News – Page 498

Malicious Microsoft Word Remains A Key Infection Vector

Posted on 6 August 2021

From isc.sans.edu

Despite Microsoft’s attempts to make its Office suite more secure and disable many automatic features, despite the fact that users are warned that suspicious documents should not be opened, malicious Word documents remain a key infection vector today. One of our readers (thanks Joel!) shared a sample that he received and, unfortunately, opened on his computer. The document was delivered to him via a spoofed email (sent by a known contact). The document (“legal paper.08.04.2021.doc”) was delivered in a protected ZIP archive and has a VT score of 11/58[1]. This remains a very low score for a simple Word document. It deserved to have a look at the content.

August 2021 Patch Tuesday forecast: Dealing with emergency patching

Posted on 6 August 2021

From helpnetsecurity.com

The PrintNightmare print spooler vulnerability, CVE-2021-34527, caused a lot of excitement last month. If you’re still in an active patch cycle, ensure you install the latest cumulative (or monthly rollup) to address this vulnerability.

Blocked DDoS attack volumes up, tech, healthcare and finance most targeted

Posted on 5 August 2021

From helpnetsecurity.com

Second quarter blocked DDoS attack volumes were up more than 40% compared to the same period in 2020, a Radware report reveals. The report provides an overview of DDoS attack trends by industry, as well as across applications and attack types.

Edge Super Duper Secure Mode turns off the JavaScript JIT compiler for extra security

Posted on 5 August 2021

From zdnet.com

The lead of Microsoft Edge Vulnerability Research Johnathan Norman has detailed an experiment in Edge that disabled the JavaScript just-in-time (JIT) compiler to enable some extra security protections.

Describing JIT compiling as a “remarkably complex process that very few people understand and it has a small margin for error”, Norman pointed out that half of all vulnerabilities for the V8 JavaScript engine was related to the process.

With the JIT engine turned off, it was possible for Edge to turn on protections — such as the hardware-based Control-flow Enforcement Technology (CET) from Intel, and Windows’ Arbitrary Code Guard (ACG) and Control Flow Guard (CFG) — that were previously incompatible with JIT.

Cisco Issues Critical Security Patches to Fix Small Business VPN Router Bugs

Posted on 5 August 2021

From thehackernews.com

Networking equipment major Cisco has rolled out patches to address critical vulnerabilities impacting its Small Business VPN routers that could be abused by a remote attacker to execute arbitrary code and even cause a denial-of-service (DoS) condition.

The issues, tracked as CVE-2021-1609 (CVSS score: 9.8) and CVE-2021-1610 (CVSS score: 7.2), reside in the web-based management interface of the Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers running a firmware release prior to version 1.0.03.22. Both the issues stem from a lack of proper validation of HTTP requests, thus permitting a bad actor to send a specially-crafted HTTP request to a vulnerable device.

Widespread Cyber Espionage Attacks Use New Chinese Spyware

Posted on 5 August 2021

From ehackingnews.com

According to new research, a threat actor believed to be of Chinese origin was linked to a series of ten attacks from January to July 2021 that involved the deployment of a remote access trojan (RAT) on infected computers and targeted Mongolia, Russia, Belarus, Canada, and the United States. The breaches have been linked to APT31 (FireEye), an advanced persistent threat that has been dubbed Zirconium (Microsoft), Judgement Panda (CrowdStrike), and Bronze Vinewood (Secureworks) by the cybersecurity community.

Threat Hunting Enables Early Detection and Response

Posted on 5 August 2021

From securityboulevard.com

From recent ransomware attacks on meatpacking giant JBS and oil transporter Colonial Pipeline to the massive SolarWinds breach that rattled both the public and private sectors, disruptive, costly and headline-making cyberattacks are happening at an alarming rate.

Officials at the FBI compared the need to confront rising cyberthreats to the post-9/11 rush to respond to international terrorism. In response, the White House recently released a blunt open letter calling on American businesses to take more urgent security measures to protect against ransomware attacks.

Within enterprises, C-suite and boardroom executives are turning to their security teams and asking, “What do we do now?” and “How can we avoid such an attack?” Security teams must reexamine their defenses and ensure they have the resources in place to prevent a costly ransomware attack from hurting their business.