Tag CVE Count CVEs windows Workstation Service 1 CVE-2022-38034 Microsoft Office Word 2 CVE-2022-38049, CVE-2022-41031 windows USB Serial Driver 1 CVE-2022-38030 windows Mobile Device Enumerator Services 1 CVE-2022-38032 windows Group policy 1 CVE-2022-37975 windows LSM: Local Session Coordinator 2 CVE-2022-37998, CVE-2022-37973 windows Distributed File System 1 CVE-2022-38025 windows Protocol for Internet Key Exchange (IKE). 1 CVE-2022-38036 Active Directory Domain Services 1 CVE-2022-38042 Microsoft Office SharePoint 4 CVE-2022-41036, CVE-2022-41037, CVE-2022-38053, CVE-2022-41038 Remote Access Service Point-to-Point Tunneling Protocol 1 CVE-2022-37965 windows Manage your web account 1 CVE-2022-38046 Visual Studio Code 3 CVE-2022-41034, CVE-2022-41083, CVE-2022-41042 windows Perception Simulation Service 1 CVE-2022-37974 windows Secure Channel 1 CVE-2022-38041 windows Telemetry and connected user experiences 1 CVE-2022-38021 windows Security Support Provider Interface 1 CVE-2022-38043 Microsoft Graphics Component 5 CVE-2022-33635, CVE-2022-37986, CVE-2022-38051, CVE-2022-37985, CVE-2022-37997 windows Kernel 8 CVE-2022-38022, CVE-2022-37988, CVE-2022-38037, CVE-2022-38038, CVE-2022-37990, CVE-2022-38039, CVE-2022-37991, CVE-2022-37995 windows DWM Core Library 2 CVE-2022-37970, CVE-2022-37983 windows Subsystem Service for Local Security Authorities (LSASS). 1 CVE-2022-37977 windows Point-to-Point Tunneling Protocol 7 CVE-2022-30198, CVE-2022-22035, CVE-2022-24504, CVE-2022-33634, CVE-2022-38047, CVE-2022-38000, CVE-2022-41081 Microsoft Office 3 CVE-2022-38048, CVE-2022-38001, CVE-2022-41043 windows Driver ODBC 1 CVE-2022-38040 Client NuGet 1 CVE-2022-41032 Client Server Run-time System (CSRSS). 2 CVE-2022-37987, CVE-2022-37989 windows Defender 1 CVE-2022-37971 windows NTLM 1 CVE-2022-35770 windows CryptoAPI 1 CVE-2022-34689 windows Local Security Authority (LSA). 1 CVE-2022-38016 windows Client Preference Group Policy 3 CVE-2022-37999, CVE-2022-37993, CVE-2022-37994 windows Event Logging Service 1 CVE-2022-37981 Microsoft WDAC OLE DB provider for SQL 2 CVE-2022-37982, CVE-2022-38031 windows Active Directory Certificate Services 2 CVE-2022-37976, CVE-2022-37978 Service Fabric 1 CVE-2022-35829 windows Win32K 1 CVE-2022-38050 Azure 1 CVE-2022-38017 windows TCP/IP 1 CVE-2022-33645 windows Resilient File System – ReFS 1 CVE-2022-38003 windows Remotely accessible Registry Keys for Servers 1 CVE-2022-38033 windows Service COM+ Event System 1 CVE-2022-41033 windows Server service 1 CVE-2022-38045 windows Print Spooler Parts 1 CVE-2022-38028 Role: windows Hyper-V 1 CVE-2022-37979 windows Storage 1 CVE-2022-38027 windows WLAN Service 1 CVE-2022-37984 Microsoft Edge (Chromium-based). 12 CVE-2022-3304, CVE-2022-3307, CVE-2022-3308, CVE-2022-3310, CVE-2022-3311, CVE-2022-3313, CVE-2022-3315, CVE-2022-3316, CVE-2022-3317, CVE-2022-3370, CVE-2022-3373, CVE-2022-41035 Azure Arc 1 CVE-2022-37968 windows ALPC 1 CVE-2022-38029 windows DHCP Client 2 CVE-2022-38026, CVE-2022-37980 windows Driver CD-ROM 1 CVE-2022-38044 windows NTFS 1 CVE-2022-37996

Poland is preparing for the August 2023 Presidential Elections in a highly volatile geopolitical climate. The war in Ukraine has caused more than 3 million people to flee Ukraine. The new energy crisis has caused a rise in fuel costs and price inflation that is placing local economies at great risk. The future of Poland is being shaped by cyber threats.

