A quick Saturday digest of cybersecurity news articles from other sources.
Infoblox discovers rare Decoy Dog C2 exploit
Domain security firm Infoblox discovered a command-and-control exploit that, while extremely rare and complex, could be a warning growl from a new, as-yet anonymous state actor.
Parental Controls – Safe Media Streaming for Kids
Here is an educational guide for parents on safe media streaming for kids from Octane Seating. This guide contains valuable information on:
- *Safe Cyber Safety Habits
- *Ways to monitor a child’s internet use
- *A film rating system
- *Tips on device security and parental control options
- *Pricing, content ratings, and more
Bootkit zero-day fix – is this Microsoft’s most cautious patch ever?
When blocking buggy bootup modules, you have to be really careful not to lock your keys inside the car…
White House addresses AI’s risks and rewards as security experts voice concerns about malicious use
Some security experts see adversaries who operate under no ethical proscriptions using AI tools on numerous fronts, including generating deep fakes in the service of phishing. They worry that defenders will fall behind.
CISA and FBI Release Joint Advisory in Response to Active Exploitation of PaperCut Vulnerability
05/11/2023 08:00 AM EDT
CISA and FBI have released a joint Cybersecurity Advisory (CSA), Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG. This joint advisory provides details related to an exploitation of PaperCut MF/NG vulnerability (CVE-2023-27350). FBI observed malicious actors exploit CVE-2023-27350 beginning in mid-April 2023 and continuing through the present. In early May 2023, FBI observed a group self-identifying as the Bl00dy Ransomware Gang attempting to exploit vulnerable PaperCut servers against the Education Facilities Subsector. The advisory further provides detection methods for exploitation and details known indicators of compromise (IOCs) related to the group’s activity.
CISA encourages network defenders to review and apply the recommendations in the Detection Methods and Mitigations sections of this CSA. See StopRansomware.gov for additional guidance on ransomware protection, detection, and response.
About the Author:I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com