Tuesday, October 3, 2023

BleepingComputer.com

"Microsoft Edge, Teams get fixes for zero-day in open-source libraries."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents. Accessed on 03 October 2023, 1504 UTC. Content provided by "BleepingComputer.com."

Source: https://www.bleepingcomputer.com/ ("BleepingComputer.com").

Please click link or scroll down to read your selections. Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

LATEST ARTICLES

MICROSOFT, SECURITY

Microsoft Edge, Teams get fixes for zero-days in open-source libraries

Microsoft released emergency security updates for Edge, Teams, and Skype to patch two zero-day vulnerabilities in open-source libraries used by the three products.
SERGIU GATLAN

OCTOBER 03, 2023

10:54 AM

0

SECURITY

EvilProxy uses indeed.com open redirect for Microsoft 365 phishing

A recently uncovered phishing campaign is targeting Microsoft 365 accounts of key executives in U.S.-based organizations by abusing open redirects from the Indeed employment website for job listings.
BILL TOULAS

OCTOBER 03, 2023

09:00 AM

1

SECURITY, SOFTWARE

Microsoft Defender no longer flags Tor Browser as malware

For Windows users who frequently use the TorBrowser, there's been a pressing concern. Recent versions of the TorBrowser, specifically because of the tor.exe file it contained, were being flagged as potential threats by Windows Defender.
MAYANK PARMAR

OCTOBER 02, 2023

06:33 PM

1

SECURITY

Exim patches three of six zero-day bugs disclosed last week

Exim developers have released patches for three of the zero-days disclosed last week through Trend Micro's Zero Day Initiative (ZDI), one of them allowing unauthenticated attackers to gain remote code execution.
SERGIU GATLAN

OCTOBER 02, 2023

05:50 PM

0

SECURITY

New BunnyLoader threat emerges as a feature-rich malware-as-a-service

Security researchers discovered a new malware-as-a-service (MaaS) named 'BunnyLoader' advertised on multiple hacker forums as a fileless loader that can steal and replace the contents of the system clipboard.
BILL TOULAS

OCTOBER 02, 2023

03:59 PM

1

SECURITY

Ransomware gangs now exploiting critical TeamCity RCE flaw

Ransomware gangs are now targeting a recently patched critical vulnerability in JetBrains' TeamCity continuous integration and deployment server.
SERGIU GATLAN

OCTOBER 02, 2023

03:32 PM

0

SECURITY

Exploit available for critical WS_FTP bug exploited in attacks

Over the weekend, security researchers released a proof-of-concept (PoC) exploit for a maximum severity remote code execution vulnerability in Progress Software's WS_FTP Server file sharing platform.
SERGIU GATLAN

OCTOBER 02, 2023

01:11 PM

0

SECURITY, MOBILE

Arm warns of Mali GPU flaws likely exploited in targeted attacks

Arm in a security advisory today is warning of an actively exploited vulnerability affecting the widely-used Mali GPU drivers.
BILL TOULAS

OCTOBER 02, 2023

12:37 PM

0

SECURITY

Motel One discloses data breach following ransomware attack

The Motel One Group has announced that it has been targeted by ransomware actors who managed to steal some customer data, including the details of 150 credit cards.
BILL TOULAS

OCTOBER 02, 2023

11:10 AM

0

SECURITY

FBI warns of surge in 'phantom hacker' scams impacting elderly

The FBI issued a public service announcement warning of a significant increase in 'phantom hacker' scams targeting senior citizens across the United States.
SERGIU GATLAN

OCTOBER 02, 2023

11:01 AM

0

SECURITY, TECHNOLOGY

Amazon sends Mastercard, Google Play gift card order emails by mistake

Amazon mistakenly sent out purchase confirmation emails for Hotels.com, Google Play, and Mastercard gift cards to customers, making many worried their accounts were compromised.
LAWRENCE ABRAMS