Cyjax, a software company specializing in a specific field of work is Cyjax. thorough report This report offers insight and an evaluation of Poland’s cyber posture ahead the 2023 election. “With the importance of Poland strategically, as a developed market, and tactically through its economic and geographic position within the EU, we felt it was vital to provide people employed in and travelling to the country a holistic understanding of the risks posed by Cybercriminals towards them,” ” Chris SpinksCyjax Head, Operations. Following a thorough analysis of all the risk factors, the Cyjax team assesses that “the cyber risk to the Polish elections and to staff working in the country is Medium.”

Background Information

The Polish National Cyber Security Strategy (2019-2024) aims at “Increasing the level of resilience to cyber threats and protection of information in the public, military and private sectors, as well as promoting knowledge and good practices to enable the citizens to better protect information.” The Strategy details four objectives, namely:

1. A national cybersecurity system is being developed.
2. Enhancing resilience in both public and private sector information systems, and improving ability to respond to and prevent emergencies.
3. A national capacity to enhance its cybersecurity capabilities.
4. Poland’s Republic should have the ability to establish an international presence within cybersecurity.

Poland is also a signatory to the Cybercrime Convention of Council of Europe. However, the government is cognizant that additional investment is required to enhance the nation’s cybersecurity capabilities, and that new legislation will be necessary to assure the successful execution of any new measures.

Cyberattacks against computers and other devices are on the rise.

A 2022 survey called “Cyber Security Barometer,” carried out by the global consultancy KPMG, found that since 2021, 29% of Poland’s businesses have been the subject of at least one cyber-attack. This is 5 percent more cyber-attacks than in 2020.

“Cyberattacks increased in Poland by 5% but overall have remained below the global average of 8.8%,” notes Jovana Macakanja, Intelligence Analyst at Cyjax.

Numerous cyber-events that have been reported from Poland contain malware attacks, such as rootkits, viruses, trojans, and viruses. Ransomware is being used by hackers to launch malicious/phishing attacks on an increasing frequency.

This country is home to the majority of internet-hostile activities, including spamming and hate speech. The biggest threat facing Poland in 2020 is online abuse. Internet abuse can also result in illegal or hazardous information. This is not an emerging threat. However, there are concerns about illegal or harmful information.

Ukrainians were grateful for the support of Poland. reported in May 2022 DDoS attacks on domestic institutions have been increasing. These DDoS attacks can hinder the access of websites offering services. Russian hackers have admitted to being responsible for these attacks. However, it is not clear that they have had an impact on the Polish institutions.

Since the beginning of 2022, cyber-related incidents directly affected Poland. They were unrelated to the Ukrainian conflict.

• The state-sponsored North Korean threat group was formed on July 20, 2022. APT37 launched a fresh effort to disseminate the Konni RAT Targeted were high-value organizations in Poland and Czech Republic, along with other countries. Phishing mails were used to send malware in this instance.
• Cloudflare repelled a record-setting DDoS attack in June 2022 It was aimed at the media, internet and banking sectors in Poland and Russia.
• Researchers found that the virus had a second version in May 2022. ERMAC Android banking trojanERMAC2.0 was a Polish-specific attack that targeted Polish users. It was most often detected on fraudulent sites posing as prominent food delivery websites and fake browser upgrades.
• It BRATA Android malware The website was updated with new features in February 2022. To increase awareness, we targeted online banking customers in Latin America and Poland.

