A team of researchers found two vulnerabilities in Microsoft’s Azure PostgreSQL Flexible Server that when chained together allowed them to access the PostgreSQL databases of other cloud tenants. The attack, dubbed ExtraReplica because it abused functionality related to database replication, combines a privilege escalation vulnerability that gave them the ability to execute code inside the container hosting their own database and another authentication bypass issue that allowed them to abuse the system’s replication service to access other users’ databases.
A maker of enterprise software for Apple’s ecosystem announced a half-dozen new products and enhancements at an online event Tuesday. Jamf maintained the new offerings would help organizations create an enterprise-secure, consumer-simple environment that protects personal privacy.
Three new features were added to the company’s endpoint and network security platform, Jamf Protect. They include network threat protection, which allows endpoints to report network-based indicators of compromise, comprehensive logging of endpoint and network security events, and removable storage controls to ensure that sensitive data is written to USB mass media drives.
Global cybersecurity authorities have published a joint advisory on the 15 Common Vulnerabilities and Exposures (CVEs) most routinely exploited by malicious cyber actors in 2021. The advisory is co-authored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), U.S. National Security Agency (NSA), U.S. Federal Bureau of Investigation (FBI), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), New Zealand National Cyber Security Centre (NZ NCSC), and United Kingdom’s National Cyber Security Centre (NCSC-UK).
The advisory warned that malicious cyber actors aggressively targeted newly disclosed critical software vulnerabilities against broad target sets, including public and private sector organizations worldwide, last year. What’s more, malicious actors also continued to exploit publicly known, dated software vulnerabilities.
Several threat groups believed to be initial access facilitators for some ransomware gangs are transitioning to a new first-stage malware downloader dubbed Bumblebee. The groups previously used other downloaders like BazaLoader and IcedID.
According to researchers from security firm Proofpoint, Bumblebee email-based distribution campaigns started in March and were linked back to at least three known attack groups. The malware is used to deploy known penetration testing implants such as Cobalt Strike, Sliver and Meterpreter. Attackers have adopted these attack frameworks and other open-source dual-use tools in recent years to engage in hands-on manual hacking and lateral movement through victim networks.
Phishing continues to be one of the primary attack mechanisms for bad actors with a variety of endgames in mind, in large part because phishing attacks are trivial to launch and difficult to fully protect against. Some phishing attacks target customers rather than employees, and others simply aim to damage your corporate reputation rather than compromise your systems. A key factor in protecting your business from phishing is to understand your vulnerabilities, weigh the potential risk to your business, and decide what tools offer the best protection to match your business needs.
Why phishing is successful
Most phishing attacks are less about the technology and more about social engineering. It’s amazing how easily humans are manipulated when emotions are triggered. Many modern phishing emails play on empathy or fear, or even make hostile accusations in order to trigger an angry response.
Members of The Bored Ape Yacht Club get that sinking feeling, a face unwittingly launches hundreds of romance scams, and is an as-yet unseen Kim Kardashian sex tape a load of old Roblox?
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by BBC cyber correspondent Joe Tidy.
The United States has made it $10 million harder to keep your mouth shut, if you happen to have any information about the Russian military hackers who masterminded the notorious NotPetya cyber attack.
Read more in my article on the Hot for Security blog.
