2020

27-2 July/August

Cisco Read-Only Path Traversal Vulnerability:
– Security Advisory released by Cisco for the actively exploited Read-Only Path Traversal vulnerability (CVE-2020-3452). This vulnerability is located in the interface of Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software, researchers found over 85,000 ASA/FTD internet-accessible devices. If the vulnerability is exploited, a remote attacker will be able to read sensitive files on the device as well as carry-out directory traversal attacks. Read the Cisco Security Advisory here.

7.5m Records of Dave.com Users Leaked:
–  Security breach of analytics platform Waydev, former partner of Dave.com, allows over 7.5 million Dave.com users personal data to be leaked. While Dave.com was notified of the breach in early July, user data was found on a website for hackers weeks later. Read more about the breach and release of data from the hackers here.

Orange Confirms Ransomware Attack:
– Orange, the fourth largest mobile phone operator in Europe, confirmed that the organization was a victim of a ransomware attack the night of July 4th. Nefilim, new ransomware actors, have claimed they are behind the attack that affected the business services division of the company. Read more about the Orange ransomware attack here.

GRUB2 Vulnerabilities for Linux & Windows Systems:
– Multiptle vulnerabilities affecting billions of devices that run on Windows or Linux; including laptops, servers, workstations, and even IoT devices. If this vulnerability was to be exploited it would allow the operating systems booting system to be compromised to carry out arbitrary code. As of Aug 5th, patches have been released to secured the vulnerability but booting issues remain after the patch has been utilized. Learn more about the patching issues here.

20-26 July

Garmin Hit with Ransomware:
– Garmin suffered a global outage on their website Garmin.com, Garmin Connect product, as well as navigation and flight plan services for aircraft nav systems. Early reports also say their phone systems, email, and chat applications were also affected. After suffering for two days of outages and much speculation from their customers, media, and global cyber community, Garmin was hit with a $10m Ransom. This confirms many suspicions that the company was hit with the WastedLocker ransomware. As of July 27th, Garmin.com has a note at the top of the site mentioning the outage and inability to communicate with customers, though articles say Garmin is in the final stages of recovery. Follow the latest in the Garmin ransomware attack here.

Microweber CMS Critical Security Vulnerability:
– A per-authentication flaw was found in the controller.php script “leftover from the early days of Microweber’s development” according to a penetration tester at Rhino Security Labs. This critical vulnerability leaked administrator credentials deemed “easy-to-crack” and a variety of other user information. Read the full details on the vulnerability here.

Adobe Critical Bugs Fixed In Second Round of Patches:
Only a week after releasing critical patches, Adobe has released another set up of patches that addresses 13 vulnerabilities. The in a second round of patches, 12 of the vulnerabilities are critical out-of-bounds read or write flaws in Prelude, Photoshop, or Bridge; the 13th bug affects the mobile reader for Android apps. Access the latest and all Adobe patches here.

13-19 July

Zoom Zero-Day Critical Vulnerability Allows RCE:
– The latest Zoom vulnerability allows an attacker to execute remote code on the victim’s system without triggering a security warning. The flaw has been found in all versions of Zoom for Windows but it can only be exploited in Windows 7 or older versions of Windows with system-specific configurations. As of 15 July, Zoom has patched the vulnerability. Learn more details of the vulnerability here.

Microsoft Releases Security Bulletin Address 123 Vulnerabilities:
– Microsoft’s July Patch Tuesday security updates has been released. A total of 123 vulnerabilities were addressed; 18 showed as critical; 105 as important. All of the critical bugs are RCE and EoP that can be found in Internet Explorer, Windows, Microsoft Lync Server, Microsoft SharePoint, and Visual Studio Code, and more. There were no publicly disclosed zero-day, vulnerabilities, or live attacks with the Patch Tuesday release. See the full list of patches here.

Twitter Bitcoin Scam:
– Over 100 accounts with a high volume of followers were hacked and sent out the same message for Bitcoin requests. The tweets that went out asked for $1000 in Bitcoin to be deposited to a specific wallet that would later send back $2000 in Bitcoin to all that participated. It appears that the hack was done on Twitter directly with the help of an employee that had access to the Twitter admin panel. The hackers seemingly walked away with over $120,000 in Bitcoin before Twitter shuttered accounts that were targeted. As of, 17 July this is still a developing story, learn more about the hack and developments here.

6-12 July

A New Round of Citrix Bugs:
– Citrix has just announced they have found 11 more vulnerabilities in their software. While it took them a month to create a patch for the critical vulnerability they found in January 2020; this time they have patches ready to go for the new-found vulnerabilities. The latest vulnerabilities, to all appearances, won’t create the same panic as the new year vulnerabilities but they still need to be addressed.  Check out the latest on the Citrix vulnerabilities here.

Artificial Intelligence Powered Attacks on The Rise!

Cyber crime is extremely detrimental to organizations, with serious implications to the future of the business. The effects can be longer lasting than anyone could ever expect. A study by Cybersecurity Ventures predicts these crimes will cost the world $6 Trillion a year by 2021.

Reports like that need to be a wake up call to businesses everywhere. That number is astronomical, but it should be no surprise to anyone who has followed the malicious exploits of hackers and online scammers. Cyber crimes have become big news, with large data breaches happening almost monthly and security breaches with major organizations generating news headlines. Additionally, there have recently been reports of foreign actors, from countries such as China and Russia, threatening and tampering with U.S. businesses and elections.

