Secu9

08/02/2023

👏 Encrypted Messaging App Exclu Used by Criminal Groups Cracked by Joint Law Enforcement.

ℹ️ A joint law enforcement operation conducted by Germany, the Netherlands, and Poland has cracked yet another encrypted messaging application named Exclu used by organized crime groups.

More info 👉 Encrypted Messaging App Exclu Used by Criminal Groups Cracked by Joint Law Enforcement (https://buff.ly/3BAwPep)

07/02/2023

🤔 SaaS in the Real World: Who's Responsible to Secure this Data?

ℹ️ When SaaS applications started growing in popularity, it was unclear who was responsible for securing the data. Today, most security and IT teams understand the shared responsibility model, in which the SaaS vendor is responsible for securing the application, while the organization is responsible for securing their data.

🪧What's far murkier, however, is where the data responsibility lies on the organization's side. For large organizations, this is a particularly challenging question. They store terabytes of customer data, employee data, financial data, strategic data, and other sensitive data records online.

⚠️ SaaS data breaches and SaaS ransomware attacks can lead to the loss or public exposure of that data. Depending on the industry, some businesses could face stiff regulatory penalties for data breaches on top of the negative PR and loss of faith these breaches bring with them.

✅Finding the right security model is the first step before deploying any type of SSPM or other SaaS security solution.

More info 👉 https://buff.ly/3I9BtVL

Learn about the risks of SaaS data security and how to protect it with expert advice and tips.

06/02/2023

🤔 Dashlane password manager open-sourced its Android and iOS apps.

ℹ️ Dashlane announced it had made the source code for its Android and iOS apps available on GitHub under the Creative Commons Attribution-NonCommercial 4.0 license.

✅ The popular subscription-based password manager and digital wallet have decided to release the code of its mobile apps to increase transparency in how they operate while also promoting a more collaborative and open development approach going forward.

More info 👉 https://buff.ly/3Yotedn

03/02/2023

🚨 New High-Severity Vulnerabilities Discovered in Cisco IOx and F5 BIG-IP Products.

⚠️ F5 has warned of a high-severity flaw impacting BIG-IP appliances that could lead to denial-of-service (DoS) or arbitrary code ex*****on,Tracked as CVE-2023-22374 (CVSS score: 7.5/8.5).
⚠️ Cisco : The disclosure comes as Cisco released updates to fix a flaw in Cisco IOx application hosting environment (CVE-2023-20076, CVSS score: 7.2) that could open the door for an authenticated, remote attacker to execute arbitrary commands as root on the underlying host operating system.

ℹ️ F5 : The issue is rooted in the iControl Simple Object Access Protocol (SOAP) interface and affects the following versions of BIG-IP
13.1.5
14.1.4.6 - 14.1.5
15.1.5.1 - 15.1.8
16.1.2.2 - 16.1.3, and
17.0.0
ℹ️ Cisco : The vulnerability impacts devices running Cisco IOS XE Software and have the Cisco IOx feature enabled, as well as 800 Series Industrial ISRs, Catalyst Access Points, CGR1000 Compute Modules, IC3000 Industrial Compute Gateways, IR510 WPAN Industrial Routers.

✅How to Protect ?
F5 noted that it has addressed the problem in an engineering hotfix that is available for supported versions of BIG-IP. As a workaround, the company is recommending users restrict access to the iControl SOAP API to only trusted users.
Cisco, Apply the various updates

More info 👉 : https://buff.ly/3wOzaAV

New high-severity vulnerabilities have been discovered in Cisco IOx and F5 BIG-IP products. Protect your organization by staying informed.

02/02/2023

🚨 New Threat: Stealthy HeadCrab Malware Compromised Over 1,200 Redis Servers.

⚠️ At least 1,200 Redis database servers worldwide have been corralled into a botnet using an "elusive and severe threat" dubbed HeadCrab since early September 2021.

ℹ️ "This advanced threat actor utilizes a state-of-the-art, custom-made malware that is undetectable by agentless and traditional anti-virus solutions to compromise a large number of Redis servers," Aqua security researcher Asaf Eitani said in a Wednesday report.

✅How to Protect ?
Users are recommended to refrain from exposing Redis servers directly to the internet, disable the "SLAVEOF" feature in their environments if not in use, and configure the servers to only accept connections from trusted hosts.

More info 👉 : https://buff.ly/3XT1bmC

HeadCrab Alert! A new stealthy botnet malware that is undetectable by various antivirus solutions has infected over 1,200 Redis servers worldwide.

01/02/2023

🚨 Critical VMware RCE Vulnerabilities Targeted by Public Exploit Code.

⚠️ Security vulnerabilities in VMware's vRealize Log Insight platform can be chained together to offer a cybercriminals a gaping hole to access corporate crown jewels.

