In a recent development, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive on Friday, urging Federal Civilian Executive Branch (FCEB) agencies to implement mitigations against two actively exploited zero-day flaws found in Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS) products.

The vulnerabilities, namely an authentication bypass (CVE-2023-46805) and a code injection bug (CVE-2024-21887), have been subjected to widespread exploitation by multiple threat actors. These flaws empower malicious actors to craft harmful requests and execute arbitrary commands on the affected systems.

Acknowledging a significant increase in threat actor activity since January 11, 2024, Ivanti revealed the potential consequences of successful exploitation. Threat actors could move laterally, perform data exfiltration, and establish persistent system access, ultimately leading to the full compromise of target information systems.

Ivanti plans to release an update to address the flaws in the coming week. In the interim, a temporary workaround has been provided through an XML file, allowing affected products to undergo necessary configuration changes.

CISA is urging organizations using ICS to promptly apply the mitigation measures. They recommend running an External Integrity Checker Tool to identify signs of compromise. If compromise is detected, organizations are advised to disconnect affected systems from networks, reset devices, and import the provided XML file.

Threat intelligence firm GreyNoise reported opportunistic exploitation by bad actors for financial gain. They observed the vulnerabilities being abused to drop persistent backdoors and XMRig cryptocurrency miners, emphasizing the multifaceted threats posed by these actively exploited zero-day flaws.

A vulnerability has been identified in Synology's DiskStation Manager (DSM), capable of being exploited to uncover an administrator's password and seize control of the account remotely.

According to Sharon Brizinov from Claroty's Team82 in a report on Tuesday, "Under some rare conditions, an attacker could leak enough information to restore the seed of the pseudorandom number generator (PRNG), reconstruct the admin password, and remotely take over the admin account."

This flaw, labeled CVE-2023-2729, holds a severity rating of 7.5 on the CVSS scoring scale and was addressed by Synology through updates released in June 2023.

The root of the issue lies in the software's utilization of a weak random number generator, relying on the JavaScript Math.random() method to construct the admin password for the network-attached storage (NAS) device.

Sharon Brizinov elaborated on the attack, stating, "By leaking the output of a few Math.Random() generated numbers, we were able to reconstruct the seed for the PRNG and use it to brute-force the admin password. Finally, we were able to use the password to log in to the admin account (after enabling it)."

However, the success of the attack relies on the attacker extracting a few GUIDs during the setup process, generated using the same method. In a real-life scenario, the attacker would first need to leak the GUIDs, brute force the Math.Random state, and gain access to the admin password. Even then, the default setting disables the built-in admin user account, and most users won't enable it.

Introduction

Are you tired of keeping track of all your passwords? Do you have trouble remembering which combination goes with what account? Enter the password manager.

A password manager is a software program that securely stores and manages all your login information for various websites and applications. With just one master password, you can access all your other passwords.

But why do you need a password manager? First, it eliminates the need to remember multiple passwords, and it also allows you to use strong, unique passwords for each account without the hassle of trying to recall them. Additionally, it provides an extra layer of security for your online accounts.

with a password manager, you don’t have to worry about writing down your passwords on a notepad or using the same password for multiple accounts. So, would you rather go old-school with pen and paper or up your security game with a password manager?

Imagine a world where you don’t have to remember all your passwords for every other account. With password managers, you can wave goodbye to that problem.

How do password managers work? Let’s dive in.

The Encryption Process is the backbone of a password manager that ensures the security of your passwords. It encrypts your passwords using robust encryption algorithms, making it difficult for hackers to access it.

Multiple devices – with password managers, you get the convenience to access your passwords from different devices like your smartphone or laptop.

Auto-fill Functionally – you no longer have to worry about typing your long and complicated passwords manually. Password managers allow you to auto-fill passwords, and remove the risk of making spelling errors.3

Password Generator – With a password manager, you don’t have to come up with creative new passwords. The password manager generates strong, unique passwords with a mix of characters to ensure maximum security.

Password managers put you in control of your security while saving you time. Now, let’s explore the benefits of using a password manager!

Introduction

As we navigate our daily lives, we are constantly bombarded by the need to create and remember passwords for various accounts and platforms. With so many passwords to remember, its no wonder that most people opt for the easy-to-remember ones, but this sets the stage for a security breach.

Definition of a Password Manager

A password manager simplifies the process of creating and remembering passwords by storing them securely in an encrypted database. All you need to do is remember one master password, and the password manager tool will take care of the rest!

Why you need a Password Manager?