“It is possible that more terrorist acts will be committed as the 2023 elections approach. This could include both foreign and domestic actors working to alter the results.” comments Jovana Macakanja. “By following cybersecurity best practices you can reduce the risk to individuals’ lives, including using VPNs and not connecting to public WiFi networks.”

Important concern is the state surveillance of citizens

It is extremely concerning to see spyware software being used in monitoring state activities. While the government recognizes these risks, they cannot ignore them. initially rejected the accusations of using the spyware Pegasus in 2019Later on, the spokesperson admitted The government was accused of purchasing the software. Following the allegations, The Citizen Lab Two well-known members of the opposition had their phones infected with spyware repeatedly, it was found.

This, and other illegal practices are also prohibited by the governmental control of many Polish newspapers and TV stations In the context of the upcoming elections, these areas will be of concern. Similar instances of spyware being exposed in EU countries like Spain Greece, indicate that this is a threat to the very essence of democracy – the freedom of expression and the protection of human rights and dignity.

---

Editor’s Note: Tripwire, Inc. cannot be held responsible for guest author’s opinions.

I just walked out of room 716 at SecTor here in Toronto, where I shared details on my Raspberry Pi Pico project. I’m happy that I was finally able to share this and even happier to announce that the GitHub repo This code is now accessible to everyone. I won’t walk you through the code, but you can reach out to me Ask questions.  

Repo stores all data. As I mentioned in the announcement for my SecTor session, I looked at turning a Pico (or any device running an RP2040) into a Human Interface Device (HID). I started out creating a Stream Deck and had such a great time building that and turning it into a tool to teach Python to teens, that I decided to dig deeper into the functionality of the Pico’s HID functionality. SecTor 2021 was a demonstration of Picos which emulate keyboards, issue commands rapidly and display them on the screen. Over the past year, I’ve extended that and created example code.  

While BadUSB attacks are not new, I’m hoping that this makes them more accessible and opens the door for further education about how these attacks are performed and the damage they can do. To give security awareness training to employees, you can conceal these devices with USB-compatible gadgets. While they can service malicious individuals, there’s a lot of harmless fun that can be had demonstrating the dangers of these devices to non-technical individuals.  

Within the GitHub repo, you’ll find the keycode library (one already exists within CircuitPython, but I wasn’t happy with the approach it used), a template for the BadUSB attack, sample code, and plenty of example payloads. These tools are useful for both security awareness training and remote system administrators, who may need to send configurations out to non-networked systems. Anything you can do with a keyboard; you can do with a Pico using this code and that provides extensive flexibility and functionality.  

If you explore the repo or use the code, I’d love to hear how you are using it and what you think of the code. I’m sure there are plenty of improvements that could be made and I’m happy to hear your suggestions. Enjoy! 

Which security system would best suit your company?  This is the most frequently asked question by cybersecurity professionals.  It is not always an easy answer. This is in line with explanations regarding the fact there are many solutions and their advantages and disadvantages.  Cybersecurity professionals find it difficult to believe one solution will work for them. It is essential that they learn all the frameworks and decide which ones are most applicable to them.  Confirmation bias is often a problem. The C-Suite is then convinced by the one they choose.

A huge thanks to all the hard work of Central Bank of Egypt (CBE)This makes it much simpler to accomplish a lot.  The Egypt Financial Cybersecurity Framework combines many of the most well-respected frameworks and makes them available in one place.  CBE gathered the best practices and produced a document for the financial industry. CBE identified potential areas to tailor a cybersecurity structure to Egyptian needs.

CBE Framework graphics give a snapshot of all highlights. These controls can be linked to five functions.  This document also includes definitions of roles, responsibilities and team memberships. 

This framework provides the base for building cybersecurity capabilities within this vital sector. CBE is now launching a larger-scale initiative in order to create a resilient and secure cybersecurity infrastructure for the financial sector.  The framework includes security controls as the first level of compliance. Baselining and hardening involve completing prudent and specific tasks to reduce an organization’s attack surface.

CBE Framework has no impact on existing controls implementation methods.  The framework can also be implemented using existing tools.

