CVE-2021-26738

Read Time:9 Second

Zscaler Client Connector for macOS prior to 3.7 had an unquoted search path vulnerability via the PATH variable. A local adversary may be able to execute code with root privileges.

Read More

CVE-2021-26737

Read Time:11 Second

The Zscaler Client Connector for macOS prior to 3.6 did not sufficiently validate RPC clients. A local adversary without sufficient privileges may be able to shutdown the Zscaler tunnel by exploiting a race condition.

Read More

CVE-2021-26736

Read Time:11 Second

Multiple vulnerabilities in the Zscaler Client Connector Installer and Uninstaller for Windows prior to 3.6 allowed execution of binaries from a low privileged path. A local adversary may be able to execute code with SYSTEM privileges.

Read More

CVE-2021-26735

Read Time:9 Second

The Zscaler Client Connector Installer and Unsintallers for Windows prior to 3.6 had an unquoted search path vulnerability. A local adversary may be able to execute code with SYSTEM privileges.

Read More

CVE-2021-26734

Read Time:9 Second

Zscaler Client Connector Installer on Windows before version 3.4.0.124 improperly handled directory junctions during uninstallation. A local adversary may be able to delete folders in an elevated context.

Read More

USN-6447-1: AOM vulnerabilities

Read Time:18 Second

It was discovered that AOM incorrectly handled certain inputs. If a user or an
automated system were tricked into opening a specially crafted input file, a
remote attacker could possibly use this issue to cause a denial of service.
(CVE-2020-36130, CVE-2020-36131, CVE-2020-36133, CVE-2020-36135,
CVE-2021-30473, CVE-2021-30474, CVE-2021-30475)

Read More

NJ Man Hired Online to Firebomb, Shoot at Homes Gets 13 Years in Prison

Read Time:2 Minute, 53 Second

A 22-year-old New Jersey man has been sentenced to more than 13 years in prison for participating in a firebombing and a shooting at homes in Pennsylvania last year. Patrick McGovern-Allen was the subject of a Sept. 4, 2022 story here about the emergence of “violence-as-a-service” offerings, where random people from the Internet hire themselves out to perform a variety of local, physical attacks, including firebombing a home, “bricking” windows, slashing tires, or performing a drive-by shooting at someone’s residence.

McGovern-Allen, of Egg Harbor Township, N.J., was arrested Aug. 12, 2022 on an FBI warrant, which showed he was part of a group of cybercriminals who are settling scores with one another by hiring people to carry out violent attacks on their rivals.

That Sept. 2022 story about his arrest included links to two videos released on Telegram that were recorded and shared by McGovern-Allen and/or a co-conspirator as “proof” that they had carried out the attacks as hired.

The first showed two young men tossing a Molotov Cocktail at the side of a residence in Abington Township, Pa, setting it ablaze. The second featured two men with handguns unloading multiple rounds haphazardly into the first story of a house in West Chester, Pa. Fortunately in both cases, the occupants of the homes were unharmed in the attacks.

Federal prosecutors said McGovern-Allen went by the alias “Tongue” on Discord, and that in one chat he was quite explicit about his violence-as-a-service offering.

“In the chats, [Tongue] tells other Discord users that he was the person who shot K.M.’s house and that he was willing to commit firebombings using Molotov Cocktails,” the complaint against McGovern-Allen explains. “For example, in one Discord chat from March 2022, [the defendant] states ‘if you need anything done for $ lmk [“let me know”]/I did a shooting/Molotov/but I can also do things for ur entertainment.”

The chat channels that Tongue frequented have hundreds to thousands of members each, and some of the more interesting solicitations on these communities are job offers for in-person assignments and tasks that can be found if one searches for posts titled, “If you live near,” or “IRL job” — short for “in real life” job. A number of these classified ads are in service of performing “brickings,” where someone is hired to visit a specific address and toss a brick through the target’s window.

McGovern-Allen was in the news not long ago. According to a Sept. 2020 story from The Press of Atlantic City, a then 19-year-old Patrick McGovern-Allen was injured after driving into a building and forcing residents from their home.

“Police found a 2007 Lexus, driven by Patrick McGovern-Allen, 19, that had lost control and left the road, crashing into the eastern end of the 1600 building,” the story recounted. “The car was driven through the steps that provide access to the second-floor apartments, destroying them, and also caused damage to the outer wall.”