With a password manager, you can create complex passwords that are unique for each account, making it challenging for cyber criminals to hack your accounts. It saves time as you don’t have to remember all the passwords separately. Besides, they help you conduct an audit of your existing password strength and alert you if there are any duplicate or weak passwords.

How Password Managers Work

The encryption process ensures that all your data is safely stored in a digital locker. One of the best features of password managers is that they work seamlessly across multiple devices. Additionally, the auto-fill functionality saves you the trouble of typing your passwords for every login. And let’s not forget about the password generator that is a lifesaver when you need to create complex and secure passwords.

Benefits of Password Mangers

Increased Security

With a password manager, you don’t have to worry about weak passwords being compromised, and you can enjoy multi-factor authentication, which adds an extra layer of security.

Ease-of-Use

Password managers make it easy to store and remember passwords, and you don’t have to stress over memorizing them. With one Master password, all your passwords are secure and easily accessible.

Time-Saving

By streamlining the process of creating, storing, and recalling passwords, password managers boost your productivity by saving your time for other productive activities.

Audit

Password managers carry out periodic password strength checks and alert you whenever they detect weak passwords or any duplicates that can compromise your security.

Popular Password Managers in the Market

1. LastPass
2. 1Password
3. Dashlane
4. Keeper
5. Bitwarden

Choosing the Right Password Manger

When selecting a password manager, you’d have to pay attention to factors such as costs, cross-platform compatibility, UI, and additional features. With so many options in the market, it’s essential to review and compare them before making your final decision.

Tips on Setting Strong Passwords

Avoid repeating passwords across different accounts, avoid common passwords, and make them longer! Additionally, use mixed characters such as numbers, letters, and symbols to make it harder to guess.

Recap of the Benefits of a Password Manager

Without a password manager, password management can seem daunting. But with password managers, you can enjoy increased security, ease-of-use, time-saving benefits, and periodic password audits to maintain your account’s safety.

Final Thoughts

Staying safe online is critical, and a password manager offers a seamless solution to password management that saves time and provides peace of mind. So, what are you waiting for? Choose a password manager today and stay secure.

You know what’s more stressful then remembering all the passwords for your various accounts? Not having a secure password manager to help you out! Well, let’s take a look at some of the popular password managers on the market.

First up we have LastPass. It’s free to download and has a user-friendly interface. It can also be used on a variety of platforms. LastPass offers free version as well as a premium option.

1Password, on the other hand has great support. Robust vault organization features, plus excellent travel mode. Unfortunately there is no free version.

Dashlane offers an excellent VPN service and enables users to store their passwords securely in their vault. It also comes with an interface that allows you to setup an emergency contact if you ever forget your master password. But it comes with a price tag.

Keeper offers both a free and paid version, along with a personal and business enterprise option. It comes with fingerprint login, automated backup, and 24/7 support.

And lastly, Bitwarden, which is an open-source password manager with a free and premium version. Its features include auto-filling of passwords, multi-device sync and sharing, and secure password generation.

So, go ahead and take your pick! But remember, it’s not just about the password manager, but also about the password you create for your online accounts. Stay safe out there.

Choosing the right password manager can be a daunting task. With so many options available, it’s easy to get overwhelmed. But don’t worry, we’ve got you covered. Here are some key factors to consider while choosing a password manager.

Firstly, costs. While some password managers come for free, others charge a. subscription fee. It’s essential to choose a password manager which suits your budget.

Secondly, cross-platform compatibility. Ensure that the password manager is compatible with the devices and operating systems you use. You don’t want to spend money on password manger that doesn’t work on your devices.

Thirdly, additional features. Password managers come with different features such as breach alerts, two-factor authentication, and secure sharing. Make sure to choose a password manager that offers features according to your needs.

Lastly, user interface. The user interface should be user-friendly, making it easy to navigate the dashboard and accessibility to manage passwords.

All these factors are critical while choosing a password manager. Remember to choose the right one that fits your needs, budget, and preferences.

We all know that having a strong password is essential for online security. But how do you create a password that’s both complex and easy to remember? Here are some tips to help you out!

Avoid repeating passwords at all costs. Reusing passwords for different accounts means that a single breach can compromise all your online profiles.

Also avoid common passwords like “password” or “123456”, as these are some of the first guesses that hackers try when attempting to crack passwords.

Use a mix of characters such as uppercase and lowercase letters, numbers and symbols, and make sure your password is at least 12 characters in length. A longer password is harder to guess and crack than a shorter one.

Overall, setting a strong password is crucial to secure your online accounts. Using a password manger can also help generate and store unique passwords for each account, ensuring better protection against potential cyber threats.