OCTOBER 01, 2023

02:23 PM

2

SECURITY

Meet LostTrust ransomware — A likely rebrand of the MetaEncryptor gang

The LostTrust ransomware operation is believed to be a rebrand of MetaEncryptor, utilizing almost identical data leak sites and encryptors.
LAWRENCE ABRAMS

OCTOBER 01, 2023

11:17 AM

1

SECURITY

New Marvin attack revives 25-year-old decryption flaw in RSA

A flaw related to the PKCS #1 v1.5 padding in SSL servers discovered in 1998 and believed to have been resolved still impacts several widely-used projects today.
BILL TOULAS

OCTOBER 01, 2023

10:16 AM

1

SECURITY

Cloudflare DDoS protections ironically bypassed using Cloudflare

Cloudflare's Firewall and DDoS prevention can be bypassed through a specific attack process that leverages logic flaws in cross-tenant security controls.
BILL TOULAS

SEPTEMBER 30, 2023

10:16 AM

5

MICROSOFT

Microsoft fixes Outlook prompts to reopen closed windows

Microsoft has resolved a known issue that caused Outlook Desktop to unexpectedly prompt users to reopen previously closed windows.
SERGIU GATLAN

SEPTEMBER 30, 2023

10:09 AM

0

SECURITY

The Week in Ransomware - September 29th 2023 - Dark Angels

This week has been a busy ransomware week, with ransomware attacks having a massive impact on organizations and the fallout of the MOVEit breaches to be disclosed.
LAWRENCE ABRAMS

SEPTEMBER 29, 2023

05:50 PM

1

SECURITY

Millions of Exim mail servers exposed to zero-day RCE attacks

A critical zero-day vulnerability in all versions of Exim mail transfer agent (MTA) software can let unauthenticated attackers gain remote code execution (RCE) on Internet-exposed servers.
SERGIU GATLAN

SEPTEMBER 29, 2023

04:11 PM

2
1

2

3

4

5

VIEW MORE

Monday, October 2, 2023

Cyber Hawaii-October 2023 Newsletter.

"October is Cybersecurity Awareness Month."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents. Accessed on 02 October 2023, 2029 UTC.

Content supplied by email subscription to "Cyber Hawaii."

Source: https://mail.google.com/mail/u/0/#inbox/FMfcgzGtxSvvZhGRjgcsJZlZsXMVNzDq ("Cyber Hawaii-October 2023 Newsletter").

Please click link or scroll down to read your selections. Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

October 2023
Special Newsletter
October 02, 2023

October is Cybersecurity Awareness Month

Aloha,

With Cybersecurity Awareness Month upon us, I wanted to remind everyone that there are many resources out there that can be used to keep our small business partners and our family/friends safe when they venture online. While we talk about the intricacies of the last cyber threat actors and how they take advantage of vulnerabilities found in even our security products as part of our jobs, it’s important to remember that much of this discussion goes over the heads of many of our employees and members of the public. Speaking in a language that lay people can understand is critical, whether it's to small businesses, employees or family and friends.

Per CISA, this year’s theme for Cyber Security Awareness Month is “secure our world”, which on the surface seems like a pretty ambitious goal. The world is so complex and contains a seemingly limitless number of vulnerabilities that setting such a broad goal might seem daunting to most.

Their description goes on to say, however, that one of the keys is for us is to focus on things we can do every day to improve, rather than get intimidated by the big picture. By doing this we build security into our everyday lives and makes it less of a “technical” topic we need to be intimidated by. This approach also reminds everyone that there is always something they can do to make themselves, their business and their family safer.

CISA has focused on the following four security controls

  Strong Passwords
  Use of Multi-Factor Authentication (MFA)
  Recognition and Reporting of Phishing attacks
  Patch Management

During the month of October, take a moment to talk to someone you don’t normally talk to about one or more of these topics and encourage them to build them into their every day routine. By doing this we’ll hopefully get everyone to realize that security is a shared responsibility and this will perhaps move us forward towards the aspirational goal to “secure our world.”


