Ivanti observed a 7.6% rise in the number of vulnerabilities tied to ransomware, most of which were exploited by Conti
Monthly Archives: May 2022
needrestart-3.6-1.el8
FEDORA-EPEL-2022-b991c4d1df
Packages in this update:
needrestart-3.6-1.el8
Update description:
Security fix for CVE-2022-30688
needrestart-3.6-1.el7
FEDORA-EPEL-2022-4add1d3059
Packages in this update:
needrestart-3.6-1.el7
Update description:
Security fix for CVE-2022-30688
CVE-2020-4107
HCL Domino is affected by an Insufficient Access Control vulnerability. An authenticated attacker with local access to the system could exploit this vulnerability to attain escalation of privileges, denial of service, or information disclosure.
gron-0.6.1-2.fc34
FEDORA-2022-53f0c619c5
Packages in this update:
gron-0.6.1-2.fc34
Update description:
Security fix for CVE-2022-28327
Phishing gang that stole over 400,000 Euros busted in Spain
Spanish police say that they have dismantled a phishing gang operating across the country, following the arrest of 13 people and the announcement that they are investigating a further seven suspects.
Read more in my article on the Tripwire State of Security blog.
How State and Local Governments Can Bolster their Cyber Defenses
Cyber security leaders of U.S. cities and states must protect their systems and data from nation-state attackers, including Russian hackers.
President Biden has warned of potential Russian cyberattacks against the U.S. as part of Russia’s ongoing conflict with Ukraine. In addition to alerting U.S. companies and critical infrastructure providers, President Biden has also warned state and local governments, saying they too must immediately harden their cyber defenses.
Specifically, the President sent letters to each governor asking them to increase oversight of their states’ critical infrastructure and offering assistance from the federal government to help each state shore up their cybersecurity defenses. The letter referenced the May 2021 Executive Order on Improving the Nation’s Cybersecurity, which established a set of essential, baseline standards for federal agencies to adopt, and urged state leaders to implement the same standards to secure their state’s computer systems and critical infrastructure. These standards include conducting exercises to plan and prepare for cyberattacks, and ensuring that systems are patched and up to date to protect against vulnerability exploits.
Malicious cyber actors, whether related to Russia’s attack on Ukraine or not, will continue to strike, especially when targets are distracted or unprepared. Fortifying cyber defenses does not happen overnight, but there are strategies state and local governments can employ to make their systems more secure against nation-state threats.
Invest in risk-based vulnerability management: The rise of nation state cyber threats makes it imperative for state and local governments to prioritize cybersecurity efforts where they are needed most rather than trying to find and patch every vulnerability. Risk-based VM scans help prioritize the vulnerabilities that pose the biggest risk to state and local government entities if they’re exploited by attackers. Leveraging risk-based VM, state and local governments can protect their citizens, data and systems from cyber attacks.
Safeguard state and local critical infrastructure: As IT/OT environments converge, cyber attack landscapes expand rapidly. Government entities must employ tools to proactively identify IT/OT weaknesses and protect critical infrastructure from cyber attacks. Visibility, threat tracking and situational awareness are essential to securing critical infrastructure.
Implement a zero-trust strategy: Take a ‘trust no one’ policy to disrupt attack paths and secure state and local governments against cyber attacks. Verifying everything before granting access to various networks and systems prevents attacks that leverage misconfigurations, and continuously assesses which resources are susceptible to a breach.
Secure your Active Directory: As the master key to an organization’s system and network privileges, Active Directory is a prime target for attackers looking to gain administrator privileges and engage in lateral movement. To keep AD safe and secure, state and local governments should enforce local administrator password solutions (LAPS) and privileged access management (PAM), and promote cybersecurity best practices such as multi-factor authentication and strong password policies.
For state and local governments facing mounting risks of cyber attacks to their information systems and critical infrastructure, the strategies laid out above are a great way to get started, but by no means a comprehensive list. Do not be caught off guard, Tenable can help you remain vigilant of cyber threats.
Find out how state and local governments can defend against ransomware.
Oracle Security Alert for CVE-2022-21500 – 19 May 2022
Enterprises report rise in risk events, yet risk management lags
Enterprises around the world are being barraged by risk events, according to a report released Wednesday by Forrester. The State of Risk Management 2022 report, which is based on a survey of 360 enterprise risk management decision makers in North America and Europe, found that 41% of organizations have experienced three or more critical risk events in the last 12 months.
Risk events, incidents and disruptions have become so frequent that the increased level of risk is the “new normal,” Forrester reported. Nearly half the participants in the survey (44%) confirmed that enterprise risk has increased over the last year, although that varies by region. For example, 64% of North American respondents confirmed an increase in risk, while only 37% of European respondents did.
CVE-2021-32934
The affected ThroughTek P2P products (SDKs using versions before 3.1.5, any versions with nossl tag, device firmware not using AuthKey for IOTC conneciton, firmware using AVAPI module without enabling DTLS mechanism, and firmware using P2PTunnel or RDT module) do not sufficiently protect data transferred between the local device and ThroughTek servers. This can allow an attacker to access sensitive information, such as camera feeds.