Last Seen Blogs
Text
Cyber-attack on U.S. Marshals Service: Data Stolen
The U.S. Marshals Service, the country’s oldest law enforcement agency, recently disclosed that it became the victim of a cyber assault last week, resulting in cybercriminals’ pilfering of confidential information.
As per the declaration of a representative from the U.S. Marshals, the grave occurrence impacted a “standalone” computer system, housing data about targets of active investigations, personal information of employees, and internal workflows.
As per the spokesperson’s statement, the system did not comprise confidential information of individuals registered under the Federal Witness Protection Program, whose safety may be put at risk if disclosed publicly. The U.S. Marshals contend that the system is isolated from the more extensive network and expeditiously terminated upon detecting the intrusion before handing it over to the Department of Justice.
The Latest Ransomware Attack: How It Happened and Who’s at Risk
On February 17, the Service became aware of an ongoing ransomware attack, during which the perpetrators were actively extracting sensitive files. NBC News initially reported this breach.
The Department is engaged in continuous remedial measures and criminal forensic inquiries,” stated a spokesperson from the U.S. Marshals Service via email. We are working quickly and effectively to reduce any risks that could result from this occurrence.
Additional information regarding whether the assailants issued threats to make public the exfiltrated data in the event of non-payment of a ransom or how the agency is procuring access to its records after the breach through a workaround was not disclosed by the U.S. Marshals Service.
In the scenario where the hackers infiltrated the system and encoded the files as if it were a ransomware attack but refrained from demanding payment. Therefore, the possibility is that the primary objective behind the data theft was not financial gain.
For Foreign espionage, government agencies and the FBI are easy targets. Federal law enforcement agency explicitly advises against paying ransoms. It is improbable that a shrewd ransomware criminal syndicate would anticipate receiving payment from the U.S. Marshals. Nevertheless, some criminal organizations aim to victimize targets randomly based on security vulnerabilities or convenience.
The absence of a ransom demand could suggest a concealed motive. In the past, nation-state adversaries such as Russia and Iran have orchestrated harmful cyber offensives camouflaged as ransomware attacks to mask their endeavors of pilfering intelligence or creating chaos.
Recently, big Tech like Microsoft has monitored who, according to them, resemble ransomware attacks in Poland and Ukraine to gather intelligence and purpose to desolate.
While the U.S. Marshals endeavor to re-establishing the Service, the Justice Department is probing the origin of the security violation. As they strive to maintain the momentum of ongoing casework, they are utilizing a temporary approach to gain access to sensitive files, including data about subjects of investigations. Nevertheless, whether the Marshals successfully recuperated the files or are using copies from a backup server or another computing system remains to be determined.
However, it remains unclear whether the attackers are still deliberating on whether to release the stolen files ultimately.
Secure data, and block ransomware threats with ESOF VMDR
ESOF, a next-gen Vulnerability Management platform, which implements ESOF VMDR to protect from malicious cyberattacks, prioritizes, automatically, immediately, and continuously monitors all vulnerabilities as soon as the user installs them on their system. ESOF VMDR is crucial in protecting systems from data breaches that recently affected the U.S. Marshals Service and may have been caused by attackers taking advantage of holes in their IT stack.
ESOF VMDR can do the following:
It can identify which assets are weak using its threat intelligence feature.
The cyber risk score improves the organization’s communications. As a result, it lowers cyber risk and gives business owners an impression of their company’s security.
Turn down significant vulnerabilities as soon as possible with automatic prioritization and cleanup.
Secure the whole IT stack of your company, including all the real-time files.
Schedule scanning lets you detect zero-day vulnerabilities for several platforms, including web, mobile, SCR, and infrastructure.
ESOF VMDR assists in locating the system’s covert vulnerabilities and separating those deemed high risk.
Download ESOF VMDR Datasheet for more information!
https://tacsecurity.com/cyber-attack-on-u-s-marshals-service-data-stolen/
0 notes
Text
Protect your business with ultimate Guide to Cybersecurity Risk Assessments
The cybersecurity risk assessment identifies, analyzes, and evaluates potential cybersecurity threats to an organization’s information systems and data. This process aims to assess a cyber attack’s likelihood and potential impact and identify appropriate measures to mitigate or reduce the risk.
The first step in conducting a cybersecurity risk assessment is identifying the assets needing protection. It includes not only hardware and software systems but also data, intellectual property, and other sensitive information that cyber criminals could target. Once the assets are identified, the next step is to identify potential threats to those assets.
Threats can come from various sources, including hackers, insiders, natural disasters, and human error. The assessment team must consider the likelihood of each threat and its potential impact on the organization’s operations and reputation.
After identifying the threats, the next step is to assess the vulnerabilities within the organization’s systems and processes. Vulnerabilities are weaknesses that cybercriminals could exploit to gain unauthorized access to an organization’s data or systems. These could include outdated software, weak passwords, and unsecured network connections.
Once the vulnerabilities have been identified, the assessment team can assign a ESOF cyber risk score to each threat based on its likelihood and potential impact. This score can help prioritize which risks should be addressed first.
Finally, the assessment team can develop a risk management plan to mitigate or reduce the risks identified in the assessment. This plan may include implementing new security measures, updating policies and procedures, and training employees.
Regular vulnerability assessment and penetration testing (ESOF VAPT) is essential to maintaining the security of an organization’s information systems and data. As the threat landscape evolves, it is necessary to reassess risks and update the risk management plan to ensure appropriate measures are in place to protect the organization from cyber-attacks.
Types of Risk Assessment
Risk assessment refers to a broad term that encompasses a significant amount of information related to an organization’s security posture. To address various concerns, at least five types of risk assessments have been identified, each focusing on different security aspects. These assessments are crucial to identifying and evaluating potential organizational risks and developing effective strategies to manage them.
1.Subjective Assessments
2.Numerical Assessments
3.Generic Assessment
4.Time-based assessment
5.Dynamic Assessment
Enhancing your system security posture with ESOF VAPT
The term “cybersecurity” refers to a wide range of procedures and methods used to safeguard computer systems against harmful elements. TAC Security’s ESOF VAPT services helps in maintaining the security posture of your organization constantly.
Regular vulnerability assessment is essential when using DevOps because it allows you to create an agile, hyperactive system of fluid operations. Each time you put a piece of code into production, its risk needs to be identified and reduced. To improve your organization’s security posture, you can check out the VAPT solution brief.
For instance, your security team is made aware of the problem. It implements a fix when a vulnerability schedule scan you run as part of a risk assessment campaign reveals a SQL injection vulnerability.
Click on ESOF VAPT to know more about our services
https://tacsecurity.com/protect-your-business-with-ultimate-guide-to-cybersecurity-risk-assessments/
#vulnerability #vulnerabilitymanagement #vulnerabilityassessment
0 notes
Text
Insight into Exploitation: Forecasting Vulnerability
Real-time threat intelligence can help guide an organization’s remediation strategy against ransomware attacks. Instead of trying to patch everything, defenders can anticipate which vulnerabilities will likely be targeted based on specific types of weaknesses and assets and proactively mitigate the risks to prevent business disruptions.
Predicting Prioritization
TAC Security products have a feature known as the ESOF Prediction feature, which predicts the vulnerabilities of the upcoming month prior. Our ESOF VM platform constantly replaces legacy vulnerability and other tools to maintain your cybersecurity posture. Also, it auto-prioritizes open vulnerabilities across assets.
When a new asset is scanned on the network, the Prediction feature employs a machine learning algorithm to predict the vulnerabilities based on the previous month’s patches, vulnerability tools, and various point products to maintain your cybersecurity posture and constantly auto-prioritize open vulnerabilities across assets.
