A quick Saturday digest of cybersecurity news articles from other sources.
WordPress Vulnerability Report
Last week, there were 117 vulnerabilities disclosed in WordPress based software that have been added to the Wordfence Intelligence Vulnerability Database, and there were 30 Vulnerability Researchers that contributed to WordPress Security. The most common vulnerability disclosed was Cross-Site Request Forgery. You can find all the vulnerabilities that have been added, along with statistics on the vulnerabilities that were disclosed, published on our blog here.
CISA Announces Ransomware Vulnerability Warning Pilot
03/13/2023 08:00 AM EDT
Today, CISA is announcing the creation of the Ransomware Vulnerability Warning Pilot (RVWP). Through the RVWP, CISA:
- Proactively identifies information systems—belonging to critical infrastructure entities—that contain vulnerabilities commonly associated with ransomware intrusions.
- Notifies the owners of the affected information systems, which enables the owners to mitigate the vulnerabilities before damaging intrusions occur.
Review the RVWP webpage for details, including information on the authorities and services CISA leverages to enable RVWP notifications.
Linux gets double-quick double-update to fix kernel Oops!
Linux doesn’t BSoD. It has oopses and panics instead. (We show you how to make a kernel module to explore further.)
Update Android now! Two critical vulnerabilities patched
The March security updates for Android include fixes for two critical remote code execution (RCE) vulnerabilities. Update as soon as you can!
SYS01 stealer targets Facebook business accounts and browser credentials
Morphisec has reported that an advanced information stealer malware dubbed SYS01 is aimed at stealing access to Facebook business accounts and Chromium-based browsers’ credentials.
New Hiatus malware campaign targets routers
A new malware dubbed HiatusRAT infects routers to spy on its targets, mostly in Europe and in the U.S. Learn which router models are primarily targeted and how to protect from this security threat.
You can now run a GPT-3-level AI model on your laptop, phone, and Raspberry Pi
Thanks to Meta LLaMA, AI text models may have their “Stable Diffusion moment.”
FBI, CISA, and MS-ISAC Release #StopRansomware: LockBit 3.0
03/16/2023 08:00 AM EDT
The Federal Bureau of Investigation (FBI), CISA, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) has released a joint cybersecurity advisory (CSA), #StopRansomware: LockBit 3.0. This joint advisory details known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) that FBI investigations correlated with LockBit 3.0 ransomware as recently as March 2023. LockBit 3.0 functions as an affiliate-based ransomware variant and is a continuation of LockBit 2.0 and LockBit.
CISA encourages network defenders to review and apply the recommendations in the Mitigations section of this CSA. See StopRansomware.gov for additional guidance on ransomware protection, detection, and response.
Microsoft adds Copilot AI productivity bot to 365 suite
Copilot, a natural language bot that can pull from data across the Microsoft 365 suite, is now in testing with select commercial customers.
WaterISAC Releases Advisory for Microsoft DCOM Patch
03/15/2023 08:00 AM ED
The Water Information Sharing and Analysis Center (WaterISAC) has released an advisory, Potential for Mandatory Microsoft DCOM Patch to Disrupt SCADA. ICS/OT/SCADA engineers and operators should assess the use of the Distributed Component Object Model (DCOM) protocol in their industrial environments. According to WaterISAC, “failure to address could result in loss of critical communications between impacted ICS/OT/SCADA devices.”
CISA urges operators to review the WaterISAC advisory and apply recommended compensating controls. See Microsoft KB5004442—Manage changes for Windows DCOM Server Security Feature Bypass (CVE-2021-26414) for more information.
About the Author:I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com