Tripwire Enterprise Policy Manager proactively hardens systems by assessing configurations against internal and external security standards, benchmarks and industry regulations and continuously assesses changes against security, policy and compliance requirements for “good” vs. “bad” change and “policy drift”.

Tripwire Enterprise Policy Manager provides the largest range of policies and platforms in the sector. It includes all CBE Framework frameworks.

Tripwire Enterprise maps perfectly to the CBE Framework’s requirements and controls.

Identity and Access Management

Identity and Access Management aims to provision or revoke access for users and systems to operate on the organization’s enterprise. IAM serves another purpose. It makes sure core functions can still be done with minimum access.

Privacy and Data Protection

Data Protection and Privacy are about data integrity and privacy. Data protection has the goal to safeguard client data, intellectual property and personally identifiable information. This is true regardless of whether data is owned or used by employees.

App Security

Application Security was created to reduce the risk of software programs that are used in support of business operations. Application Security focuses on safeguarding applications from exploitation by adversaries throughout an application’s life.

Endpoint Security

The objective of Endpoint Security is to protect servers, desktops, and workstations that employees, third parties, and contractors use to connect to the organization’s network. To prevent breaches, endpoint security can use strict standards and technical controls.

• Malware infections
• Command and Control Activities
• Data exfiltration
• Ransomware/Data destruction
• Privilege escalation
• Lateral Movement

Network Security

Network Security concerns the protection of information and data while in transit. This also allows for proper network visibility. Malicious activity can only be corrected by authorized endpoints. Authorized endpoints have limited network access. To prevent these threats, comprehensive network security and technical controls are necessary.

Digital Channels

Digital Channels supports security controls needed to protect against threats to today’s technology and those on the horizon as society shifts towards a digital and largely cashless economy. It is particularly important for the financial industry, as it protects against identity theft and money laundering.

Cloud Security

Cloud Security aims to address unique risks posed by using Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), or Software-as-a-Service (SaaS) cloud computing offerings. Cloud Security addresses the following problems:

• Unauthorized Access
• Privacy
• Lateral movement between and within cloud tenants
• Virtualization vulnerabilities
• Expansive attack surface

Monitoring data integrity

To monitor for any changes to assets, integrity monitoring is necessary. It will enable you to regularly review the files and inform security personnel if any modifications are not authorized. Tripwire has several methods for identifying low-risk or high-risk files. This part is part the priority, prioritizing system that reconciles, reports on and report any changes detected. Auto-promoting changes in the business as usual reduces noise so IT can focus more on investigating security and risk-related changes.

Tripwire used its host-based intrusion detector software to detect changes in files or folders. Tripwire then added File Integrity Monitoring (FIM) to its solution. This allows Tripwire to monitor detailed system integrity including directories, files, registry, configuration parameters, DLLs, and directories. SIEM, an enterprise integration tool that provides intelligence for threat detection, is another option. This tool generates event data that is rich in context and helps to determine what immediate investigations are required. It allows for better alerting workflows, and correlations.

The CBE cybersecurity framework was carefully designed but it would be unrealistic to extend beyond Egypt’s borders.  Most countries would not accept this as an authority.  We can only wish this trend reverses.  However, regardless of this hesitancy of global recognition, it should be added to every cybersecurity professional’s list of reliable guidance.

Click here for more information about Egypt’s financial security framework.

An API (or programming interface) is a standard process that allows data to be shared between applications or programs. An API is an ensemble of guidelines and rules that regulate how data communications take place between clients, servers and other programs. APIs need to be able to identify what data is being shared. They also have requirements for authentication and encryption. how to It is yours to share.

It is possible to use APIs to enable users to login to a site using the credentials that they already have on websites like Facebook or Google. When payment information is transmitted using third party applications like PayPal, it’s called Third-Party Payments. These APIs enable data collection from an external program to make it easier to login to online payments or submit them.