Prediction of the vulnerabilities warns security teams of the risk, often well before a CVSS value is assigned, and can be a helpful tool for early risk management as it provide Risk score of the organization.
The ESOF Risk Score is a numeric value ranging from 0.1 to 10, where a higher score indicates a greater probability of the vulnerability causing an asset to be compromised. With the rating system, exposures can be classified based on their impact on the asset, with ratings of Low (0.1-3.9), Medium (4.0-6.9), High (7.0-8.9), and Critical (9.0-10.0). The Risk score will help you maintain the security posture of your organization.
The ESOF Risk Score feature considers various risk factors constantly changing to highlight specific vulnerabilities that need urgent attention. It assesses each vulnerability’s risk level to identify the ones that require immediate action. This approach overcomes the challenge of vulnerability overload, which is a common issue with prioritization based on CVSS.
Vulnerabilities are rated according to their severity level, whether low, medium, high, or critical. If the vulnerability severity levels come as “High” or “Critical,” then the ESOF Risk Score feature will remediate them soon and maintain your organization’s security posture.
Based on the output of the monthly vulnerabilities, it predicts the cyber risk score and spots vulnerabilities that attackers exploit. Our platform ESOF suggests resolving vulnerabilities with the highest Risk score first.
TAC Security’s ESOF Prediction Model forecasts security weaknesses such as vulnerabilities in vulnerable assets and misconfigurations in security. To get the solution of your problems which you are facing with traditional vulnerability tools. TAC Security’s VM management platform ESOF will provide you solution for this.
Check out our website https://tacsecurity.com/.
Download ESOF Prediction Solution brief to know more about Prediction Feature.
You can also Click on the link to know more about product ESOF VMDR, ESOF AppSec, and ESOF VMP .
https://tacsecurity.com/insight-into-exploitation-forecasting-vulnerability/
0 notes
Text
New Vulnerability Found in FortiOS and FortiProxy
Fortinet has released updates to address 15 security flaws, one of which is a critical vulnerability that affects FortiOS and FortiProxy, allowing a threat actor to gain control of impacted systems. The vulnerability, named CVE-2023-25610, has been assigned a severity rating of 9.3 out of 10 and was discovered and reported by Fortinet’s security teams.
Fortinet’s advisory stated that the vulnerability is a buffer underwrite issue in the administrative interface of FortiOS and FortiProxy, which could enable an unauthenticated, remote attacker to execute arbitrary code on the device and perform a DoS on the GUI by using specifically crafted requests.
When the reserved space is larger than the input data, it leads to underflow bugs or buffer underruns, resulting in unpredictable behavior or the inadvertent disclosure of sensitive data from memory.
Additional potential outcomes involve memory corruption that could be exploited to cause a crash or perform unauthorized code execution.
According to Fortinet, no reported instances of the vulnerability being maliciously exploited exist. However, considering the history of previous software vulnerabilities being used in the wild, users must act swiftly in installing the patches.
The following versions of FortiOS and FortiProxy are impacted by the vulnerability –
FortiOS version 7.2.0 through 7.2.3
FortiOS version 7.0.0 through 7.0.9
FortiOS version 6.4.0 through 6.4.11
FortiOS version 6.2.0 through 6.2.12
FortiOS 6.0 all versions
FortiProxy version 7.2.0 through 7.2.2
FortiProxy version 7.0.0 through 7.0.8
FortiProxy version 2.0.0 through 2.0.11
FortiProxy 1.2 all versions
FortiProxy 1.1 all versions
Several versions of FortiOS and FortiProxy have available fixes, including FortiOS versions 6.2.13, 6.4.12, 7.0.10, 7.2.4, and 7.4.0; FortiOS-6K7K versions 6.2.13, 6.4.12, and 7.0.10; and FortiProxy versions 2.0.12, 7.0.9, and 7.0.9.
Fortinet is suggesting two workarounds for users, which are either disabling the HTTP/HTTPS administrative interface or restricting the IP addresses that are allowed to access it.
The network security company released fixes for 40 vulnerabilities a few weeks ago, two of which are classified as Critical and affect FortiNAC (CVE-2022-39952) and FortiWeb (CVE-2021-42756) Products. The disclosure of these vulnerabilities has now been made.
ESOF VMDR enables the detection of vulnerabilities
ESOF is a cutting-edge technology for vulnerability management that finds and fixes vulnerabilities (CVE-2023-25610) throughout the whole IT stack. ESOF VMDR is used as protection against malicious online attacks. It automatically prioritizes, checks for vulnerabilities immediately, and continuously scans for them after the user installs them on their system.
ESOF VMDR improves an enterprise’s security posture by identifying vulnerable assets, calculating a cyber risk score, and offering auto-prioritization and auto-remediation. In addition to this, it does a scheduled scan of your entire system across the web, mobile, SCR, and infrastructure. It separates the vulnerabilities that pose a severe threat to our system.
Our new ESOF Prediction function predicts the number of vulnerabilities in the following month. You may read more about it in our ESOF Prediction solution brief.
The foundation of TAC’s ESOF prediction model is that risk stems not from vulnerabilities but from attackers who take advantage of them. Network vulnerabilities are so prevalent that businesses require assistance to stay current. Your system is protected against assaults by these vulnerabilities if you can predict which ones will exist in the coming month.
Download ESOF VMDR Datasheet to know more about it.
Request a Demo Now!
https://tacsecurity.com/new-vulnerability-found-in-fortios-and-fortiproxy/
0 notes
Text
India’s Smartphone Security Shake-Up: Testing and Tackling Pre-installed Apps
As per a government document and two anonymous sources cited by Reuters, India proposes new security regulations requiring smartphone manufacturers to delete pre-installed apps and ensure screening of significant operating system updates.
The details of the new regulations, which have yet to be disclosed, may cause delays in smartphone releases in India, the world’s second-largest smartphone market. It could also result in revenue losses for Samsung, Xiaomi, Vivo, Apple, and other players due to removing pre-installed apps.
We want to ensure that pre-installed apps do not become a weak point in the security of our country and that foreign nations, including China, do not take advantage of them. This is a matter of national security,” said the official.
India has increased its examination of Chinese businesses since the border conflict with China in 2020 and banned more than 300 Chinese apps, including TikTok. Furthermore, it has intensified the scrutiny of Chinese firms’ investments.
Many countries worldwide have implemented limitations on technology usage from Chinese companies such as Huawei and Hikvision, citing apprehensions that Beijing could utilize them to conduct surveillance on foreign nationals. China has dismissed these accusations.
Currently, most smartphones are sold with pre-installed applications that cannot be removed, including Xiaomi’s GetApps app store, Samsung’s Samsung Pay mini payment app, and Apple’s Safari browser.
As per two individuals who are privy to the plan, smartphone manufacturers are obligated to offer an option to uninstall pre-installed apps under the proposed regulations. Additionally, a laboratory authorized by the Bureau of Indian Standards agency will examine new models for compliance.
One of the individuals said, “the government is contemplating a requirement for conducting a thorough examination of all significant operating system updates before their release to consumers.”
According to a confidential government document of an IT ministry meeting held on February 8 and seen by Reuters, many smartphones utilized in India have pre-installed apps/bloatware, creating significant privacy and information security concerns.
According to the meeting record, the confidential meeting was attended by representatives from prominent smartphone manufacturers such as Xiaomi, Samsung, Apple, and Vivo.
