Fish | Hunt Fl Security Vulnerabilities

Ransomware and wiper signed with stolen certificates

Introduction On July 17, 2022, Albanian news outlets reported a massive cyberattack that affected Albanian government e-services. A few weeks later, it was revealed that the cyberattacks were part of a coordinated effort likely intended to cripple the country's computer systems. On September 10,...

Exploit for Improper Initialization in Linux Linux Kernel

...

Threat Spotlight: XLLing in Excel - threat actors using malicious add-ins

Microsoft is phasing out support for executing VBA macros in downloaded Office documents. Cisco Talos investigates another vector for introduction of malicious code to Microsoft Excel--malicious add-ins, specifically XLL files. Although XLL files were supported since early versions of Excel,...

Is an outsourced SOC worth it? Looking at the ROI of MDR

In the turbulent world of cybersecurity, one thing is for certain: Threats are evolving in ways that make them harder for organizations to predict--and stop. For businesses with scarce security staff resources and disconnected, complex toolsets, keeping up with today's cyberthreats is even harder.....

Ho, ho, no! Scams to avoid this festive season

Whether you've been naughty or nice, someone will try and stuff a scam down your chimney either way. The FBI is warning of several likely ways to be parted from your funds or logins, and we're going to give some additional context along with tips to avoid these digital lumps of coal. Social media.....

Indicators of compromise (IOCs): how we collect and use them

It would hardly be an exaggeration to say that the phrase "indicators of compromise" (or IOCs) can be found in every report published on the Securelist. Usually after the phrase there are MD5 hashes[1], IP addresses and other technical data that should help information security specialists to...

CVE-2022-3480

A remote, unauthenticated attacker could cause a denial-of-service of PHOENIX CONTACT FL MGUARD and TC MGUARD devices below version 8.9.0 by sending a larger number of unauthenticated HTTPS connections originating from different source IP’s. Configuring firewall limits for incoming connections...

CVE-2022-3480 Denial-of-Service vulnerability in PHOENIX CONTACT mGuard product family

A remote, unauthenticated attacker could cause a denial-of-service of PHOENIX CONTACT FL MGUARD and TC MGUARD devices below version 8.9.0 by sending a larger number of unauthenticated HTTPS connections originating from different source IP’s. Configuring firewall limits for incoming connections...

container-tools:3.0 security update

buildah [1.19.9-6] - update to the latest content of https://github.com/containers/buildah/tree/release-1.19 (https://github.com/containers/buildah/commit/6d7f496) - Related: #2061390 [1.19.9-5] - update to the latest content of https://github.com/containers/buildah/tree/release-1.19 ...

CVE-2021-34579

In Phoenix Contact: FL MGUARD DM version 1.12.0 and 1.13.0 access to the Apache web server being installed as part of the FL MGUARD DM on Microsoft Windows does not require login credentials even if configured during installation.Attackers with network access to the Apache web server can download.....

Inside Raccoon Stealer V2

Raccoon Stealer is back on the news again. US officials arrested Mark Sokolovsky, one of the malware actors behind this program. In July 2022, after several months of the shutdown, a Raccoon Stealer V2 went viral. Last week, the Department of Justice's press release stated that the malware...

The Hunt for the Kingpin Behind AlphaBay, Part 1: The Shadow

AlphaBay was the largest online drug bazaar in history, run by a technological mastermind who seemed untouchable—until his tech was turned against...

Healthcare site leaks personal health information via Google and Meta tracking pixels

Advocate Aurora Health has disclosed that by visiting its websites users may have shared personal information, and possibly protected health information (PHI), with Google and Meta (Facebook). Advocate Aurora Health is the 11th largest not-for-profit, integrated health system in the US and...

5 tips for embedding security into your workflows

Now, more than ever, the world needs innovation. From climate change to pandemics to food insecurity, we face many pressing realities that businesses can help us solve. Especially tech-related businesses. Technology can help drive progress on devastating conditions—like how Biorock can help...

Threat Actors Exploiting F5 BIG-IP CVE-2022-1388

Summary Actions for administrators to take today: • Do not expose management interfaces to the internet. • Enforce multi-factor authentication. • Consider using CISA’s Cyber Hygiene Services. The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing...

Attack Analytics Helps You Find the Monsters Under the Bed

Alert fatigue kills data breach detection efforts Is there anything more frightening than missing a cyber attack? For most organizations, the answer is no. However, for many security teams, it’s challenging to tune alerts properly to minimize false positives and still be alerted to potential...

CVE-2008-7199

Phoenix Contact FL IL 24 BK-PAC allows remote attackers to cause a denial of service (hang) via (1) unspecified manipulations as demonstrated by a Nessus scan or (2) malformed input to TCP port...

A week in security (September 26 – October 2)

Last week on Malwarebytes Labs: Why (almost) everything we told you about passwords was wrong Two new Exchange Server zero-days in the wild Local government cybersecurity: 5 best practices Optus data breach "attacker" says sorry, it was a mistake Fast Company hacked to send obscene and racist...

WP ALL Export Pro < 1.7.9 - Authenticated Code Injection

The plugin does not limit some functionality during exports only to users with the Administrator role, allowing any logged in user which has been given privileges to perform exports to execute arbitrary code on the site. By default only administrators can run exports, but the privilege can be...