APIs make it easier to shop online. These APIs make it easy to integrate businesses with organisations and allow them to communicate easily. Developers can create new ways to modify and update APIs. APIs combine information from multiple sources into one place, which makes it easier for users to find the data they need. Over the past year, APIs have increased in number by 221%. APIs can be hacked because they are practical and necessary. This is what same article that detailed the Salt Labs research report with recent API security trends, describes APIs as “the on-ramps to the digital world”.

API Security: What are the Biggest Threats?

Cybercriminals exploit the huge attack surface by increasing API traffic. The API traffic has increased 321% over the past twelve months. But, the API attack traffic has grown by 681 percent. API development happens quickly, so the landscape has rapidly changed. API security As the internet is constantly changing, it can be difficult to keep up with security procedures. API attacks can prove difficult to prevent because every attack is unique and involves probing for vulnerability.

API security is most at risk when an attacker tries to break object-level authorization. A hacker could modify the API object without informing the server. BOLA flaws cannot be detected by static or dynamic testing. These flaws allow criminal actors to alter or delete sensitive data. To prevent BOLA attacks, a security system should be able to detect abnormal API behavior.

Another common attack is the breaking of user authentication. When attackers take advantage of weak security features in user authentication, this is a common type of API attack. Hackers have various ways to gain access to the victim’s user accounts as well as transaction data, such credential stuffing and credential cracking.

An attacker can often access too much information through API attacks. Many APIs can provide more information than is necessary to complete the task of sharing or obtaining data. This data can be used to gain sensitive information by an attacker. Even though many APIs let clients filter data and make their own decisions, attacks can still be made on the API’s redundant information.

Cybercriminals can learn information about APIs and program components to create attacks. A security setting in an API isn’t properly defined or has default settings, making it susceptible to hackers searching for both infrastructure and data. API security problems can be difficult to spot and fix. API attacks usually succeed because they exploit weaknesses in business logic. 

API Security Best practices

APIs can be difficult to secure. It is not possible to guarantee that they will be protected against hackers. These practices will make your API more vulnerable to hackers if you follow them. You can increase API security through the incorporation of these practices into development, testing, and production.

It is essential to secure API design and development. It ensures APIs are built using secure code and configuration processes. This is a great idea right from the beginning. Business logic is also an excellent idea for design reviews. This increases the likelihood of flaws being discovered early. Although security testing is capable of identifying vulnerabilities in APIs and misconfigurations, business logic issues can be detected with analysis and fuzz.

API security is dependent on the documentation of APIs. This allows internal security staff and others to understand and see the API structure, as well as how it was tested and protected. It also allows them to identify possible attack points for any API they’re using. Accurate documentation is crucial to ensure problems and solutions are easily traced.

You can use many tools to maintain API security even after you have completed development or testing. Monitoring and logging APIs can help you monitor the normal behavior of APIs and spot unusual events so they can be fixed. To determine when APIs are changing, automatic systems will compare API behavior with documentation. This allows documentation to automatically be updated. To make APIs safer, API gateways can be encrypted. Identity store, key management, and public key infrastructure are all possible. Bad actors cannot get authorization, authentication.

Although APIs play an essential role in the operations of many applications, API security is not the same as security for applications. It is essential to understand the security issues that APIs present and how you can address them. API security does not require you to be proficient in every area or step of API development. Many people overlook it. Every stage of an application should be able to understand API defenses and attacks. They also need documentation on what they can do to help protect their APIs.

---

Information on the Author PJ Bradley, a passionate writer on a variety of subjects and deeply committed to helping others is a prime example. Holding a bachelor’s degree from Oakland University, PJ enjoys using a lifelong desire to understand how things work to write about subjects that inspire interest. Most of PJ’s free Two of the most time-consuming tasks are writing and reading. PJ writes also regularly at Bora.

Editor’s Note: Tripwire, Inc. cannot be held responsible for guest author’s opinions.

You need to know what is in your network. You could be at risk.

In any organisation it’s normal for different devices, on- or off-prem, wired or wireless, to be constantly added or removed – and this can present an opportunity for malicious hackers to take advantage of improperly secured systems.