The document further revealed that the government had provided a one-year timeline for smartphone makers to comply with the regulations once the rules become effective. However, the exact implementation date has yet to be determined.
Despite Reuters’ request for comment, India’s IT ministry and the companies involved did not respond.
Enormous Obstacle
According to Counterpoint data, China-based companies like Xiaomi and BBK Electronics’ Vivo and Oppo command nearly 50% of India’s rapidly growing smartphone market. Based in South Korea, Samsung has a 20% share, while Apple holds only 3%.
Although European Union regulations mandate the capability to delete pre-installed applications, it does not have a mechanism for verifying compliance, as India is contemplating.
An industry executive contended that certain pre-installed applications, such as the camera, are vital for the user experience and that the government should differentiate between essential and non-essential apps when implementing screening rules.
ESOF AppSec carries out the verification of significant operating system updates.
ESOF AppSec from TAC Security offers extensive testing of your applications across diverse environments and helps you identify vulnerabilities in your web and mobile assets. The following are some of the capabilities of ESOF AppSec:
Identifies the SANS Top 25 and OWASP Top 10 vulnerabilities and ensures that our applications undergo vulnerability assessment throughout the DevSecOps cycle to eliminate shortcomings.
ESOF AppSec accurately detects the most crucial vulnerable assets and vulnerabilities. The Cyber Risk Score is a distinctive characteristic of ESOF, elevating your IT stack’s security posture and saving valuable time.
The exhaustive routine scans the complete source code of your mobile application and detects potential security and privacy concerns.
The ESOF Scanners conduct Blue Box and Black Box tests by eliminating false positives and providing precise results.
The recently introduced ESOF Prediction feature by TAC Security utilizes past trends and patched vulnerabilities to anticipate potential vulnerabilities and rate them based on severity.
To know more about ESOF AppSec, Download ESOF AppSec Datasheet Now!
https://tacsecurity.com/indias-smartphone-security-shake-up-testing-and-tackling-pre-installed-apps/
0 notes
Text
Russian Hackers Exploit Stealthy Outlook Vulnerability, Microsoft Warns
Microsoft recently issued guidance to assist customers in identifying indicators of compromise (IoCs) associated with a recently resolved Outlook vulnerability. The vulnerability, known as CVE-2023-23397 and scored a 9.8 on the Common Vulnerability Scoring System (CVSS), involves a critical flaw related to privilege escalation.
This flaw could allow for the theft of NT Lan Manager (NTLM) hashes and a relay attack to be staged without user interaction. This attack could allow an attacker to access sensitive data and systems and potentially compromise an organization’s network. Users and organizations need to apply the security updates and patches provided by Microsoft to mitigate the risk of exploitation by malicious actors.
The warning from the company highlights a significant security threat posed by external attackers. They can exploit a vulnerability in the system by sending specially crafted emails that create a connection between the victim’s device and an untrusted location controlled by the attackers.
As a result, the attackers gain access to the Net-NTLMv2 hash of the victim, which is then leaked to their network. This hash contains sensitive authentication information that can be transferred to other services to authenticate as the victim. The consequences of such an attack can be dire, ranging from identity theft to sensitive data. Ensuring that all software and applications are up to date with the latest security patches and educating employees on safe browsing and email practices are crucial to prevent this vulnerability.
Additionally, ESOF VMDR implements multi-factor authentication to reduce the chances of an attacker gaining unauthorized access to sensitive information. By taking these measures, businesses can protect themselves against external attackers and ensure their valuable data remains secure.
In March 2023, Microsoft addressed the vulnerability as a component of its Patch Tuesday updates. However, before its resolution, malicious actors from Russia had exploited the flaw to launch attacks on Europe’s government, transportation, energy, and military sectors.
Microsoft’s incident response team detected indications of potential vulnerability exploitation as early as April 2022. The tech giant explained that a Net-NTLMv2 Relay attack was executed successfully in a particular attack sequence, allowing the threat actor to gain unauthorized entry to an Exchange Server and alter mailbox folder permissions for sustained access.
After the compromised email account, it was utilized to expand the attacker’s reach within the affected system by sending further malicious messages to other organization members. Microsoft noted that while using NTLMv2 hashes to gain unauthorized access to resources is not new, the exploitation of CVE-2023-23397 is innovative and inconspicuous.
To detect any possible exploitation via CVE-2023-23397, organizations are advised to examine SMB Client event logging, Process Creation events, and other network telemetry data that is accessible. The disclosure coincides with releasing a new open-source incident response tool by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), which assists in identifying indications of evil activity in Microsoft cloud environments.
The agency stated that a Python-powered “Untitled Goose Tool” tool provides innovative authentication and data-gathering techniques for analyzing Microsoft Azure, Azure Active Directory, and Microsoft 365 environments.
Microsoft advised customers to maintain up to date on-premises Exchange servers earlier this year and implement network enhancements to minimize potential risks.
Get ESOF to safeguard your system against malicious attacks
The ESOF Vulnerability Management platform is a next-generation tool that utilizes ESOF VMDR to safeguard against malicious cyberattacks. Using an automatic approach, it prioritizes and continuously monitors all vulnerabilities right after the user installs them on their system.
Protecting systems from potential data breaches is critical, especially considering recent incidents such as the one that affected the U.S. Marshals Service. It is believed that the attackers may have exploited weaknesses in their IT stack, highlighting the importance of utilizing tools like ESOF VMDR.
ESOF VMDR protects your system in the following ways:
By leveraging its threat intelligence capability, it can pinpoint the assets that have vulnerabilities.
Using a cyber risk score enhances communication within the organization, reducing cyber risk and providing business owners with an understanding of their company’s security posture.
Take swift action on critical vulnerabilities through automated prioritization and remediation.
Ensure comprehensive protection of your company’s IT infrastructure, including all real-time files.
With scheduled scanning, you can identify zero-day vulnerabilities across multiple platforms, such as web, mobile, SCR, and infrastructure.
ESOF VMDR aids in discovering hidden vulnerabilities within the system and segregating them based on their high-risk status.
https://tacsecurity.com/russian-hackers-exploit-stealthy-outlook-vulnerability-microsoft-warns/
Share
0 notes
Text
Predicting your 2023 security needs
December, the last month of the year 2022, is going on, and we’ve come up with expert predictions and analysis on the trends of cyber security may predict in the coming year 2023.
Every year cybersecurity view worsens instead of a lot of efforts made by the CISO or expert team. An increment in cyberattacks and data breaches by 15.1% in 2021 has been seen in a report by ThoughtLabOpen’s new window, more than the preceding year.
Experts forecast that in 2023 more advanced ransomware will lead the organization toward more robust cybersecurity. In addition, 29% of CEOs/CISOs and 40% of Chief Security Officers confess that their enterprises are unfit for a promptly changing cybersecurity and threat outlook.
Here’s take a look at some of the cybersecurity trends every organization needs to watch in the succeeding year, 2023:
More robust cybersecurity predictions within organizations in 2023
Cyberattacks will be influenced by geopolitics in the future
Balancing privacy with regulation
Zero-trust enactment will grow
Increasing Deployment of Multifactor Authentication
Threats to small businesses will increase.
Cyberattacks will be influenced by geopolitics in the future
The cyber operations against Ukraine from Russia’s government-affiliated hacker groups will continue, per MIT Technology Review. In 2022, Russia attacked Ukraine at least six times with malware. As per the Forbes reports, businesses unbiased with the government might become the targets of state-sponsored attackers. In the months leading up to next year’s elections, over 70 countries are expected to see cyberattacks on infrastructure and disinformation campaigns.