Remembering passwords is hard, especially when you have multiple online accounts. But with a password manager, you can keep all of your passwords in one place. The encryption process keeps your data safe from prying eyes, and you can access your passwords from multiple devices.

A password manager is a valuable tool for anyone who spends time online. Not only does a password manger save you time, but it also helps keep your online presence more secure.

Malware can hide in various places on a computer or network. Here are some common locations where malware may hide:

1. System files: Malware can disguise itself as legitimate system files or inject malicious code into existing files.
2. Temporary folders: Malware often uses temporary folders to hide and execute its operations, taking advantage of the chaotic nature of these locations.
3. Registry: Malware may modify the Windows Registry or similar system databases to gain persistence and control over the infected system.
4. Browser extensions: Malicious browser extensions can be a hiding spot for malware, as they can monitor your browsing activities and inject unwanted advertisements or collect personal information.
5. Email attachments: Malware can be hidden within email attachments, especially those from unknown or suspicious sources.
6. Downloads: Illegitimate or compromised software downloads from untrustworthy websites can contain malware, making it important to only download from reputable sources.
7. External storage devices: Malware can spread through infected USB drives or external hard disks, so it’s crucial to be cautious when connecting such devices to your computer.

To protect yourself from malware, it’s recommended to have up-to-date antivirus software, avoid downloading files from untrusted sources, be cautious with email attachments, and regularly update your operating system and applications.

A new Android campaign called Schoolyard Bully has spread to over 300,000 Facebook users. The trojan has been found in applications downloaded from the Google Play store and third-party app stores.

Schoolyard Bully disguises itself as an educational application primarily targeting Vietnamese readers.

Zimperium Researchers said The trojan uses Javascript injection to steal Facebook credentials. The Trojan opens the legitimate URL inside a WebView with the malicious javascript injected to extract the user’s phone number, email address, and password then sends it to the configured Firebase C&C.

Even though the primary victim group is Vietnamese, Zimperium Research has found over 300,000 victims in over 71 countries. The number of counties could be more than what was accounted for because the applications are still being found in third-party app stores.

VMware released security updates to fix 3 critical vulnerabilities in their One Assist Software. A malicious actor with network access may be able to obtain administrator access without the need to authenticate.

Workspace One Assist is a real-time remote support software.

These flaws are being tracked as CVE-2022-31685 (Authentication Bypass Vulnerability), CVE-2022-31686 (Broken Authentication Method vulnerability), and CVE-2022-31687 (Broken Access Control vulnerability).

VMware patched several other vulnerabilities listed below along with the critical flaws above.

Reflected cross-site scripting (XSS) vulnerability (CVE-2022-31688) which due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user’s window. Session fixation vulnerability (CVE-2022-31689) A malicious actor who obtains a valid session token may be able to authenticate to the application using that token.

VMware released a patch to fix these issues with Workspace One Assist 22.10.

On Nov 1st OpenSSL project has release patches for a couple of high severity flaws that could trigger Denial of Service or trigger remote code execution.

Tracked as CVE-2022-3786 An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.’ character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). CVE-2022-3602 An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution.

Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6

Docker estimates about 1,000 image repositories could be impacted across various Docker Official Images and Docker Verified Publisher images.

Censys has created an interactive dashboard showing (some of the) servers running a version of OpenSSL.

On Monday Apple released a patch for a zero-day flaw that’s been actively exploited.

Tracking as CVE-2022-42827 described An out-of-bounds write issue was addressed with improved bounds checking. In the out-of-bounds write vulnerability, the software writes data past the end, or before the beginning, of the intended buffer, which can result in the corruption of data, a crash, or code execution.

Apple didn’t go into further details about the flaw other than acknowledging its “aware of a report that the issue may have been actively exploited“.

Apple also fixed a few other issues with this patch.

• CVE-2022-42808 – A remote user may be able to cause kernel code execution
• CVE-2022-42829 – An app with root privileges may be able to execute arbitrary code with kernel privileges
• CVE-2022-42830 – An app with root privileges may be able to execute arbitrary code with kernel privileges
• CVE-2022-42799 – Visiting a malicious website may lead to user interface spoofing
• CVE-2022-42823 – Processing maliciously crafted web content may lead to arbitrary code execution

Emotet was once described as the “world’s most dangerous malware“, by Europol. Security researchers first discovered the malware as a banking trojan in 2014.

What is Emotet?

Emotet is a Trojan that is spread through email, that could contain a malicious attachment or a malicious link. Emotet utilizes social engineering tricks by using branding to disguise themselves to look legitimate by using tempting keywords “Payment Details”, and “Shipping Information” and luring the victim into downloading the malicious Office file and enabling macros.