Many organizations don’t know how many assets are in their possession or where they are all located.

It is a smart idea to run regular automated scans to check for vulnerabilities and identify assets that are connected to your infrastructure.

Cybersecurity and Infrastructure Security Agency of the United States – (CISA). told On Monday federal agencies were mandated to inspect assets and find vulnerabilities in networks.

Federal Civilian Executive Branch agency agencies must take the following actions before April 3rd 2023.

• Automate asset discovery every 7 days. At a minimum, this must include all IPv4 addresses used by agency.
• Each 14-day period, start vulnerability enumeration for all assets. This includes all nomadic/roaming equipment (e.g. laptops).
• Automatically feed details of detected vulnerabilities into CISA’s Continuous Diagnostics and Mitigation (CDM) dashboard within 72 hours.
• Develop and maintain the capability to initiate on-demand asset discovery and vulnerability enumeration, in order to identify specific assets or vulnerabilities within 72 hours of receiving a request from CISA – and then provide the results back to CISA within 7 days of request.

CISA’s Jen Easterly highlighted SolarWinds, a hacker group that had been able to use the poisoned software update for network management to target critical infrastructure networks in government agencies over months.

“If you’ve heard us talk at all about this, we have said consistently that we are on an urgent path to gain visibility into risks facing federal civilian networks,” said Easterly. “This was obviously a gap illuminated by SolarWinds.”

It is vital for organisations to identify compromised software quickly in order to defend themselves against attacks like SolarWinds.

CISA says it will publish a common vulnerability-reporting data format within six months which agencies can use when feeding information into the CDM dashboard.

Cybersecurity Awareness Month was declared by the President of the United States (and Congress) in October due to increasing threats to private and technological information. The initiative is intended to help people protect themselves online. Under the guidance of the NSA, government and businesses are working in tandem to raise cybersecurity awareness at both the national and global levels. National Cybersecurity Alliance (NCA), and Cybersecurity and Infrastructure Security Agency (CISA).

Cybertravel: Take a look at yourself

The slogan for this year’s campaign, “See Yourself in Cyber,” shows that although cybersecurity may appear to be a complicated topic, it ultimately comes down to people.

Everybody should feel comfortable in cyberspace regardless of their role. Individuals and consumers can make simple steps to protect their information and privacy online. Vendors and suppliers alike can be held accountable for the security of their supply chains and take control of their role in preventing any incidents at their locations. Owners and operators of critical infrastructure that are a part of a wider network of services and systems that rely on or support critical infrastructure can learn how their company contributes to the ecosystem’s overall cybersecurity.

Cybersecurity news stories tend to focus on data breaches or cybercriminals. However, this can make it seem overwhelming and impossible to manage. Cybersecurity Awareness Month reminds everyone that you have many options to protect your data. It doesn’t take much to make a difference in cybersecurity.

Enable multi-factor authentication

All agree that multi-factor authentication (MFA), is the best protection against password attacks. A CISA advisory highlights that “MFA is one of the most important cybersecurity practices to reduce the risk of intrusions—according to industry research, users who enable MFA are up to 99% less likely to have an account compromised.”

MFA should be enabled wherever possible. One mistake many businesses make is to limit the protection of their highly-privileged accounts (such as those IT admins) and only allow remote users to use multi-factor authentication. But criminals can target any employee or individual. To reduce the possibility of an attacker compromising an account, MFA should always be available to all employees.

Attacks on recent occasions Cisco Uber However, not all MFA options are equal in security. SMS-based authentication actually is safer than other methods. deprecated by NIST since 2017While attackers use tactics such as MFA fatigue It is possible to bypass OTP push-notifications authentication. The Office of Management and Budget memorandum on enabling a Zero Trust cybersecurity Asks companies to choose a phishing resistant MFA method such as FIDO2 security key. Organizations should be careful not to replace any existing authentication methods. OTP push authentications are safer than no MFA and can be used to protect less sensitive data.