A copy of McGovern-Allen’s sentencing statement says he pleaded guilty to three criminal counts, including two for stalking, and one for the use of fire in commission of a federal felony. The judge in the case gave McGovern-Allen 160 months in prison — about 13.3 years. After completing his sentence, McGovern-Allen will be on supervised release for three years.

Read More

Business continuity planning: Looking back or ahead

Read Time:3 Minute, 58 Second

In September 2023, cybercriminals launched an extensive ransomware attack that disrupted several major businesses in the Las Vegas Casino Business/District. The attack shook the city and stopped consumer goods and services for several hours. The attack influenced security, visitor services, and financial activities. Businesses lost money and long-term reputational risks ensued. 

Increasing op tempo

A company can keep running after a disruption if it has a comprehensive Business Continuity Plan (BCP) that includes risk assessments, Business Impact Assessments (BIAs), and recovery strategies. A BCP is needed to minimize risk apprehensions, reduce financial loss, and maintain continuous business operations.

A business impact analysis (BIA) must be part of Business Continuity Plans (BCPs). The plan sets recovery time and point goals, ranks the most important processes, and figures out how delays will affect business functions. BIAs help organizations figure out what tools and plans they need for recovery. Disaster Recovery Plans, or DRPs, lay out how a business will handle and rebound from a disaster. It includes tools for recovering systems, data, and infrastructure. A complete, well-tested DRP is necessary to keep problems to a minimum and get services back up and running quickly.

To stay safe from cyber threats, businesses need to put their operating security footprint at the top of their list of priorities. In this way, networks, systems, apps, and data are kept safe. Data breaches and unauthorized access are less likely to happen with firewalls, intrusion detection systems, and encryption methods.

Rearview

The ransomware attack on the Las Vegas Casino Business/District in September 2023 shows that current risk management methods need to be looked at and updated. These steps cut down on operational disruptions, keep customer goods and services safe, and speed up the recovery of mission-critical systems. Being operationally ready is important for protecting your business and preparing for the unexpected.

The most common way for threat players to take over a company’s resources, assets, and people is through ransomware attacks. Recent statistics show that strong holding the most sought-after security principles can disrupt present business operations:

The State of Ransomware Report in the US says that the average ransomware attack costs $8.1 million and takes 287 days to fix (Emsisoft, 2021).
The number of ransom payments made by victims rose by 311% in 2020 (Crypto Crime Report, 2021).

Going forward

Ransomware attacks affect people all over the world, resulting in huge financial losses costs – compiled worldwide topping $20 billion in 2020. The COVID-19 pandemic has given hackers new avenues and threat vectors to hack, crack, and exploit. It is imperative for businesses to strengthen the home front to gain home-field advantage against cyber threat actors.  Having a comprehensive, repeatable, verifiable disaster recovery and business continuity plan minimizes the economic impact plus lessens the severity of disruption and damage to the organization. Therefore, business establishments should prioritize preventative measures and mitigation strategies.

Strategic priorities

Organizations should put ransomware prevention and mitigation strategies at the top of their list of priorities because the threat is rising.

Make sure you have a safe copy of your important systems and files, either locally or in the cloud.
Use endpoint security, firewalls, and intrusion monitoring tools that are strong.
Do vulnerability reviews and scans daily to find and fix weaknesses.
Plan for what to do if you need to recover from ransomware.
Up-to-date patching techniques make sure that systems and software have the most recent security patches and updates.
Think about getting cybersecurity insurance.

Ransomware attacks are still a threat to both the government and businesses, with big financial and practical effects. To stop these attacks, businesses need to be hyper-aware, vigilant, take strong precautions, and have good business continuity plans and risk strategies for dealing with serious threats with minimal operational and financial consequences. By investing in cybersecurity and adopting best practices, organizations can enhance resilience and minimize the impact of ransomware incidents.

Finally, there are three important cybersecurity strategies that can help leaders protect using overlapping attacking and defensive styles. These strategies cover strategic, operational, and tactical points of view.  Long-term plans, like raising knowledge about security, making partnerships, and putting in place security frameworks, should be used for strategic goals.

When you switch to operational objectives or action-based plans, you need to plan for how to respond to incidents, teach people about security, and handle vulnerabilities. As we move to the last level, tactical goals include focusing on specific actions and defenses to deal with instant cyber threats. These could include patch management, access controls, and encryption to lower risks and handle incidents. When used with a strong business continuity plan, these all-around, well-proven strategies can help build and improve a comprehensive cybersecurity program.

Read More