WyzGuys Tech Talk

A quick Saturday digest of cybersecurity news articles from other sources.

WordPress Vulnerability Report

Last week, there were 117 vulnerabilities disclosed in WordPress based software that have been added to the Wordfence Intelligence Vulnerability Database, and there were 30 Vulnerability Researchers that contributed to WordPress Security. The most common vulnerability disclosed was Cross-Site Request Forgery.  You can find all the vulnerabilities that have been added, along with statistics on the vulnerabilities that were disclosed, published on our blog here.

CISA Announces Ransomware Vulnerability Warning Pilot

03/13/2023 08:00 AM EDT

Today, CISA is announcing the creation of the Ransomware Vulnerability Warning Pilot (RVWP). Through the RVWP, CISA:

1. Proactively identifies information systems—belonging to critical infrastructure entities—that contain vulnerabilities commonly associated with ransomware intrusions.
2. Notifies the owners of the affected information systems, which enables the owners to mitigate the vulnerabilities before damaging intrusions occur.

Review the RVWP webpage for details, including information on the authorities and services CISA leverages to enable RVWP notifications.

Linux gets double-quick double-update to fix kernel Oops!

Linux doesn’t BSoD. It has oopses and panics instead. (We show you how to make a kernel module to explore further.)

Update Android now! Two critical vulnerabilities patched

The March security updates for Android include fixes for two critical remote code execution (RCE) vulnerabilities. Update as soon as you can!

SYS01 stealer targets Facebook business accounts and browser credentials

Morphisec has reported that an advanced information stealer malware dubbed SYS01 is aimed at stealing access to Facebook business accounts and Chromium-based browsers’ credentials.

New Hiatus malware campaign targets routers

A new malware dubbed HiatusRAT infects routers to spy on its targets, mostly in Europe and in the U.S. Learn which router models are primarily targeted and how to protect from this security threat.

You can now run a GPT-3-level AI model on your laptop, phone, and Raspberry Pi

Thanks to Meta LLaMA, AI text models may have their “Stable Diffusion moment.”

FBI, CISA, and MS-ISAC Release #StopRansomware: LockBit 3.0

03/16/2023 08:00 AM EDT

The Federal Bureau of Investigation (FBI), CISA, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) has released a joint cybersecurity advisory (CSA), #StopRansomware: LockBit 3.0. This joint advisory details known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) that FBI investigations correlated with LockBit 3.0 ransomware as recently as March 2023. LockBit 3.0 functions as an affiliate-based ransomware variant and is a continuation of LockBit 2.0 and LockBit.

CISA encourages network defenders to review and apply the recommendations in the Mitigations section of this CSA. See StopRansomware.gov for additional guidance on ransomware protection, detection, and response.

Microsoft adds Copilot AI productivity bot to 365 suite

Copilot, a natural language bot that can pull from data across the Microsoft 365 suite, is now in testing with select commercial customers.

WaterISAC Releases Advisory for Microsoft DCOM Patch

03/15/2023 08:00 AM ED

The Water Information Sharing and Analysis Center (WaterISAC) has released an advisory, Potential for Mandatory Microsoft DCOM Patch to Disrupt SCADA. ICS/OT/SCADA engineers and operators should assess the use of the Distributed Component Object Model (DCOM) protocol in their industrial environments. According to WaterISAC, “failure to address could result in loss of critical communications between impacted ICS/OT/SCADA devices.”

CISA urges operators to review the WaterISAC advisory and apply recommended compensating controls. See Microsoft KB5004442—Manage changes for Windows DCOM Server Security Feature Bypass (CVE-2021-26414) for more information.