Tag Archive for: Urges

City of Palm Coast Urges Residents to Use Caution Online During International Fraud Awareness Week

/in


 

The City of Palm Coast is encouraging residents to safeguard their personal information and remain vigilant against potential fraud while shopping online this holiday season, particularly during International Fraud Awareness Week. 

The City of Palm Coast Information Technology Department takes internet security seriously, as demonstrated in October when the department proudly collaborated with Cyber Florida to host an essential cybersecurity training event. This event brought together counties and municipalities, fostering a community of resilience against cyberattacks.

“The internet plays a crucial role in our daily lives, and it’s vital that we understand the associated risks,” said Doug Akins, Director of Information Technology. “As systems and processes continue to evolve, so do the tactics of online scammers. We at the City of Palm Coast are committed to empowering our community with the knowledge and tools to stay safe online during International Fraud Awareness Week and year-round.”

Throughout International Fraud Awareness Week, residents of Palm Coast can expect to see informative videos from members of the Information and Technology City staff, offering valuable tips on how to protect themselves online. These expert insights are especially relevant as we approach the busy holiday shopping season when cyberattacks and fraud attempts tend to rise.

Stay tuned for these helpful videos and join us in taking a stand against fraud and practicing internet security. Together, we can build a safer and more resilient community.

Stay informed with the latest news and information from the City of Palm Coast by following us on FacebookInstagramTwitterYouTube, and LinkedIn. You can sign up for weekly updates by visiting www.palmcoastgov.com/government/city-manager/week-in-review.

Source…

Google urges users to update Chrome to address zero-day vulnerability

/in



Google has released Chrome version 112.0.5615.121 to address a vulnerability that can allow malicious code execution on Windows, Mac, and Linux systems.

Google has released an emergency Chrome security update to address a zero-day vulnerability targeted by an exploit, already in circulation on the internet, that can allow malicious code to be executed.
Google is urging users to upgrade Chrome to the new version, 112.0.5615.121, as soon as possible. The updated version addresses the vulnerability, which affects Windows, Mac, and Linux systems, and is listed as CVE-2023-2033 in the US’ National Vulnerability Database.
Meanwhile, the update will roll out in the coming weeks on Google’s stable desktop channel, the company said.
The high-severity vulnerability was described by Google as a “type confusion” issue in the V8 JavaScript engine. Google Chrome V8 is Google’s open source JavaScript and WebAssembly engine.

“Google is aware that an exploit for CVE-2023-2033 exists in the wild,” the company said in a statement on April 14.
NIST, the US Commerce Dept. agency that runs the National Vulnerability Database, went further in its CVE description about the vulnerability. “Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page,” NIST said.
Google is yet to release complete details on the vulnerability. “Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” Google said in the statement. 
To update Chrome, users can click the overflow menu on the right side of the menu bar and then go to Help and About Google Chrome. Chrome will automatically check for browser updates and, by default, update the browser. Once the update is complete, users need to restart the browser. 

Clement Lecigne of Google’s Threat Analysis Group identified the vulnerability and reported the issue on April 11. In addition to fixing CVE-2023-2033, the Chrome update also fixes a variety of issues detected during internal audits and other initiatives, the company said.
This is the first zero-day vulnerability…

Source…

#mWISE: FBI Director Urges Greater Private-Public Collaboration

/in


“I’m here to recruit you.” Was Christopher Wray, director of the FBI, really joking when he said that hiring people for the FBI was the reason for his presence at the Mandiant mWISE conference?

During his opening keynote speech on September 18, Wray explained how collaborating with the private sector has changed the FBI’s approach to combating cybercrime.

He said that the 9/11 terrorist attacks led the Bureau to open itself more to other parties, first in its counter-terrorism missions and then in other areas, including cyberspace.

“Today, our strategy is informed by where we sit, at the center of a cyber ecosystem that stretches from the defensive side, with the private sector but also agencies like the US Cybersecurity and Infrastructure Security Agency (CISA), all the way over to, on the offensive side, the CIA, the NSA and our foreign partners,” Wray added.

Over the past few years, the FBI has conducted several joint investigations and law enforcement operations in cyberspace, which encompass an increasing number of partners, including foreign cybersecurity agencies from ally countries and private organizations.

“The bottom line is: it doesn’t matter who gets the credit as long as the job gets done,” said Wray.

Recent law enforcement operations, such as the Hive ransomware or the QakBot malware loader takedowns, included partners like Zscaler, who helped with the investigation.

Victim Organizations Encouraged to Work with the FBI

However, the prime example of such public-private collaborations highlighted by the FBI director is the 2022 takedown of the Cyclops Blink botnet, allegedly built by the Russian military agency (GRU). 

This is because, this time, the private partner WatchGuard was directly involved in the malicious campaign.

Wray explained: “The GRU’s Sandworm team had managed to implant malware on thousands of WatchGuard firewall devices worldwide. Those firewalls were primarily used by small and medium enterprises (SMEs). Our collaboration with WatchGuard allowed us to reverse-engineer the malware and develop and execute a sophisticated technical operation, severing GRU’s ability to communicate with the command-and-control…

Source…

US CISA Urges Improvements to Key Computer Component

/in


Governance & Risk Management
,
Patch Management

Unified Extensible Firmware Interface Should Be More Secure, Says Agency

Prajeet Nair (@prajeetspeaks) •
August 4, 2023    

US CISA Urges Improvements to Key Computer Component
Image: Shutterstock

The U.S. federal government is urging computer manufacturers to improve the security of firmware architecture that boots up devices after a powerful bootkit spotted last year sparked heightened concerns over permanent malware infections.

See Also: Live Webinar | Unmasking Pegasus: Understand the Threat & Strengthen Your Digital Defense

The Cybersecurity and Infrastructure Security Agency issued a call to action Thursday for the standard developers behind the Unified Extensible Firmware Interface to improve patch distribution, coding and logging practices.

UEFI is an industry standard for hardware initialization when a computer powers up, published by the UEFI Forum. A spokesperson said the forum has no comment.

The call comes after the discovery of malware known as BlackLotus, a powerful bootkit sold in hacking forums for $5,000, caused the National Security Agency in June to warn Windows systems administrators over its threat.

BlackLotus bypasses Microsoft security features meant to protect hackers from infecting the boot process that takes place before the Windows operating system assumes control. Once the malware has infected UEFI software, it can gain full control over the system. Boot loader infections are difficult to detect and any computer infected with BlackLotus must be completely re-imaged and possibly discarded.

Microsoft has released multiple patches to stymie BlackLotus, but the NSA said patching is only a first step to hardening machines against the malware (see: NSA Issues Remediation Guidance for BlackLotus Malware).

“UEFI bootkits are very powerful…

Source…