After high-profile attacks like SolarWinds, LAPSUS$, and Log4Shell, policymakers are becoming increasingly concerned with securing the software supply chain, as demonstrated by the Biden administration’s Executive Order 14028 and the Securing Open Source Software Act, as well as France’s efforts to create cyber campuses.
Ransomware will continue to pose a threat.
According to the MIT Technology Review, Ransomware-as-a-Service (RaaS) is diminishing, especially after what happened to gangs that grew too big, such as REvil, DarkSide/BlackMatter, Conti, and LockBit. In 2023, we’ll see ransomware attacks concentrating on bribing data rather than concealing it. Due to the lack of complicated public-private essential handling requirements, data corruption is faster than full encryption, and the code is easier to write.
Cryptocurrency and the blockchain
As per the MIT technology review, crypto hacks occurred in 2022, having more than 100 extensive victims in the world of crypto. In 2023, attackers make it challenging to track the IP addresses as they are leasing out as a part of a bot proxy system. IP addresses make detecting and comprehending between a good home user and a bot difficult. In 2023, we’ll see more security leaders addressing bots by causing too much harm and lost revenue eventually.
Generating the use of AI and machine learning
Forbes reports state that it will use artificial intelligence and machine learning will automate cybersecurity, but threats could abuse them. Security researchers will concentrate on AI, a buzzword, next year. Also, in the next year, the US government will publish about 5G and cybersecurity.
Expansion of IoT and attack surface
In 2025, according to Forbes, there will be more than 30 billion IoT connections, with an average of four persons for each device. A PR Newswire report states that malicious activity is increasing due to the increasing number of threat vectors and the spread of the Metaverse.
There are many more cyber security trends for the year 2023:
Emphasize on companies security culture
The threat of Deepfakes and the increase in potency
Increase in security risk with economic variability
US Federal government takes necessary steps toward cyber security.
Founder of SecurityScore card Aleksandr Yampolskiy says that government will take significant steps towards security. In 2023, digital immune systems will deliver resilience and mitigate security and operational risks, according to Gartner.
In the upcoming year, 2023, technology companies will explore government contracts. However, it is crucial as they’ll merge with the public sector and look at these government regulations as standard to create essential secure software.
Get ESOF Prediction for cyber security Trends 2023
TAC Security’s ESOF Vulnerability Management platform replaces legacy vulnerability tools and various point products to maintain your cybersecurity posture constantly and auto-prioritize open vulnerabilities across assets. Our ESOF Prediction feature uses machine learning to report these vulnerabilities for the upcoming month. Your most recent scan results will calculate each architecture type’s vulnerability specifics.
Here are the features of ESOF Prediction. Check them out:
Predict the number of monthly vulnerabilities
This part of the model predicts the vulnerabilities for the upcoming month.
Prediction of ESOF cyber score
This part of the model uses the number of vulnerabilities for the upcoming month and calculates the estimated cyber score.
Prediction of patched vulnerabilities
This part of the model predicts the number of vulnerabilities that could be patched in the upcoming month.
Top 5 vulnerabilities
This part of the algorithm recommends the top 5 vulnerabilities that could occur in the upcoming month.
You can check out ESOF products to secure your IT Infrastructure.
0 notes
Text
Critical Citrix ADC and Gateway zero-day exploited by hackers
The Citrix ADC and Gateway contain a zero-day vulnerability (CVE-2022-27518) that state-sponsored hackers actively exploit to gain access to corporate networks. The latest vulnerability authorizes a fictitious attacker to implement commands remotely on vulnerable devices and apprehend them.
As the vulnerability is actively exploited in attacks, Citrix has warned admins to install the latest update at their earliest convenience. Further, the company mentions in the security update going along with the advisory, ” using this vulnerability, a small number of targeted attacks have been detected in the wild.”
The impact of this vulnerability has been seen in the following versions of the Citrix ADC and Citrix Gateway:
Citrix ADC and Citrix Gateway 13.0 before 13.0-58.32
Citrix ADC and Citrix Gateway 12.1 before 12.1-65.25
Citrix ADC 12.1-FIPS before 12.1-55.291
Citrix ADC 12.1-NDcPP before 12.1-55.291
Versions given above are affected only if the appliances are designed as SAML SPs (SAML service providers) or SAML IdPs (SAML identity providers.
Upgrades to Citrix ADC and Citrix Gateway version 13.1 address CVE-2022-27518. The ones using older versions need to upgrade to the latest version available for the 12.0(12.1.65.25) or 13.0 branch (13.0.88.16). Other than this, Citrix ADC FIPS and Citrix ADC NDcPP Should also update their versions from 12.1-55.291 or later.
Users of Citrix-managed cloud services do not need to take any action since Citrix has already remedied the issue. In addition, for ADC gadgets and executing the vendor’s security suggestions, system admins are advised to take counsel from Citrix Best Practices.
A state-sponsored hacker exploited the vulnerability
.Citrix has not shared any information about this new vulnerability exploit. The NSA has shared that the state-sponsored APT5 hackers (UNC 2630 and MANGANESE) are actively corrupting the threats in attacks.
ATPT5 was exploiting Citrix devices actively,” tweeted NSA cybersecurity director Rob Joyce. “Their guidance link below will help you identify and remediate this activity.”
An advisory published by the NSA titled “APT5: Citrix ADC Threat Hunting Guidance” provides tips on securing Citrix ADCs and Gateways and detecting if a device has been exploited.
Chinese state-sponsored hackers known as APT5 exploit zero-day vulnerabilities in VPN devices to gain access to sensitive information. APT5 breached the US Defense Industrial Base (DIB) network in 2021 through a zero-day exploit in Pulse Secure VPN devices. The vulnerability is currently only being exploited by APT5, but after it has been disclosed, we expect to see other groups use it shortly.
In the past, hackers took advantage of similar security issues to gain access to corporate networks, use ransomware, and steal data.
The CVE-2019-19781 remote code execution vulnerability was discovered in Citrix ADC and Citrix Gateway in 2019. A ransomware operation, a state-sponsored APT, or an opportunistic attacker can exploit the vulnerability. Due to the widespread abuse, the Dutch government advised companies to turn off their Citrix ADCs and Citrix Gateways until security updates could be applied.
Get ESOF VMDR to prevent your system from this vulnerability
An ESOF platform provides a Vulnerability Management Solution for detecting and mitigating IT vulnerabilities. To prevent malicious cyberattacks, ESOF VMDR is implemented. It prioritizes, automatically, immediately, and continuously monitors all vulnerabilities as soon as the user installs them on their system.
Its Threat intelligence feature helps to find out the assets affected by the vulnerabilities. Therefore, assisting the vector in string and attack vector of the cyber attack.
With schedule scanning, you can find zero-day vulnerabilities according to their architecture, like web, Mobile, SCR, and Infra.
The cyber risk score enhances the organization’s communication. As a result, it reduces cyber risk with a cyber score and provides business owners with a sense of how secure their organization is.
ESOF VMDR helps find the system’s hidden vulnerabilities and segregates the ones considered high risk.
Rapidly turn down critical vulnerabilities by auto-prioritization and auto-remediation.
Protect all the real-time files in your organization’s complete IT stack.
TAC Security’s ESOF VMDR is one of the product which helps auto-prioritize and auto-remediate all the vulnerabilities, threats, and risks in the complete IT stack. It manages overall exposures in real-time.
To know more about ESOF VMDR.Download
ESOF VMDR Datasheet
for more information!
https://tacsecurity.com/blog/critical-citrix-adc-and-gateway-zero-day-exploited-by-hackers/
0 notes
Text
Security firm Fortinet warns of active exploitation of SSL-VPN’s pre-auth RCE vulnerability.