Mahalo,

RESOURCES YOU CAN SHARE
In recognition of their 20th year, CISA announced a new enduring cybersecurity awareness program, Secure Our World. Secure Our World reflects a new enduring message to be integrated across the Cybersecurity and Infrastructure Security Agency’s (CISA) awareness campaigns and programs, and encourages all of us to take action each day to protect ourselves when online or using connected devices.

The program promotes behavioral change across the Nation, with a particular focus on how individuals, families and small to medium-sized businesses can Secure Our World by focusing on the four critical actions below. Secure Our World is the theme for this year’s Cybersecurity Awareness Month and will remain the enduring theme for future awareness month campaigns.

https://www.cisa.gov/cybersecurity-awareness-month
CyberSecure My Business™ is a national program helping small and medium-sized businesses (SMBs) learn to be safer and more secure online.

The program is a series of in-person, highly interactive and easy-to-understand workshops based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework to educate the SMB community about:

Identifying and understanding which business assets (“digital crown jewels”) others want
Learning how to protect those assets
Detecting when something has gone wrong
Responding quickly to minimize impact and implement an action plan
Learning what resources are needed to recover after a breach

CyberSecure My Business™ is a program offered by the National Cybersecurity Alliance, a non-profit whose mission is to make the online space a safer place.

https://staysafeonline.org/programs/cybersecure-my-business/

Cyber Readiness Institute

The Cyber Readiness Institute (CRI) is a national non-profit that provides information for small businesses on how to implement a secure information technology infrastructure by focusing on four core security controls. CyberHawaii continues to partner with this organization to provide training and certifications to SMB’s in Hawaii. Apple and Microsoft have adopted CRI’s training material for their own use with their suppliers. https://cyberreadinessinstitute.org/

Hawaii State Cybersecurity Program Plan

Hawaii Department of Defense
Office of Homeland Security (OHS)
Planning & Operations Branch

CyberHawaii is currently participating in the process to define and implement the state cybersecurity program plan. https://dod.hawaii.gov/ohs/cyber

Threat Assessment Grant

University of Hawaii West Oahu

The grants awarded to the University of Hawaii West Oahu by the U.S. Department of Homeland Security focus on raising awareness of threat assessment techniques and the establishment of threat assessment teams to help prevent domestic terrorism actions. CyberHawaii participated in this training.

https://www.hawaii.edu/news/2023/07/17/threat-assessment-conference/

Bachelor’s in Cybersecurity

University of Hawaii West Oahu

The Bachelor of Science in Cybersecurity provides students with an advanced cybersecurity education in information security, mathematics, computer science, and computer engineering. This technical cybersecurity degree program prepares students to meet the advanced cybersecurity workforce requirements of public sector agencies and private sector enterprises. Degrees include:

•        AS degree in CSNT at Honolulu Community College
•        AS in ICS at Leeward Community College
•        AS in Information Technology at Kapi‘olani Community College
•        AS in Natural Science with a concentration in Information and Communication Technology at
Windward Community College

The Bachelor of Science in Cybersecurity offers a concentration in Cyber Operations.

https://westoahu.hawaii.edu/academics/degrees/cybersecurity/

Information Technology & Cybersecurity Fundamentals

Kapiolani Community College

Introduction to IT and A+ Certification Exam Prep
This course prepares those with little or no Information Technology (IT) experience and interested in taking the CompTIA A+ Certification Exam which can lead to entry-level support positions in IT such as a Help Desk Specialist, IT Support Specialist, and IT Business Analyst.

Cyber Fundamentals and Security+ Certification Exam Prep
This course is to prepare those interested in developing entry-level skills, knowledge and ability to protect and defend the network systems in a cybersecurity environment and interested in taking the CompTIA Security + Certification Exam which can lead to an entry-level position such as an Information Security Analyst.

https://continuinged.kapiolani.hawaii.edu/cybersecurity/
CyberHawaii | www.cyberhawaii.org

Subscribe to: Posts (Atom)