ℹ️ Three security vulnerabilities affecting VMware's vRealize Log Insight platform now have public exploit code circulating, offering a map for cybercriminals to follow to weaponize them. These include two critical unauthenticated remote code ex*****on (RCE) bugs.

🥶 The vRealize Log Insight platform (which is transitioning its name to Aria Operations) provides intelligent log management "for infrastructure and applications in any environment," according to VMware, offering IT departments access to dashboards and analytics that have visibility across physical, virtual, and cloud environments, including third-party extensibility. Usually loaded onto an appliance, the platform can have highly privileged access to the most sensitive areas of an organization's IT footprint.

✅How to Protect the Enterprise
To protect their organizations, admins are urged to apply VMware's patches, or apply a published workaround as soon as possible.
https://buff.ly/3RmsjYF has also published indicators of compromise (IoCs) to help organizations track any attacks.

More info 👉 :
https://buff.ly/3JrrPP1

31/01/2023

👏Tout d'abord, merci à toute l'équipe pour leur invitation et la qualité de leur organisation.

Le webinaire "Cloud et Sécurité de l'information" du 19/01/2023 est disponible sur ce lien :👇👇👇
https://buff.ly/3wIWQ9I

💡 Si vous souhaitez avoir plus de précision, nous restons disponible 👉
https://buff.ly/3HIKwN8

La série OG-Webinars continue. L'équipe OG Security Business Consulting, a le plaisir d'accueillir l'Expert Ayoub FIGUIGUI dans un Webinaire sur le sujet de ...

30/01/2023

🚨 Critical RCE Lexmark Printer Bug Has Public Exploit.

⚠️ SA nasty SSRF bug in Web Services plagues a laundry list of enterprise printers.

ℹ️ A critical security vulnerability allowing remote code ex*****on (RCE) affects more than 120 different Lexmark printer models, the manufacturer warned this week.

🥶 The bug (CVE-2023-23560), which carries a score of 9 out of 10 on the CVSS vulnerability-severity scale, is a server-side request forgery (SSRF) vulnerability in the "Web Services feature of newer Lexmark devices," according to the print giant's advisory (PDF).

✅How to fix ?
Lexmark has issued a firmware patch and noted that disabling Web Services on TCP port 65002 altogether will also do the trick for protection.

More info 👉 : Critical RCE Lexmark Printer Bug Has Public Exploit (https://buff.ly/SiJtmt)

27/01/2023

🚨 Attackers exploiting critical flaw in many Zoho ManageEngine products.

🥶 AThe ManageEngine vulnerability is easy to exploit and enables remote code ex*****on. Patches are available.

⚠️ Users of on-premises deployments of Zoho ManageEngine products should make sure they have patches applied for a critical remote code ex*****on vulnerability that attackers have now started exploiting in the wild.

More info 👉

The ManageEngine vulnerability is easy to exploit and enables remote code ex*****on. Patches are available.

26/01/2023

🚨 U.S. Federal Agencies Fall Victim to Cyber Attack Utilizing Legitimate RMM Software.

🥶 At least two federal agencies in the U.S. fell victim to a "widespread cyber campaign" that involved the use of legitimate remote monitoring and management (RMM) software to perpetuate a phishing scam.

⚠️ "Specifically, cyber criminal actors sent phishing emails that led to the download of legitimate RMM software – ScreenConnect (now ConnectWise Control) and AnyDesk – which the actors used in a refund scam to steal money from victim bank accounts," U.S. cybersecurity authorities said.

More info 👉 https://buff.ly/3Y1h21Z and https://buff.ly/3WIhxgl

Two federal agencies in the U.S. have fallen victim to a widespread cyber campaign using RMM software for phishing scams.

25/01/2023

🤔 Apple iOS 16.3 arrives with support for hardware security keys.

ℹ️ Apple released iOS 16.3 today with long-awaited support for hardware security keys to provide extra protection against phishing attacks and unauthorized access to your devices.

🪧Hardware security keys are small physical devices that resemble thumb drives and support USB-C (using an adapter) or Near-field communication (NFC) to connect to a Mac or iPhone.

More info 👉 : Apple iOS 16.3 arrives with support for hardware security keys (https://buff.ly/2vimMsX)

24/01/2023

👏 Facebook Introduces New Features for End-to-End Encrypted Messenger App.

ℹ️ Meta Platforms on Monday announced that it has started to expand global testing of end-to-end encryption (E2EE) in Messenger chats by default.

🗓️ "Over the next few months, more people will continue to see some of their chats gradually being upgraded with an extra layer of protection provided by end-to-end encryption," Meta's Melissa Miranda said.

More info 👉 Facebook Introduces New Features for End-to-End Encrypted Messenger App (thehackernews.com)