On Monday, Fortinet actively exploited the wild emergency patches for a severe security flaw FortiOS SSL-VPN product.
Vulnerability is tracked as CVE-2022-42475 (CVSS score: 9.3). An unauthenticated attacker can execute arbitrary code via specially crafted requests by exploiting the heap-based buffer overflow vulnerability.
In an advisory released, Fortinet said, “In FortiOS SSL-VPN, a heap-based buffer overflow vulnerability [CWE-122] could allow a remote, unauthenticated attacker to execute arbitrary code or commands through explicitly crafted requests.”
The company is aware that this vulnerability has been exploited in the wild, so they urge customers to update their appliances quickly.
The zero-day vulnerability, which was first reported Monday by Le Mag IT, can be easily exploited by attackers and give them complete control of their devices. Furthermore, Olympe Cyberdefense recommended disabling VPN-SSL functionality if it’s not necessary.
Previously also, Fortinet was on November 28th in FortOS 7.2.3(other versions of vulnerability released). However, no details are there that it is a zero-day exploit.
However, on December 12, Fortinet released a security advisory FG-IR-22-398, warning the public that the vulnerability has been exploited in the wild and that all users or customers should update to the current version of the bug.
Fortinet SSL-VPNs have been an extensive target for attackers at the intensity that the FBI and CISA issued a zealous advisory to these flaws and their exploitation in 2021. There is still a risk of nation-state actors exploiting those legacy vulnerabilities in Fortinet SSL-VPNs. Since this vulnerability has already been used, organizations need to patch CVE-2022-42475 immediately to avoid it becoming one of the many legacy VPN flaws.
As remote work increased following the COVID-19 pandemic, attacks against VPNs have increased, with multiple government warnings since 2020. Earlier this year, FortiOS was exposed to another critical vulnerability that allowed attackers to circumvent authentication and was exploited in the wild. Fortinet was one of many companies to disclose the vulnerability publicly.
The issue impacts the following products –
FortiOS version 7.2.0 through 7.2.2
FortiOS version 7.0.0 through 7.0.8
FortiOS version 6.4.0 through 6.4.10
FortiOS version 6.2.0 through 6.2.11
FortiOS-6K7K version 7.0.0 through 7.0.7
FortiOS-6K7K version 6.4.0 through 6.4.9
FortiOS-6K7K version 6.2.0 through 6.2.11
FortiOS-6K7K version 6.0.0 through 6.0.14
Switch to ESOF VMDR to secure entire IT Stack from this Vulnerability
ESOF VMDR provides vulnerability management to your complete IT stack as it can auto-remediate and auto-prioritize all vulnerabilities. From the initial level only, you should ensure that your organization is resilient from all cyberattacks. TAC Security looks forward to scrutinizing every vulnerable asset in the complete IT infrastructure with ESOF VMDR. Let’s check out its features:
Quickly diminishes critical vulnerabilities by auto-prioritization and auto-remediation.
Protect all the real-time files in your organization’s complete IT stack.
Cyber Score: Improve cross-organization communication
It is possible to find zero-day vulnerabilities according to the application’s architecture, such as the web, mobile, SCR, or infrastructure.
Find everything on your network automation of asset inventory.
Trigger and integrate remediation workflows.
Get to know your OWASP and SANS vulnerabilities.
One-click notification to know if your asset has zero-day vulnerabilities.
TAC Security got a new ESOF Prediction feature that forecasts the number of vulnerabilities in an asset and the Cyber Risk Score for the upcoming month. Therefore, you don’t have to waste time looking for lengthy reports and smoothly get the approaching month vulnerabilities. ESOF Prediction Feature predicts the following:
Predicts monthly vulnerabilities
Predicts Cyber Risk Score
Predicting the vulnerabilities that may arise in the upcoming month
Top 5 vulnerabilities
Gain visibility into your organization’s cyber risk
Check out the
ESOF VMDR Datasheet
Request a demo Now!
https://tacsecurity.com/blog/security-firm-fortinet-warns-of-active-exploitation-of-ssl-vpns-pre-auth-rce-vulnerability/
0 notes
Text
An attack on Rackspace’s Exchange system has been confirmed as Ransomware
On Tuesday, Rackspace, a Texas-based cloud computing provider, confirmed that a Ransomware attack is at an Exchange outage as an “isolated Disruption.”
The cloud service provider announced the attack on Tuesday morning. A “security incident” has caused outages in Rackspace’s Hosted Exchange environment, which Rackspace announced on Saturday. Rackspace has revealed that a ransomware attack was their extended email outage that agitates customer services.
According to Rackspace, the intrusion targeted its hosted Exchange businesses; Rackspace Email and its other offerings were unaffected. However, the company still needs to determine which customer data is affected. If they find out the customer’s delicate information got affected, they’ll inform them.
Previously, in its announcement, Rackspace encouraged customers to migrate their users and domains to Microsoft 365 but did not provide a timeline for bringing back hosted Exchange. Rackspace Technology’s other products and services are entirely in operation, and they have not faced any whack to their Email product line and platform.
The spokesperson from Rackspace said in the Press Release that the ransomware incident might result in a loss of revenue for its Hosted Exchange business, which generates annually $30 million in revenue in the Apps and Cross-platform segments. Furthermore, Rackspace Technology may incur incremental costs due to the incident response.”
All the services under Rackspace outage still influence the Hostage exchange Environment, which includes MAPI/RPC, POP, IMAP, SMTP, Active Sync, and OWA (Outlook Web Access)interface that retrieves online email management. A twenty-four-hour period after the outage began, Rackspace revealed that it was caused by a security incident that was isolated to a portion of its Hosted Exchange platform.
Dangers of Ransomware
In today’s time, ransomware is an expanding threat as it’s one of the most beneficial processes a cyber attacker can go through. Companies face more dangers from ransomware than their bottom lines.
As per TAC Security’s report on the ransomware data leaks 82% hike is there in 2021. Other than the monetary losses, the companies on target can lose their customers’ or clients’ data and trust.
Ransomware protection with ESOF VAPT
ESOF VAPT (vulnerability Assessment penetration testing) prevents your entire organization’s data from the latest ransomware attacks. Also, it prevents your system data from being affected because of a ransomware attack and how it has affected the internal network. TAC Security’s ESOF Vulnerability Assessment Penetration Testing allows you to identify and auto-prioritize all the vulnerabilities.
Identifies assets that are susceptible to ransomware
Discovers the security flaws that the ransomware attack can dodge
Eliminate the effect of ransomware attacks
Making your enterprise less vulnerable to ransomware
There are significant operational shortcomings in managing ransomware-related risks.
Preventing attacks before they occur is dependent on DevSecOps culture. ESOF VAPT services take actionable steps in detecting and fixing vulnerabilities. Besides, it remediates risks, creating a slayer defense posture and attaining protective ability.
To know more about TAC Security products
Download datasheets now!
https://tacsecurity.com/blog/an-attack-on-rackspaces-exchange-system-has-been-confirmed-as-ransomware/
0 notes
Text
Schoolyard Trojan apps stole over 300,000 Android user’s Facebook credentials.
https://tacsecurity.com/blog/schoolyard-trojan-apps-stole-over-300000-android-users-facebook-credentials/A new Android threat campaign called the Schoolyard Bully Trojan has been affecting more than 300,000 users across 71 countries.
