The flaws affected the Flexlan FX3000 and FX2000 series wireless LAN devices made by Contec

Read More

Eset also said the same university was targeted during student protests in May 2020

Read More

Devsecops firm AutoRabit is trying to address security issues arising from policy changes and misconfigurations in Salesforce environments with a new offering, CodeScan Shield.

CodeScan Shield is the next iteration of AutoRabit’s static code analysis tool, CodeScan, and elevates the capabilities of CodeScan with the help of a new module called OrgScan.  The new module governs organizational policies by enforcing the security and compliance rules mandated for Salesforce environments.

With OrgScan, a dashboard is created at the end of each scan and identifies any areas of concern. This puts the control back in an organization’s hands, saving time and money, the company said.

To read this article in full, please click here

Read More

The report also suggested the Android spyware Joker took third place in the mobile index

Read More

CVE-2022-40139: Vulnerability in Trend Micro Apex One Exploited in the Wild

Trend Micro has patched six vulnerabilities in its Apex One on-prem and software-as-a-service products, one of which has been exploited in the wild.

Background

On September 2, Trend Micro released an advisory for several vulnerabilities in its Apex One and Apex One software-as-a-service (SaaS) products which are used for agent-based threat detection and response.

There is a fairly robust history of Apex One zero days. A little over a year ago, Trend Micro disclosed reports of two other zero days: CVE-2021-36741, an arbitrary file upload vulnerability, and CVE-2021-36742, a local privilege escalation. The Cybersecurity and Infrastructure Security Agency lists six vulnerabilities in Apex One in its Catalog of Known Exploited Vulnerabilities (KEV).

Analysis

CVE-2022-40139 is an improper validation vulnerability in the “rollback” functionality which is used to revert Apex One agents to older versions. The vulnerability exists because Apex One agents are able download unverified components which could lead to code execution. While this vulnerability can only be exploited by an attacker with access to the Apex One administrative console, there have been reports of active exploitation.

It is also worth noting that other vulnerabilities patched in this release (and legacy vulnerabilities) could provide the administrative access required to exploit CVE-2022-40139. However, there is no indication that the other CVEs patched in this release have been exploited, yet.

Solution

The specific versions to resolve these vulnerabilities are listed below, though Trend Micro’s advisory notes that some of the vulnerabilities disclosed may have been patched in earlier releases for the SaaS product.

Identifying affected systems

A list of Tenable plugins to identify these vulnerabilities can be found here.

Get more information

Trend Micro Apex One September 2022 Security Bulletin
Trend Micro Apex One July 2021 Security Bulletin

Join Tenable’s Security Response Team on the Tenable Community.

Learn more about Tenable, the first Cyber Exposure platform for holistic management of your modern attack surface.

Get a free 30-day trial of Tenable.io Vulnerability Management.

Read More

A total 75% of organizations across North America, Asia Pacific and EMEA plan to consolidate the number of security vendors they use, a Gartner survey of 418 respondents found. That percentage has increased significantly, as only 29% were looking to consolidate vendors in 2020. The main reasons are an increase in dissatisfaction with operational inefficiencies and lack of integration of a heterogenous security stack, the survey found.

Companies look to reduce the number of vendors they work with in key areas like secure access service edge (SASE) and extended detection and response (XDR). The survey found that 57% of organizations are working with fewer than ten vendors for their security needs.

To read this article in full, please click here

Read More

Unified container and cloud security firm Sysdig on Wednesday launched its cloud security posture management (CSPM) offering, which aggregates security findings by root cause and prioritizes remediation based on impact. The new offering consists of  ToDo, an actionable checklist showing prioritized risks, and Remediation Guru, which offers guided remediation at the source. 

“We consistently hear from prospects that the cloud security tools they are familiar with inundate teams with alerts and findings. Compounding the issue is cutting through the noise to know where to devote resources,” said Maya Levine, product manager at Sysdig. 

To read this article in full, please click here

Read More

Insider threats are an ongoing menace that enterprise security teams need to handle. It’s a global problem but especially acute in the US—with 47 million Americans quitting their jobs in 2021, the threat of ex-employees taking sensitive information to competitors, selling it to criminals in exchange for cash, and leaking files to media is making data exfiltration a growing concern.  

About 1.4 million people who handle sensitive information in their organization globally were tracked over the period from January to June 30 this year by cybersecurity firm Cyberhaven to find out when, how and who is involved in data exfiltration.

On average, 2.5% of employees exfiltrate sensitive information in a month, but over a six-month period, nearly one in 10, or 9.4% of employees, do so, Cyberhaven noted in its report. Data exfiltration incident occurs when data is transferred outside the organization in unapproved ways.

To read this article in full, please click here

Read More

One of the most prolific state-sponsored Iranian cyber espionage groups is targeting researchers from different fields by setting up sophisticated spear-phishing lures in which they use multiple fake personas inside the same email thread for increased credibility.

Security firm Proofpoint tracks the group as TA453, but it overlaps with activity that other companies have attributed to Charming Kitten, PHOSPHORUS and APT42. Incident response company Mandiant recently reported with medium confidence that APT42 operates on behalf of the Islamic Revolutionary Guard Corps (IRGC)’s Intelligence Organization (IRGC-IO) and specializes in highly targeted social engineering.

To read this article in full, please click here

Read More

Currently, there are two main roles that ISACs can serve in the software supply chain assurance process. Let’s examine both.

Read More