Emotet uses C&C servers to receive updated versions of the virus as well as to dump stolen personal information.

How Does Emotet Spread?

Malspam is the main way that Emotet is distributed. Your friends, family, coworkers, and clients receive messages from Emotet after it has combed through your contacts list. Since the emails appear less spammy because they are originating from your compromised email account, recipients are more likely to click risky links and download malicious files because they feel safer.

Emotet can spread to other connected computers and nearby Wi-Fi networks using its worm-like ability to capture admin passwords. Emotet is an example of polymorphic malware since it may constantly alter its identifiable properties to avoid detection. It can adjust properly, for instance by going dormant to avoid discovery, if it finds itself operating in a virtual machine (VM) or sandbox environment.

Emotet frequently installs TrickBot, a different banking Trojan that targets Windows-based computers. To take advantage of the Windows EternalBlue vulnerability, TrickBot uses the Mimikatz program.

How Can I Protect Myself?

The first step is to educate yourself on what it is and how it works, so you are already ahead of the game.

• Make sure all your devices are up to date on the latest patches. In order to prevent hackers from exploiting the Windows EternalBlue vulnerability, which TrickBot frequently uses as a secondary Emotet payload, patch Windows as soon as possible.
• Don’t click on suspicious links
• Use stronger passwords and use two-factor authentication
• You can protect yourself by using Malwarebytes as an added layer of protection for home users, and for business owners, you can also use their business products.

CISA on Thursday, Oct 20 added the Zimbra Collaboration exploit to the Known Vulnerabilities Exploit catalog (KVE).

The issue is tracked as CVE-2022-41352, this is a remote code execution vulnerability that has to do with cpio a third-party utility tool used to extract archive attachments from an email. Which allows a threat actor to carry out the execution of arbitrary code on a vulnerable zimbra instance without authorization. This can be exploited by an attacker sending malicious email attachments to a vulnerable server.

Once inside, for example, an attacker may be able to extract emails, tamper with user accounts, and wipe information.

The latest ZCS version 9.0.0 P27 replaces the vulnerable component, cpio, with pax, which performs a similar function.

Malware is constantly changing and becoming more advanced and harmful.
Cybercriminals will do whatever it takes to access a computer system and handle sensitive data.

1. Clop Ransomware

One of the deadliest computer risks is clop ransomware, which may start or stop processes in a Windows domain in order to hide from common antivirus software and computer users. Clop ransomware creates entries in the Windows Registry in order to achieve persistence.

The majority of operating system versions, including Windows XP, Windows 7, Windows 8, Windows 8.1, and Windows 10, can be infected by the Clop ransomware virus, making it one of the most hazardous types of malware.

2. Shlayer Malware

This form of malware targets macOS devices, Its sole function is to use bogus programs and flash updates to download harmful code. Once the Shlayer virus has been installed on a machine, it starts downloading and installing adware, or software designed to increase the number of advertisements. This was initially introduced by hackers using a unique zero-day vulnerability to launch the attack.

3. IoT Device Attacks

Threat actors tend to target these devices because of the lack of security. Typical IoT device does not have a built-in security solution to counter cyber threats. IoT devices commonly contain easy-to-access data, ranging from passwords to user names. Hackers leverage this data to break into accounts and steal more information.

4. RaaS

Ransomware as a Service (RaaS) is a business model that allows malware developers to lease ransomware tools. A user also known as an affiliate pays per month a subscription cost regardless of the cost affiliates earn a percentage of each successful ransom collected and then the money is divided between the developer and the affiliate.

5. Zeus Gameover

Zeus Gameover is a variant of the Zeus malware family. The main goal is to steal money from its victims by utilizing a sizable botnet to either automatically transfer money from the victim’s online bank account to the attacker’s bank account or steal bank account information. This is all done by taking over the victim’s banking session and these fraudulent methods are performed in real-time.

Horizon3.ai recently released a proof of concept on the Fortinet Authentication Bypass vulnerability. Horizon3.ai researchers created an exploit after examining the differences between the vulnerable firmware and the patched version.

Soon after releasing the proof of concept, exploit attempts numbers started to rise.

On Thursday Wordfence Threat analyst Ram Gall published a Threat Advisory
stating their team was tracking exploit attempts targeting CVE-2022-40684 on their network. At the time of publishing, they recorded several attempts and requests from over 20 IP addresses.

Most of the requests they observed trying to find whether a Fortinet appliance was in place.

