Aggregator
Biden-Harris Administration Announces NY CREATES’ Albany NanoTech Complex as the first CHIPS for America R&D Flagship Facility and Planned Site for the estimated $825 Million CHIPS for America EUV Accelerator
CISA Releases Four Industrial Control Systems Advisories
CISA released four Industrial Control Systems (ICS) advisories on October 31, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
- ICSA-24-305-01 Rockwell Automation FactoryTalk ThinManager
- ICSA-24-030-02 Mitsubishi Electric FA Engineering Software Products (Update A)
- ICSA-24-135-04 Mitsubishi Electric Multiple FA Engineering Software Products (Update A)
- ICSA-23-157-02 Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series (Update B)
CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.
Foreign Threat Actor Conducting Large-Scale Spearphishing Campaign with RDP Attachments
CISA has received multiple reports of a large-scale spearphishing campaign targeting organizations in several sectors, including government and information technology (IT). The foreign threat actor, often posing as a trusted entity, is sending spearphishing emails containing malicious remote desktop protocol (RDP) files to targeted organizations to connect to and access files stored on the target’s network. Once access has been gained, the threat actor may pursue additional activity, such as deploying malicious code to achieve persistent access to the target’s network.
CISA, government, and industry partners are coordinating, responding, and assessing the impact of this campaign. CISA urges organizations to take proactive measures:
- Restrict Outbound RDP Connections:
- Forbid or significantly restrict outbound RDP connections to external or public networks. This measure is crucial for minimizing exposure to potential cyber threats.
- Implement a Firewall along with secure policies and access control lists.
- Block RDP Files in Communication Platforms:
- Prohibit RDP files from being transmitted through email clients and webmail services. This step helps prevent the accidental execution of malicious RDP configurations.
- Prevent Execution of RDP Files:
- Implement controls to block the execution of RDP files by users. This precaution is vital in reducing the risk of exploitation.
- Enable Multi-Factor Authentication (MFA):
- Enable MFA wherever feasible to provide an essential layer of security for remote access.
- Avoid SMS MFA whenever possible.
- Adopt Phishing-Resistant Authentication Methods:
- Deploy phishing-resistant authentication solutions, such as FIDO tokens. It is important to avoid SMS-based MFA, as it can be vulnerable to SIM-jacking attacks.
- Implement Conditional Access Policies:
- Establish Conditional Access Authentication Strength to mandate the use of phishing-resistant authentication methods. This ensures that only authorized users can access sensitive systems.
- Deploy Endpoint Detection and Response (EDR):
- Implement Endpoint Detection and Response (EDR) solutions to continuously monitor for and respond to suspicious activities within the network.
- Consider Additional Security Solutions:
- Evaluate, in conjunction with EDR, the deployment of anti-phishing and antivirus solutions to bolster their defenses against emerging threats.
- Conduct User Education:
- Have a user education program that highlights how to identify and report suspicious emails. Robust user education can help mitigate the threat of social engineering and phishing emails.
- Recognize and Report Phishing: Avoid phishing with these simple tips.
- Hunt For Activity Using Referenced Indicators and TTPs:
- Utilize all indicators that are released in relevant articles and reporting to search for possible malicious activity within your organization’s network.
- Search for unexpected and/or unauthorized outbound RDP connections within the last year.
CISA urges users and administrators to remain vigilant against spearphishing attempts, hunt for any malicious activity, report positive findings to CISA, and review the following articles for more information:
- Microsoft: Midnight Blizzard conducts large-scale spearphishing campaign using RDP files
- AWS Security: Amazon identified internet domains abused by APT29
- The Centre for Cybersecurity Belgium: Warning: Government-themed Phishing with RDP Attachments
- Computer Emergency Response Team of Ukraine: RDP configuration files as a means of obtaining remote access to a computer or "Rogue RDP"
Government Sector Suffers 236% Surge in Malware Attacks
2024 年预防网络攻击的 12 项网络安全最佳实践措施
CVE-2024-42133 | Linux Kernel up to 6.6.38/6.9.8 Bluetooth hci_le_big_sync_established_evt Privilege Escalation (38263088b845/dad0003ccc68/015d79c96d62 / Nessus ID 209953)
Что снится паукам? Домашний эксперимент раскрыл древнюю тайну эволюции
CVE-2024-10392 | AI Power Plugin up to 1.8.89 on WordPress unrestricted upload
CVE-2024-9700 | Forminator Forms Plugin up to 1.36.0 on WordPress resource injection
CVE-2024-9430 | Get Quote for Woocommerce Plugin up to 1.0.0 on WordPress authorization
CVE-2024-21537 | lilconfig 3.1.0 dynamicImport code injection (SNYK-JS-LILCONFIG-6263789)
CVE-2024-43383 | Apache Lucene.Net.Replicator up to 4.8.0-beta00016 deserialization
Change Healthcare漏洞影响 1 亿美国人
CVE-2024-43933 | WPMobile.App Plugin up to 11.48 on WordPress cross-site request forgery
CVE-2024-43930 | eyecix JobSearch Plugin up to 2.5.3 on WordPress cross-site request forgery
安卓防止屏幕休眠命令
CVE-2024-50387:黑客大赛中QNAP严重漏洞被利用,立即修补!
Cynet enables 426% ROI in Forrester Total Economic Impact Study
Cost savings and business benefits were quantified in “The Total Economic Impact of Cynet All-in-One Security,” a commissioned study conducted by Forrester Consulting on behalf of Cynet in October 2024. The Total Economic Impact Study framework helps organizations understand the financial effects of their strategic technology investments. Based on interviewed customers with experience using Cynet, Forrester found that Cynet’s All-in-One Cybersecurity Platform generated $2.73 million in savings, paying for itself in under six months, for … More →
The post Cynet enables 426% ROI in Forrester Total Economic Impact Study appeared first on Help Net Security.