The next evolution of cyber defense: Ransomware-proof object storage

From securitymagazine.com

cyber-ransomware-freepik1170.jpg

Ransomware has topped the list of the most prominent cybersecurity threats organizations face today. The past year alone saw a notable jump (13%) in attacks that utilized data exfiltration. On top of this, Veeam’s 2022 ransomware trends report revealed that businesses are not only being increasingly targeted by ransomware but are also losing the battle to prevent and defend against it. According to the report, 72% of organizations had partial or complete attacks on their backup repositories in 2021, dramatically impacting the ability to recover data. Moreover, almost all attackers attempted to destroy backup repositories to disable the victim’s ability to recover without paying the ransom. 

Read more…

Microsoft urges Windows users to run patch for DogWalk zero-day exploit

From computerworld.com

p1200405

Microsoft has confirmed that a high-severity, zero-day security vulnerability is actively being exploited by threat actors and is advising all Windows and Windows Server users to apply its latest monthly Patch Tuesday update as soon as possible.

The vulnerability, known as CVE-2022-34713 or DogWalk, allows attackers to exploit a weakness in the Windows Microsoft Support Diagnostic Tool (MSDT). By using social engineering or phishing, attackers can trick users into visiting a fake website or opening a malicious document or file and ultimately gain remote code execution on compromised systems.

Read more…

Software Development Pipelines Offer Cybercriminals ‘Free-Range’ Access to Cloud, On-Prem

From darkreading.com

Continuous integration/continuous development (CI/CD) pipelines may be the most dangerous potential attack surface of the software supply chain, researchers say, as cyberattackers step up their interest in probing for weaknesses.

The attack surface is growing too: CI/CD pipelines are increasingly a fixture within enterprise software development teams, who use them to a build, test, and deploy code using automated processes. But over-permissioning, a lack of network segmentation, and poor secrets and patch management plague their implementation, offering criminals the opportunity to compromise them to freely range between on-premises and cloud environments.

Read more…

Windows devices with newest CPUs are susceptible to data damage

From bleepingcomputer.com

Windows

Microsoft has warned today that Windows devices with the newest supported processors are susceptible to “data damage” on Windows 11 and Windows Server 2022.

“Windows devices that support the newest Vector Advanced Encryption Standard (AES) (VAES) instruction set might be susceptible to data damage,” the company revealed today.

Devices affected by this newly acknowledged known issue use AES-XTS (AES XEX-based tweaked-codebook mode with ciphertext stealing) or AES-GCM (AES with Galois/Counter Mode) block cipher modes on new hardware.

While Microsoft mentions the data loss risks on affected systems, the company does not elaborate on what customers should expect if they’re hit by this issue.

Read more…

Microsoft: Exchange ‘Extended Protection’ needed to fully patch new bugs

From bleepingcomputer.com

Microsoft Exchange

Microsoft says that some of the Exchange Server flaws addressed as part of the August 2022 Patch Tuesday also require admins to manually enable Extended Protection on affected servers to fully block attacks.

The company patched 121 flaws today, including the DogWalk Windows zero-day exploited in the wild and several Exchange vulnerabilities (CVE-2022-21980CVE-2022-24477, and CVE-2022-24516) rated as critical severity and allowing for privilege escalation.

Remote attackers can exploit these Exchange bugs to escalate privileges in low-complexity attacks after tricking targets into visiting a malicious server using phishing emails or chat messages.

Read more…

10 Credential Stealing Python Libraries Found on PyPI Repository

From thehackernews.com

PyPI Repository

n what’s yet another instance of malicious packages creeping into public code repositories, 10 modules have been removed from the Python Package Index (PyPI) for their ability to harvest critical data points such as passwords and API tokens.

The packages “install info-stealers that enable attackers to steal developer’s private data and personal credentials,” Israeli cybersecurity firm Check Point said in a Monday report.

Read more…