According to a report, 2018 the campaign has been active since 2018, mainly targeting Vietnamese readers and victims across 71 other countries. Various applications have been taken down from Google Play Store but are still being found in Third-party app stores. However, they are still available on other websites.
The malware disguises itself as a legitimate educational application to fool unsuspecting users into downloading.
What Trojan Schoolyard Bully can do
The report states, “The Trojan uses Javascript injection to steal Facebook credentials.” Launching Facebook’s login page in a WebView embeds malicious JavaScript code that exfiltrates the user’s phone number, email address, and password to a configured command-and-control (C2) server.
Furthermore, Schoolyard Bully also uses native libraries like “libabc. so” to avoid detection by anti-virus programs. Despite targeting Vietnamese-language applications, the malware has also been found in more than 70 other apps, underscoring the scale of the attack.
A similar campaign codenamed FlyTrap was discovered more than a year ago, aimed at compromising Facebook accounts by using rogue Android apps. Mobile threat intelligence Director Richard Melick said, “Attackers can cause a lot of damage sneaking Facebook passwords.”
Impersonating someone from their legitimate Facebook account allows them to easily phish friends into sending money or sensitive information.
Nearly 64% of individuals use the same passwords. Therefore, due to the high rate of password recycling, the Schoolyard Bully Trojan has been around for quite some time. If an attacker steals someone’s Facebook password, there’s a high probability that the same email and password will work with banking and financial apps, corporate accounts, and so much more.
Schoolyard Bully has been available through Google Play and other third-party app stores since 2018. However, Google has pulled out malicious applications from the play store, but they are still available on other websites.
The malware is disguised under educational applications. Using JavaScript injections, Schoolyard Bully displays phishing pages that trick Facebook users into handing over their credentials. Besides this, the malware also supports the cyber attackers in collecting information like Facebook profile name, ID, and device details.
Secure your system from Schoolyard Trojan with ESOF AppSec
Secure your system or entire IT Stack from Schoolyard malware with ESOF AppSec. AppSec provides you with extensive testing of the applications in various surroundings. Also, it will help you discover Zero-day vulnerabilities in your IT infrastructure web and app assets.
Other than this,TAC Security’s product ESOF AppSec helps in the following:
Provide Scheduled scanning of your complete mobile app source code while detecting security and privacy issues.
Detects most critical vulnerabilities and vulnerable assets.
It gives you a Cyber Risk Score, helping you save time from reading lengthy and bulky reports. With the help of a risk score, you can enhance the security posture of the complete network.
Our ESOF Scanners Black Box and Blue Box tests are executed. It eliminates false positives and gives exact results.
It discovers OWASP’s Top 10 Vulnerabilities and SANS’ Top 25 vulnerabilities.
In-depth Schedules scanning of your web and mobile apps
Allows your app to undergo penetration testing throughout the complete DevSecOps cycle to eliminate the faults.
Security is a Shared Responsibility
Download ESOF AppSec Datasheet for more details
https://tacsecurity.com/blog/schoolyard-trojan-apps-stole-over-300000-android-users-facebook-credentials/
0 notes
Text
Malware Injection attack is a threat to National Security
A cyber attack on some of CDSL’s internal machines impacted the depository’s trade and settlement activities on Friday (November 18). A malware attack affected back-end operations and trade-related activities at Central Depository Services (India).
The company statement read, “After thorough checks and validations, CDSL systems are now live. It is possible to carry out depository activities using the systems.”
Furthermore, they said, “Coordination with other Market Infrastructure Institutions (MIIs) has brought the pending settlement activities related to Business Day on Friday, November 18, 2022, to a successful conclusion”.
What is a CDSL attack?
CDSL (Central Depository Services Limited), which holds the dematerialized shares, mutual funds, and other securities of corporate and retail investors, should be treated as a threat to national security.
It’s a malware injection attack that infects some machines of CDSL. When CDSL security researchers identified the attack, they isolated that machine and disconnected itself from other market constituents.
“A malware attack is a cyberattack where malicious software executes unauthorized actions on the victim’s system. Malicious software encompasses many specific attacks, such as ransomware, spyware, command control, etc.”
What Happened??
CDSL’s settlement services were affected on Friday by cyber attacks on its internal computers. Because of the system failures at the CDSL, services such as pay-in, pay-out, pledge, or unpledged securities for margin were down.
Furthermore, the depository notified the Securities and Exchange Board of India and the Indian Computer Emergency Response, Team. CERT-In’s latest guidance on breach reporting, a six-hour reporting rule, now governs cyber incidents. SEBI has asked Indian stock brokers to report cybersecurity incidents within six hours of being discovered.
However, brokers continued to face issues as trading resumed. Various stock brokers comment that services like pay-in, pay-out, and pledged or unpledged securities for edge were down as system failure is at CDSL.
Get ESOF to secure your system from malicious Cyber Threats.
ESOF is a single platform providing a Vulnerability Management Solution to detect and protects your IT infrastructure from Vulnerabilities. ESOF VMDR prevents systems from malicious cyberattacks. As the user installs it on their systems or computer, it sees auto-prioritizes, automatically immediately all the vulnerabilities, and constantly monitors them.
ESOF VMDR helps find the system’s hidden vulnerabilities and segregates the ones considered high risk.
Its Threat intelligence feature helps to find out the assets affected by the vulnerabilities. Therefore, assisting the vector in string and attack vector of the cyber attack.
With schedule scanning, you can find zero-day vulnerabilities according to their architecture, like web, Mobile, SCR, and Infra.
Rapidly turn down critical vulnerabilities by auto-prioritization and auto-remediation.
Protect all the real-time files in your organization’s complete IT stack.
It enhances the organization’s communication as it provides a cyber risk score. Therefore, it helps reduce cyber risk with cyber score and provides business owners with an organizational security posture.
ESOF VMDR is one of the products of TAC Security which helps auto-prioritize and auto-remediate all the vulnerabilities, threats, and risks in the complete IT stack. Having End-to-End automation prevents the assets from all malware and cyber attacks.
Better Safe than Sorry
Download the ESOF VMDR datasheet and secure your systems Now!
Visit : https://tacsecurity.com/blog/malware-injection-attack-is-a-threat-to-national-security/
0 notes
Text
Is your security strategy built on the right platform?
Simplifying integration, improving visibility, sharing intelligence, and automating workflows across endpoints- cloud, network, and applications. Security Platforms integrate vendor-specific functionality and third-party functions so that security teams can work more efficiently, faster, and more collaboratively.
In addition to reducing operational costs, security platforms enhance operational efficiency and precision, improve business security, and maintain business continuity.
Gartner talks about the future of security teams with SOAR (Security Orchestration and Automation Response)
According to Gartner; SOAR technologies enable organizations to digest and apply inputs from different sources (primarily SIEM systems). The desired outcome can be achieved by integrating these solutions with other technology and automating them. In addition, there are features for managing cases and incidents, managing threat intelligence, dashboards, and reports, as well as analytics that can be applied across a range of processes.
Security operations activities such as threat detection and response are significantly enhanced with SOAR tools that assist human analysts by providing machine-powered assistance to increase efficiency and consistency.
The CISCO model and the ESOF are based on the modern platform architecture
Just like CISCO, and the ESOF network model consists of three-layer
1. The Core Layer
2. The Distribution Layer
3. The Access Layer
The main advantage of the ESOF network model, is that it helps to design, deploy and maintain scalable, trustworthy, cost-effective internetwork.
Improve Performance: It allows the creation of good performance networks.
Exceptional management & troubleshooting: It allows better network management and sets the origin of network trouble apart.