But they did find a number of those IPs are also sending out PUT requests matching the recently released POC, which attempts to update the public SSH key of the admin user.

Fortinet on Monday published an advisory confirming that this vulnerability has been exploited in the wild.

“Fortinet is aware of an instance where the vulnerability was exploited and recommended immediately validating your system against the following indicator of compromise in the device logs”.

Earlier this month reports began circulating that Fortinet communicated directly with customers about a critical vulnerability in its FortiOS and FortiProxy products.

This vulnerability CVE-2022-40684 with a (CVSS score 9.6) deals with an authentication bypass using an alternate path or channel in FortiOS, FortiProxy and FortiSwitchManager may allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.

Affected Products

FortiOS version 7.2.0 – 7.2.1
FortiOS version 7.0.0 – 7.2.1
FortiProxy version 7.20
FortiProxy version 7.0.0 – 7.0.6
FortiSwitchManager version 7.2.0
FortiSwitchManager version 7.0.0

Updates

Please upgrade to FortiOS version 7.2.2 or above
Please upgrade to FortiOS version 7.0.7 or above
Please upgrade to FortiProxy version 7.2.1 or above
Please upgrade to FortiProxy version 7.0.7 or above
Please upgrade to FortiSwitchManager version 7.2.1 or above

An extremely popular sandbox library with more than 16 million downloads a month, vm2 can run untrusted code securely in a single process with your code side by side.

Researchers from Oxeye discovered the vulnerability codenamed “Sandbreak”, a critical remote code execution vulnerability. A threat actor who exploits the vulnerability will be able to bypass the environment and run shell commands on the hosting machine of the sandbox.

This vulnerability has been given a maximum CVSS score of 10 and Github has issued an advisory CVE-2022-36067.

Malware (short for “malicious software”) is any program designed for malicious intent and used to exploit vulnerabilities, damage, or gain unauthorized access to a system or a computer network. Malware can delete your files, steal your personal information and lock you out of your system.

Types of Malware

Virus – a software program that attaches itself to a program. Which can then replicate and spread after a person runs the program on their system. Viruses can slow down your system resources, destroy data and capture keystrokes.

Worms – a standalone malware computer program that can duplicate itself in order to spread to other computers. It travels across network connections to spread itself. The difference between a virus and a worm, a worm can execute independently on its own versus a virus that needs a host application.

Trojan Horse – a software program that disguises itself as regular programs, e.g. games, antivirus programs, and disk utilities. When these programs run the malicious users are able to do any activities such as exporting files, modifying data, and deleting files to the system.

Spyware – a type of software that is installed on a user’s system without their knowledge or permission. It monitors the user’s browsing activity and steals sensitive information like banking information and passwords.

Spam – is digital junk mail and unsolicited communications sent in bulk through an electronic messaging system. Spam is a security concern because it can contain links in emails to phishing websites or other sites hosting malware.

Phishing – a type of social engineering where an attacker sends a fraudulent message designed to trick a person into revealing sensitive information.

Email Spoofing – is the creation of email messages with a forged sender address to manipulate the recipient that it originated from a trusted source. Scammers use this method of deception because they know the person will more likely engage with the email content.

Ransomware – is a malware designed to deny a user or company access to their files using encryption. The attacker will demand a ransom payment in exchange for the private key to use to decrypt the files.

Signs of Malware on your system

• Computer performance slows down
• System crashes
• Random popup ads
• Default browser changes

How do I get Malware?

The most common ways to get malware on your system are through the internet and email. Anytime you visit a website that’s been hacked, download infected files, install an app from an unfamiliar source or open a malicious email attachment.

How to remove Malware

Step 1. Disconnect from the internet

Discount your system from the internet, this keeps your system from sending information back to the malware server.

Step 2. Enter Safe Mode

Safe mode allows only minimal programs to startup, in the event you have malware on your system, this mode will help make it easier to remove it.

Step 3. Check your activity monitor

Go through the activity monitor and locate the malicious software, select it, and quit the program.

Step 4. Run a malware scanner

At this stage, you’re ready to fix your system. Running a malware scanner is usually enough to get rid of most infections. If you already had an antivirus installed on your computer, you should download a different malware scanner than what you’re using. I recommend Malwarebytes, the free version is sufficient enough to use.

Step 5. Fix your browser

Check your browser’s homepage address to make sure it’s correct, malware will modify your homepage so that it can reinfect your system. Once you’ve verified your homepage settings check your extensions for any malicious extensions that may have been added.

Summary

Now with this information on malware, we hope this sheds light on the dangers of malware and the importance of staying vigilant on security practices. Remember to update your systems regularly.