Don’t fall victim! Important things you should know about Cybersecurity

/in


Technology and the use of the internet have continued to pose the need to protect every information from intruders. Cybercriminals are everywhere; they are attackers, and thieves who hack data, and personal information for their selfish needs. That’s why you need to know about cybersecurity in order to curb these internet fraudsters. 

Cybersecurity is protecting information from attackers. What characterizes the 21st century from every other, is technological advancement. It has brought both positive and negative effects to our lives. Here are important things you should know about cybersecurity.

What is cybersecurity?

The essence of cybersecurity is to protect networks, information and programmes from digital attacks. Usually, the motive of cyber attackers is to extort and destroy every personal detail like your bank account and business deals.

Cybersecurity is becoming more challenging

As technology is advancing, attackers are becoming more innovative which makes cybersecurity more challenging to curb. However, we still need to know how to keep our data safe by learning and knowing more about cybersecurity. Regardless of the obstacles, the urge to keep data safe is now very concerning across the world. Information theft has become the fastest-growing segment of cybercrime. Revealing too much information on the internet has made it easy for attackers. Even governments and organizations are not spared; hackers can destroy data to cause mistrust within the system.

Why you need to be more conscious

First, get it out of your mind that everything you save on your device cannot be tampered with. Exposing your personal information can make you a target. You don’t share confidential information like your financial information such as credit card, business deals, intellectual property and so on. Cybercriminals are everywhere; they are closer than you think.

How to protect yourself from cyber attacks

  1. Ensure you update all anti-virus systems on your device regularly.
  2. Whenever you fill anything online; be it opening a social media account or job application, endeavour to use a strong password for such a process.
  3. Protect your Wi-Fi network by encrypting it. There shouldn’t be an…

Source…

CISA Warns Of Black Basta Ransomware Attacking 500+ Industries

/in


Threat actors use black Basta ransomware because of its powerful abilities and inconspicuous moves. 

Data exfiltration, dual extortion via data leaks, and anti-analysis mechanisms are among the complex techniques employed by this malware. 

The developers of Black Basta regularly introduce new obfuscation approaches and evasion tricks into it, which helps keep it a persistent and changing threat to conventional security measures.

Recently, CISA discovered that Black Basta ransomware has attacked over 500 industries.

CISA Warns Of Black Basta Ransomware

In support of their coordinated efforts, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Department of Health and Human Services (HHS), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have jointly issued a Cybersecurity Advisory (CSA) called “#StopRansomware: Black Basta.”

This advisory provides cyber security defenders with a summary of tactics, techniques, and procedures (TTPs) used by confirmed Black Basta ransomware affiliates and indicators of compromise (IOCs).

Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers

Inside intelligence from this advisory has been carefully selected through extensive FBI investigations and verified by third-party reporting to ensure its accuracy and relevance in countering this malignant threat.

Black Basta is a more dangerous type of ransomware because it functions on the ransomware-as-a-service (RaaS) model. 

After its first detection in April 2022, Black Basta has become a real threat, with its partners persistently targeting over 500 organizations from the private industry and critical infrastructure sectors. 

This means that despite their geographical limitations, they have been able to attack companies in the following regions:-

  • Europe
  • North America
  • Australia

The most worrying part about this is the targeting of health organizations, which exposes how Black Basta’s careless exploitation of vulnerabilities can be very serious.

The aforementioned concerns the rising danger of Black Basta and other ransomware types, for which the CISA and its partners…

Source…

Mirai botnet also spreads through the exploitation of Ivanti Connect Secure bugs

/in


Mirai botnet also spreads through the exploitation of Ivanti Connect Secure bugs

Pierluigi Paganini
May 09, 2024

Threat actors exploit recently disclosed Ivanti Connect Secure (ICS) vulnerabilities to deploy the Mirai botnet.

Researchers from Juniper Threat Labs reported that threat actors are exploiting recently disclosed Ivanti Connect Secure (ICS) vulnerabilities CVE-2023-46805 and CVE-2024-21887 to drop the payload of the Mirai botnet.

In early January, the software firm reported that threat actors are exploiting two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Connect Secure (ICS) and Policy Secure to remotely execute arbitrary commands on targeted gateways.

The flaw CVE-2023-46805 (CVSS score 8.2) is an Authentication Bypass issue that resides in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure. A remote attacker can trigger the vulnerability to access restricted resources by bypassing control checks.

The second flaw, tracked as CVE-2024-21887 (CVSS score 9.1) is a command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure. An authenticated administrator can exploit the issue by sending specially crafted requests and execute arbitrary commands on the appliance.

An attacker can chain the two flaws to send specially crafted requests to unpatched systems and execute arbitrary commands. 

“If CVE-2024-21887 is used in conjunction with CVE-2023-46805, exploitation does not require authentication and enables a threat actor to craft malicious requests and execute arbitrary commands on the system.” reads the advisory published by Ivanti.

The Juniper Threat Labs researchers observed threat actors exploiting the CVE-2023-46805 vulnerability to gain access to the end point “/api/v1/license/key-status/;” Then the attackers exploited the command injection issue to inject their payload.

Below is the request employed in the attacks observed by the experts:,

GET /api/v1/totp/user-backup-code/../../license/keys-status/{Any Command}

“Others have observed instances in the wild where attackers have exploited this vulnerability using both curl and Python-based reverse shells,…

Source…

How Can Businesses Defend Themselves Against Cyberthreats?

/in


Today, all businesses are at risk of cyberattack, and that risk is constantly growing. Digital transformations are resulting in more sensitive and valuable data being moved onto online systems capable of exploitation, thus increasing the profitability of a successful breach.

Furthermore, launching a cyberattack is becoming more accessible. Exploit kits and malware-as-a-service offerings are getting cheaper, while open-source AI tools are making masquerading as a trusted executive and exploiting vulnerabilities easier.

TechRepublic consolidated expert advice on how businesses can defend themselves against the most common cyber threats, which are:

  • Social engineering attacks.
  • Zero-day exploits.
  • Ransomware attacks and data theft.
  • IoT attacks.
  • Supply chain attacks.
  • AI deepfakes.

Social engineering attacks

What are they?

Social engineering is an umbrella term for some of the most common types of cyberattacks, all of which involve some form of human manipulation to obtain information about an organization or network. Social engineering attacks include, but are not limited to:

  • Phishing: Attackers impersonate legitimate entities to deceive individuals into giving up confidential information, like log-in credentials. Most often, this is in the form of an email, but it can be done over the phone (vishing) or text (smishing).
  • Baiting: The attacker leaves a physical device, like a USB stick or CD, containing malware in a public place in the hopes that someone will pick it up and use it, thus compromising their system.
  • Whaling: A more personalized version of phishing that usually targets a single, high-ranking individual.
  • Business email compromise: A targeted cyberattack where attackers impersonate a trustworthy executive via a compromised email account and deceive employees into transferring money or revealing sensitive information.

SEE: 6 Persuasion Tactics Used in Social Engineering Attacks

What are the most common attack entry points?

While social engineering attacks can be instigated through emails, phone calls and USB sticks, they all have one attack entry point in common: humans.

How can businesses protect themselves?

Zero-day exploits

What are they?

TechRepublic…

Source…