Enhance Filter/Policy creation and application: It allows a better filter/policy creation application.
Adaptability: It allows the user to efficiently integrate future growth.
Better Redundancy: It provides better redundancy as it has multiple links across multiple devices.
Benefits of Security orchestration, automation, and response (SOAR) platforms
Speedy Detection & Reaction Times: Day by Day, security threats are increasing rapidly. SOAR’s enhancing data context, merging with automation, brings the lower mean time to detect(MTTD) and mean time to respond(MTTR). Hence, SOAR lessens the impact as it detects and responds to threats more speedily.
Better Threat Context: The SOAR platform can provide better context, analysis, and updated threat information by consolidating more data from a broad array of tools and systems.
Uncomplicated Management: SOAR platforms consolidate dashboards from various security systems. Therefore, helping the SecOps and other teams by amalgamating information and data handling, streamlining management, and saving time.
Adaptability: As security event volume grows, automating time-consuming manual processes can become impossible. So, SOAR’s orchestration, automation, and workflows can meet adaptability and demands simply.
Prioritize tasks more effectively: Automating lower-level threats enhances SecOps and SOC teams’ responsibilities, making them more efficient in prioritizing and responding to threats that require human intervention.
Rationalizing Operations: Automating lower-level tasks through standard procedures and playbooks enables SecOps teams to respond to more threats in a shorter period. Additionally, these workflows ensure that standardized remediation efforts are applied across all systems throughout the organization.
Reporting and Alliance: Reporting and analysis on SOAR platforms enable better data management processes and more effective security response efforts for more effective security. In addition to improving communication and collaboration throughout disparate enterprise teams, SOAR platforms have central dashboards that can facilitate information sharing.
Affordable Costs: When security analysts use SOAR tools, they can reduce costs, as opposed to manually operating every threat analysis, detection, and response process.
How ESOF is the choice of SOAR platform for VM
TAC Security’s ESOF products can execute automated tasks between various cybersecurity teams using a single platform. ESOF is a platform based on SOAR (Security Orchestration, automation, and response) technology. SOAR platforms are identical to SIEMs(Security Information and event management) as they can aggregate, correlate and analyze details from different sources.
In addition, the ESOF platform is the choice for a cloud-based, SOAR platform Risk-based Vulnerability Management Solution. Also, it integrates threat intelligence and automates incident investigation and response workflows based on the manuscript created by the security team.
Under ESOF comes three high-end products:
1. ESOF VMDR: Analyze, evaluate, prioritize, and mitigate all the dominant vulnerabilities and risks across the IT landscape in real-time.
2. ESOF VMP: The ESOF VMP provides data from various organizational vulnerabilities into a risk metric.
3. ESOF AppSec: Unified Vulnerability Management Solution for Detecting and Protecting Web and App Assets.
ESOF is the choice for a cloud-based, SOAR platform Risk-based Vulnerability Management Solution.
Stay Vigilant Download the ESOF products Datasheet to learn more about its products.
0 notes
Text
Discover how ESOF strengthens your organization’s security posture and the challenges faced by the security team
You cannot implement a security strategy if you don’t know what vulnerabilities exist in your IT assets. Vulnerability management is a foundational control in most security frameworks. Yet it remains one of the most labor-intensive efforts for security teams.
With new emerging vulnerabilities, everyone knows how essential security is for an organization. A simple glance at the news provides information on the worldwide data breach. Security is widespread and mainstream, but security teams struggle to keep pace with the threat landscape.
An organization’s security infrastructure regularly requires updates on emerging threats through vulnerability assessment and penetration testing. To attain sustainable security infrastructure, you must invest in a security platform, product, or service. Hence, transforming a one-time occurrence of security into a lifecycle assists in generating security returns.
Why does the security team need to do more in 2023?
Security teams are working hard to do more if they rely on legacy platforms and do lots of manual work to review CVSS data and determine priorities. However, they fail to realize that prioritizing vulnerabilities based solely on CVSS is a less than effective method, meaning security teams efficiency and valuable time is spent on harmless vulnerabilities.
ESOF VMDR helps the security team reduce risks by auto-prioritization and discovering the critical vulnerabilities that drive risk. Make your team more effective and efficient with VMDR.
Improve the effectiveness and efficiency of your security team by switching to ESOF VMDR
Enterprise Security in One Framework for Vulnerability Management, Detection, and Response(ESOF VMDR) is built with auto-remediate and auto-prioritizing vulnerabilities. Setting up security measures from the start will ensure that your enterprise will be resilient to malicious attacks. TAC’s ESOF allows forward-looking organizations to analyze each asset’s vulnerability in their IT infrastructure, having additional features like :
Rapidly reduces critical vulnerabilities by auto-prioritization and auto-remediation.
Cyber Score: Improve cross-organization communication
Find everything on your network automation of asset inventory.
Trigger and integrate remediation workflows.
Get to know your OWASP and SANS vulnerabilities
One-click notification to know if your asset has zero-day vulnerabilities.
Protect all the downloaded files in real-time within an organization’s IT infrastructure.
TAC Security’s ESOF VMDR helps reduce vulnerabilities, threats, and risks in your entire IT Stack. End-to-end capabilities make your team more effective and efficient as it also prevents assets from being affected by malicious activities. Enterprises deploying VM solutions must take protective measures to reduce risks and vulnerabilities.
Download ESOF VMDR Data Sheet for more details
Share
#tacsecurity #vulnerabilitymanagement #esof
0 notes
Text
Google patches active exploitation of a zero-day vulnerability in Chrome in 2022.
It was the seventh zero-day vulnerability Google had patched this year, affecting its flagship Chrome web browser. The latest patch fixed an error regarding type confusion in the JavaScript-based V8 engine.
Security vulnerabilities in Chrome are being actively exploited; On Friday, Google said it expressed emergency fixes to address them. An issue with CVE-2022-3075 relates to insufficient data validation in Mojo, a collection of libraries that provides a platform-independent mechanism for inter-process communication (IPC). On 30 August 2022, an anonymous researcher announced high severity flaw.
Internet giant Google said, “They are aware of the reports that an exploit for CVE-2022-3075 dwell in the wild. To prevent additional threat actors from exploiting the vulnerability, we will not divulge too many details about the nature of the attacks.”
Discover Chrome’s zero-day vulnerabilities
The previous six zero-day vulnerabilities in Chrome that Google has set on are:
CVE-2022-0609 – Use-after-free in Animation
CVE-2022-1096 – Type confusion in V8
CVE-2022-1364 – Type confusion in V8
CVE-2022-2294 – Heap buffer overflow in WebRTC
CVE-2022-2856 – Insufficient validation of untrusted input in Intents
CVE-2022-3075– Insufficient Data Validation
As per the Common Weakness Enumeration (CWE), type confusion is when any program attempts to access any system resource using an incompatible type. In other words, if a program defines a class for an object or variable and then accesses that same resource with a different kind, it might cause logical errors.
Mainly, applications are written in languages without memory protection, such as C and C++, allowing arbitrary code execution. The successful exploitation of type confusion vulnerabilities can permit threat actors to access off-limits system memory. V8 is written in C++.
Consequently, it is almost certain that merely viewing a booby-trapped website is potential trouble, as it could launch malware and rogue code on your system without any warnings or pop-ups- said one of the research scientists at Sophos.
Take a more dynamic approach with ESOF AppSec.
After Google’s admission, you need to see if you have these zero-day vulnerabilities in your IT stack’s web and app assets. We can help – our ESOF AppSec discovers the most critical vulnerabilities and vulnerable assets across your web and mobile apps. And we can scan your web app source code for security and privacy issues.