CyNtell’s cyber security specialists have analyzed and researched various emerging threats; compiling a list of trends and terms that could pose a threat to organizations within the coming year. They have analyzed the impact posed to businesses, governments, and individuals. What they found was that a large number of emerging threats would come from threat actors using Artificial Intelligence (AI) for criminal exploitation.

 

Artificial Intelligence Threats to Watch Out for in 2021

 

  1. AI powered cyber attacks

Hackers create programs that mimic human behaviors using artificial intelligence. The hackers then use these programs to manipulate people into giving up their personal, financial, or proprietary business information. AI powered attacks pose a significant threat to ANY organization, as it is a constantly learning and evolving system.

 

  1. Deepfakes

A combination of 2 words, “deep learning” and “fake;” deepfakes happen when AI (Artificial Intelligence) technology creates fake images and/or sounds that appear to be real. This usually appears in the form of video content or social media posts.

A deepfake might create a video in which a politician’s words are manipulated, making it appear the politician said something they never did. Other deepfakes superimpose the face of popular actors or celebrities onto other people’s bodies.

This can be especially harmful to an organization if a CEO or other executive officer is targeted and is made to appear, they said or did something against ethical, moral, or standard social behaviors.

 

  1. Deepfake voice technology

This technology allows people to spoof the voices of other people – often politicians, CEO’s or celebrities – using artificial intelligence. Using the deepfake voice technology, threat actors can convince individuals to complete a variety of actions that benefit the threat actor.

One of the most common scams using deepfake voice technology is to convince targets that one of their relatives is in danger and the only way to protect them is to have large sums of money moved into the threat actors account as ransom payment. The actor uses the voice technology to convince the target that they have the “victim” under captivity by using the voice technology.

 

  1. Synthetic Identities

Synthetic identities are a form of identity fraud in which threat actors use a mix of real and fabricated credentials to create the illusion of a real person. The threat actors use a mix of AI and machine-learning algorithms to collect the data on individuals without exerting much effort.

A threat actor may create a synthetic identity that includes a legitimate physical address. The Social Security number and birth date associated with that address, however, may not be legitimate. Using this method, the threat actor may be able to then spoof access credentials, such as key cards and ID badges; thus, allowing the threat actor access to potentially restricted areas or data.

 

  1. Vehicle cyber attacks

Bluetooth has become a standard feature in almost every new car manufactured, some luxury models even contain Wi-Fi capabilities. While these features make your daily commute and long road trips more enjoyable, it also presents a new security threat. Hackers now have the ability to gain access to your vehicle, accessing GPS data to find out everywhere your vehicle has been, in addition to live vehicle tracking. A hacker may even have the skills to take control of the vehicle safety features, access any devices connected to the vehicle, and even install malware on the vehicle and connected devices.

 

 

Artificial Intelligence is relatively new and extremely powerful; these new and emerging technologies accelerate our daily lives to new levels.They allow us to make seamless transitions between home and work, create engaging apps and media services; they work for us in a variety of ways we never imagined. These technologies come at a cost however, providing threat actors with new attack vectors. As researchers develop and discover more powerful ways to implement artificial intelligence so will hackers. The responsibility of protecting our private lives and work data rests on the individual which means everyone must be aware of any new threats.

 

 

CyNtell’s cyber security experts are here to protect and support your organization and to keep threat actors from using these powerful capabilities against you.

Schedule a call with one of our experts today and let us protect your organization.

 

 

 

Global Ransomware Cyber-Attack

Cyber Security Requires Policy and Program

Part 1 – Thwarting the Global Ransomware Attack Threat Made Simple

The recent global cyber-attack has raised our collective awareness that having a Cyber Security policy is not the same as having a Cyber Security program. The ransomware attack codenamed “WannaCry” takes advantage of a vulnerability found in the Windows operating system. The key word in the last sentence is the present verb tense “takes” as this ransomware threat has yet to be contained and there are now warnings of malicious code copycats. Just as concerning is that the threat should never have been as successful as it is since Microsoft provided the means of protection months ago. The critical, security patch aimed at addressing the known vulnerability was released in March both through Microsoft’s update service and the built-in antivirus software, Windows Defender.  Therefore, having a Cyber Security program with a mature, consistent approach to patch management and disaster recovery would have saved many of the victims from either becoming a victim in the first place, or escape paying the ransom since a recent backup copy or image of the system(s) could be used to restore those infected.

I hate to say, but we are only at the early stages of such cyber-attacks. For cybercriminals to build and execute such malware is relatively inexpensive with great opportunities for success, especially when small to medium sized businesses (SMB) are reluctant to invest time and money into implementing a program for adequate protection and only seek the appearance of compliance. Most solutions are simple and inexpensive, but still require proper operational process integration and consistent tactical practice. To achieve a Cyber Security program that truly provides prevention, detection, and recovery capabilities takes experience, and professionals with expertise are not free. Nevertheless, investing in the firm’s policy and program is better than worrying if it will be the next victim of cyber-attack and what such damages and costs could result.

To learn more about Claude L. Williams, follow on Twitter @ClaudeLW and/or http://www.LinkedIN/in/ClaudeLW

To learn more about CyNtelligent Solutions, follow on Twitter @CyNtelligent and/or LinkedIn