Use a password manager for strong, unique passwords

Passwords hold the key to your digital castle. Your passwords are as important to secure your digital castle as your house keys. No matter what account they are protecting, all passwords must be created with these three principles in mind:

• Long – At least 12 characters should be included in each of your passwords.
• Unique – Each account must be secured by a separate, individual password. Use unique passwords only. This way, you can rest assured that your other accounts are secure even if they’re compromised.
• Complex – Each password should be complex and contain a mix of capital and lowercase letters, digits, and special characters.

It is a good idea to not change a password that is long, unique, or complex unless it is discovered that another person is accessing the account, or that the password has been stolen in a data breach. Last updated recommendations from NIST This recommendation is supported. Since many years cybersecurity professionals have recommended that we change our passwords regularly. This is not a good idea if you have complicated passwords that are long, unique, or complex. You run the risk of using weak or duplicate passwords or repeating them if your passwords are frequently changed.

Our lives are becoming more digital and more complex. We may now have to manage 100 passwords or more. It can be tedious to create, store and remember all these passwords. But passwords are the first line of defense against hackers, data breaches, and other threats. You can use free, easy-to-use password managers to make it easier than ever to manage your passwords.

password manager This is the easiest way to create strong passwords and keep them secure for all the online accounts that we use. A password manager can help you avoid having to keep a messy sticky note with your most important passwords on it or keeping a notebook of them in a drawer. All you have to do to gain access to your password manager vault, is to create a strong password.

Password managers can be used to save hundreds of passwords on your online accounts. However, these programs have additional benefits.

• Time-saving
• All operating systems, devices and platforms can be used
• Secure your identity
• You should be wary of phishing websites
• You will be notified if a password has been compromised

Make sure to keep your software current

One of the easiest ways to protect your information is by updating your software. Because hackers are constantly looking for ways to gain access to your information through insecure software, updates can help you stay ahead.

Below are some reasons why you should consider software updates immediately.

• Security holes within easy reach Cybercriminals can gain access to a person’s computer because of software flaws. Software flaws can be viewed by cybercriminals as open access points that allow them to infect computer systems with malware. These open doors can be closed by software security updates to protect a system from attacks.
• Seek out new features. You might be able add new features or get rid of outdated features by installing updates. Technology is constantly changing so updates are a great way to keep up with all the latest developments and features.
• Safeguard your data. An attacker who gains access to software security holes will search for passwords and confidential documents. Security flaws can make data more difficult to protect.
• Increased efficiency Each patch may not be related to security. Software developers may discover bugs in their software and realize the program must be fixed. The software’s performance is boosted by these modifications.
• Check compatibility. Software developers offer updates in order to make certain that the program works with all new technology. Without updating, older software might not be compatible.

These are also two helpful tips when installing and downloading updates.

• Software updates should only be downloaded from the original author. Use cracked software, pirated or used without permission. Even if a friend has given it to you. Many of these viruses can create additional problems than the software fixes.
• Automate the entire process Software from well-respected vendors often offer the option of automatically updating your program. This notification will let you know when an update is available and allow you to start the process immediately.

Report phishing and recognize it

Phishing is a popular tactic for cybercriminals, but you don’t have to fall for it. Social engineering is used by criminals in cyberattacks. It’s effective and common. The right phish can catch anyone at any time. Social engineering has been used to compromise many other companies, such as Google, Sony and Twitter. people families.

Because we are more educated about obvious hoaxes, the cybercriminals seem to be convincing and persuading in many of these phishing scams. According to Jessica BarkerOne of the main reasons that social engineering is so successful is because it can manipulate our emotions in order to bias our judgement. How we receive information is crucial.

According to behavioral economists, each individual processes information in one of two ways: slowly or quickly. If we think slowly we can be composed, reflective, and rational. Cybercriminals demand that we think different. Cybercriminals want us to think fast while being emotionally and susceptible. Cybercriminals use our emotions to convince us to click suspicious links, to download potentially dangerous attachments and to reveal our credentials.