In addition, when you combine automated inspections with human assessments and reviews you can ensure that source code security is enhanced by identifying security flaws and logical errors.
Some of ESOF AppSec’s features include:
Cyber Risk Scores save you time because you don’t have to read detailed, lengthy reports. Using the risk score, you can improve the security posture of the entire network.
With ESOF Scanners, tests are executed on Grey Boxes and Black Boxes, giving exact results, and eliminating many false positives.
Your Security, our Passion
Make your IT Stack safe with ESOF.
Download ESOF AppSec Datasheet for more information.
https://tacsecurity.com/blog/google-patches-active-exploitation-of-a-zero-day-vulnerability-in-chrome-in-2022/
0 notes
Text
Patch released to address Zero-Day RCE vulnerability in Sophos Firewall
Sophos released a new critical zero-day vulnerability in the company’s firewall product, a security software company. Attackers were misusing this new vulnerability to assault customer networks. The company User Portal and Webadmin have a code injection vulnerability that allows remote code execution.
The company has mainly distinguished the vulnerability used to mark a small group of organizations in the South Asian Region. A notification was sent to hardware and software vendors.
Customers with remediated versions of Sophos Firewall who have enabled the “Allow automatic installation of hotfixes” feature do not need to take any action. According to Sophos, we will continue investigating this issue and provide further details.
Who is Sophos?
Sophos is a British Security software and hardware company that has tracked the flaw in the product of Firewall. The company creates products for communication endpoint, encryption, network security, and unified threat management. It mainly provides security software to 1 to 5000-seat enterprises.
What vulnerability was found?
Sophos Firewall versions 19.0 and older are vulnerable to an attack via CVE-2022-3236 via the User Portal or WebAdmin. However, the CVSS severity score is issued. Sophos said that it allows for remote code execution and considers it critical.
Furthermore, the company said, “They have discovered this vulnerability put in use to attack a small portion of the enterprises, mainly in the South Asian Region.”
A hotfix was released for supported versions (v17.0 through v19.0) and a workaround that disabled WAN access for WebAdmin and the User Portal.
How can you be secured?
As a workaround, the suggestion was that users ensure that the User Portal and Webadmin are not unveiling to WAN. However, users can upgrade to modern protections and the appropriate fixes. Sophos Firewall vulnerabilities are now under active attack for the second time in a year. In March, another vulnerability (CVE-2022-1040) was exploited to attack South Asian organizations.
A Chinese advanced persistent threat (APT) called DriftingCloud was linked to the attack campaign in June 2022, according to cybersecurity firm Volexity. There has also been an attempt to smuggle sensitive information from Sophos firewall appliances using a trojan called Asnarök.
A more proactive approach
Organizations should look for these vulnerabilities and remediate them as a permanent solution. TAC Security’s ESOF VMDR platform has a vulnerability scanner that constantly scans and detects the assets’ vulnerabilities, threats and risks. It allows forward-looking organizations to do the vulnerability analysis of every asset in their entire IT stack.
TAC Security’s ESOF VMDR helps in empowering your complete IT structure:-
Explore the risks and get to know the cyber risk score.
Know your Top 5 vulnerabilities and Bussiness Units
A one-click notification lets you know if there are possible zero-day vulnerabilities associated with your asset.
Examine vulnerabilities, and prevent assets from malignant activities
With ESOF VMDR, you can protect all files downloaded across the organization in real-time.
https://tacsecurity.com/blog/patch-released-to-address-zero-day-rce-vulnerability-in-sophos-firewall/
#vulnerabilitymanagement #vulnerabilityscanner #vulnerability
0 notes
Text
Ransomware Encryption: Emerging Cyber Security Strategies
Detecting Ransomware plays a crucial role for all security teams as it can be hazardous to the organizations or their complete IT stack. However, it is challenging to resemble a ransomware attack in the organization and get secure, though it might have protection set up in it. A Vulnerability Assessment Penetration Testing (VAPT) is the perfect way to identify whether the security and safeguarding method is working correctly or not. And if not then it can cause irreversible damage to your organization.
There has been an increase in ransomware that performs intermittent encryption, which more efficiently and covertly attacks victim systems.
A ransomware attack can encrypt files intermittently by encrypting only parts of them, either randomly or on a regular cycle, such as alternating bytes on each encryption. Consequently, ransomware can encrypt affected files more quickly
What is Penetration Testing?
Penetration testing is an agile security process. Ethical hackers, also known as cyber security professionals, strive for cyberattacks against a system to detect and regulate protection weaknesses. Testing an organization’s security processes and tools and discovering vulnerabilities in its underlying infrastructure are two purposes of network penetration testing.
As opposed to reactive security methods applied when a breach or security issue detects, network penetration testing can remediate ransomware and resolve them before threats exploit them, not unlike the reactive security methods that solicit when a breach or security issue is introduced.
Cyber security strategies are under threat from approaching ransomware encryption
In both cases, intermittent encryption allows ransomware to go undetected, performing I/O operations at a small scale not recognized as malicious, and partially-encrypted files may more closely resemble their safe counterparts and therefore not be recognized as affected.
It’s challenging to find out the ransomware with intermittent encryption. Discovering the uneven input/output operations or directly comparing the files that are safe and those considered encrypted can depend upon the Ransomware detection software. In both cases, intermittent encryption allows ransomware to go undetected, performing I/O operations at a small scale not recognized as malicious, and partially-encrypted files may more closely resemble their safe counterparts and, therefore, not be identified as affected.
It’s challenging to find out the ransomware with intermittent encryption. Discovering the uneven input/output operations or directly comparing the files that are safe and those considered encrypted can depend upon the Ransomware detection software. In both cases, intermittent encryption allows ransomware to go undetected, performing I/O operations at a small scale not recognized as malicious, and partially-encrypted files may more closely resemble their safe counterparts and, therefore, not be identified as affected.
According to Sophos, in 2021, LockFile ransomware was the first to use this method, encrypting every 16 bytes of affected files. SentinelLabs researchers have found out that the new process is the new process taken into use by various threat actors.
Qyick is also one of the ransomware which is written down on a dark web forum by user ‘Lucrostm’. However, researchers are looking for the sample for testing but didn’t get Qyick accurate analysis until now. Blackcat is Rust-based ransomware discovered by the Federal Bureau of Investigation (FBI), which is observed to employ intermittent encryption as an attack strategy.
Ransomware detection & prevention service: ESOF VAPT
By evolving the latest and quick ransomware attacks, ESOF VAPT (vulnerability Assessment penetration testing) prevents your entire IT stack from vulnerabilities. Additionally, it detects whether you could lose your system data due to the ransomware attack and how it affects your internal network. The protection power’s ability of TAC Security’s ESOF to identify and remediate ransomware attacks is performed.
Detects particular assets that ransomware can affect
Recognize protection flaws that the ransomware attack can evade
Decrease the influence of these attacks
Reducing your enterprise’s ransomware attack surface
Considerate operational defects in the management of ransomware-linked risks.
DevSecOps culture is a significant factor in preventing attacks before they occur. As a result of “shifting left,” security is visualized earlier in the development timeline rather than as an afterthought.
Benefits from the ESOF VAPT help in preventing ransomware:
Reducing manifestation, Remediation Price, Inconvenience, and Network spare time
Prioritize Risks and create a slayer Defense Posture
Attain Protective Ability
Acquiesce with industry supervision and standards
https://tacsecurity.com/blog/ransomware-encryption-emerging-cyber-security-strategies/
0 notes