Be sure to take the time to ensure that your email and message are authentic before you open any attachments or click on any links. These are some guidelines. recognizing a phishing email:

• It seems like a great deal.
• Are you afraid of it?
• Do you need to provide personal information in order for it to send the message?
• Does it feel urgent to link with an unknown attachment?
• Are you asking for a business emergency?
• Is the sender’s email address correct? Attention to misspellings such as Anazon.com and Pavpal.com.

Recognizing a bogus email or message that is a part of a criminal’s phishing campaign is the challenging part. You can report it. You should immediately report it to your IT manager, security officer or workplace administrator if the email was sent to you at work.

You should not reply to the email if it was sent from your personal email account. You should not respond to an email and do not click links. Just click the “Delete” button. Blocking the sending address can help you increase security.

Everyone has a right to a safe internet, so let’s remember to #BeCyberSmart.

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of September 26^th, 2022. I’ve also included some comments on these stories.

Sophos Firewall Zero-Day Exploited in Attacks on South Asian Organizations

UK-based cybersecurity company Sophos has warned customers that a new zero-day vulnerability affecting some of its firewall products has been exploited in attacks, SecurityWeek reports. A Friday advisory stated that versions 19.0 MR1 (19.0.1), and earlier of Sophos Firewall were affected by a critical flaw that could be used for remote code execution.

Sophos Firewall version 19.0MR1 and older were subject to a zero-day attack. The vulnerability enabled attackers to execute malicious code on compromised systems. This vulnerability was found in Webadmin and User Portal components. Sophos released a patch for this vulnerability. Also, it is recommended that the User Portal or Webadmin interfaces are not exposed to the Internet.

windows-11-22h2-blocked-due-to-blue-screens-on-some-intel-systems”>windows 11 22H2 blocked due to blue screens on some Intel systems

Microsoft is now blocking the windows 11 22H2 update from being offered on some systems with Intel Smart Sound Technology (SST) audio drivers. The company also put a safeguard hold in place because this known issue triggers blue screens of death (BSODs) on affected systems, windows-11-22h2-blocked-due-to-blue-screens-on-some-intel-systems/amp/” target=”_blank” rel=”noreferrer noopener”>BleepingComputer notes.

Be cautious when upgrading to windows 11 22H2. Some systems equipped with Intel Smart Sound Technology sound drivers may experience BSOD after the update. This issue exists because there is an incompatibility issue with the Intel Smart Sound Technology on 11th Gen Core processors and windows 11. The Media Creation Tool should not be used to force an update. This could cause the system to turn blue. This issue is found in Intel Smart Sound Technology Audio Controllers that have a file named IntcAudioBus.sys. These files are either version 10.29.0.5152, or 10.30.0.5152. This issue may be patched on your system if you’re running version 10.30.0.5714 or version 10.29.0.5714.

New Microsoft Exchange zero-days actively exploited in attacks

BleepingComputer reports that threat actors are exploiting yet-to-be-disclosed Microsoft Exchange zero-day bugs allowing for remote code execution, according to claims made by security researchers at Vietnamese cybersecurity outfit GTSC, who first spotted and reported the attacks.

Microsoft Exchange has several zero-day weaknesses. GTSC Security Researchers discovered vulnerabilities that allow remote code execution. These vulnerabilities were used by attackers to create Chinese Chopper webshells. Zero Day Initiative has verified these vulnerabilities and they are now being tracked under ZDICAN-18333 and ZDICAN-1880.

There are two stages to executing code on a vulnerable system:
1. Malicious requests to the ProxyShell (not possible on fully patched systems)
2. Use the previous requests to gain access to the backend to execute code

GTSC suggests that a new rule using the URL Rewrite Rule module could mitigate these vulnerabilities. They suggest blocking requests to the Autodiscover on the Frontend by adding the string “.*autodiscover.json.*@.*Powershell.*“ to the URL Path and using the condition of {REQUEST_URI}.

Keep in Touch with Tripwire VERT

Want more insights from Tripwire VERT before our next cybersecurity news roundup comes out? Get our newsletter.

VERT Cybersecurity News Roundups