Security firm Claroty Uri Katz has published details of a now patched vulnerability in Snort’s intrusion detection and prevention system that could cause a denial of service (DoS) and render the system useless to reflect malicious traffic.

Vulnerability CVE-2022-20685 was rated 7.5 out of 10 on the threat rating scale. The problem is present in the Modbus preprocessor of the Snort discovery engine and affects all releases of the system up to version 2.9.19, as well as version 3.1.11.0.

Successful exploitation of vulnerabilities in network analysis tools like Snort can have a devastating impact on corporate and OT networks. Network analysis tools are an under-researched area [...]

The time that attackers go undetected on a victim’s network was declining for the fourth year in a row, according to the Mandiant M-Trends 2022 report.

Cyberthreat detection time has been reduced to 21 days in 2021 compared to 24 days in 2020. Ransomware was detected on average within five days, while other attacks went undetected for 36 days in 2021, compared to 45 days in 2020.

However, the overall situation is getting better as more companies partner with third-party cybersecurity firms, and government agencies and cybersecurity companies often notify victims of attacks, resulting in faster detection.

One more positive trend: let me remind you that we wrote [...]

Sophos developers have warned that the RCE vulnerability associated with Sophos Firewall is already being actively used in attacks.

The latest vulnerability has the identifier CVE-2022-1040 and is rated as critical on the CVSS scale (9.8 points out of 10 possible).

The bug reportedly allows remote attackers to bypass authentication through the firewall’s user portal or web admin and then execute arbitrary code. The vulnerability was discovered by an anonymous researcher who reported it through the official bug bounty program and stated that the issue affects Sophos Firewall 18.5 MR3 (18.5.3) and earlier.

So far, little is known about attacks that exploit this [...]

The US Federal Communications Commission (FCC) has listed the products of Kaspersky Lab, as well as the Chinese China Telecom (Americas) Corp and China Mobile International USA as those that can endanger the US national security.

Companies on this list are prohibited from purchasing telecommunications equipment and services, parts and components from US companies without specific government approval, and are not eligible for FCC funding. Let me remind you that such giants as Huawei and ZTE have already been included in this list.

According to the US authorities, the products of the banned companies pose a threat to US national security. The ban was imposed under a law that [...]

The German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, BSI) warned companies against using Kaspersky Lab antivirus products because of the potential threats they could pose to the EU, NATO and Germany.

The BSI statement says that companies are better off replacing Kaspersky products with any other security solutions from non-Russian manufacturers. The department motivates this by the fact that antivirus software usually has high privileges on Windows systems, and also maintains a permanent, encrypted connection with its servers. In addition, antiviruses can upload suspicious files to remote servers for further analysis, which means [...]

NCC Group experts reported on the SharkBot malware, which was found in the Google Play Store and which disguises itself as an antivirus, actually stealing money from users who installed the application.

SharkBot, like its counterparts TeaBot, FluBot, and Oscorp (UBEL), belongs to the category of banking Trojans capable of stealing credentials from hacked devices and bypassing multi-factor authentication mechanisms. Malware first appeared on the scene in November 2021.

A distinctive feature of SharkBot is its ability to perform unauthorized transactions through automatic transfer systems (ATS), that distinguishes it from, for example, TeaBot, which requires a live operator to [...]

Google has launched a new security feature, Virtual Machine Threat Detection (VMTD), designed for Google Cloud customers. This feature is used to detect and block cryptocurrency miners that can mine virtual money without users knowing.

According to last year’s statistics, miners account for more than 86% of all cloud node compromises.

VMTD works without the use of software agents and constantly scans the memory of virtual machines deployed in Google Cloud for signs of increased CPU or GPU load, that is, the characteristic signs of miners.

As part of the product roadmap, the Security Command Center Team sought to build better protection for its Virtual Machine users. [...]

Target (one of the largest e-commerce retailers in the US, which also owns a supermarket chain) has open-sourced an internal Merry Maker tool that the company has been using since 2018. The scanner allows determining whether the site has been compromised and whether it contains malicious code that steals customer payment card data.

Let me remind you that web skimmers are also called MageCart attacks. Initially, the name MageCart was given to one hack group, which was the first to inject malicious code into websites in order to steal bank card data. As part of such attacks, hackers break into websites and then inject malicious code on their pages that records and steals payment card [...]

Antivirus company ESET has released patches and fixed a serious local privilege escalation vulnerability that affected all clients of its Windows products.

The vulnerability, identified as CVE-2021-37852 and discovered by experts from the Zero Day Initiative (ZDI), is rated as high-risk because it allows an attacker to abuse the AMSI scanning function.

This vulnerability allows local attackers to escalate privileges on affected installations of ESET Endpoint Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the use of named pipes. The issue results from [...]

The Trellix brand, born from the merger of McAfee Enterprise and FireEye, will provide advanced threat detection and response, with a focus on accelerating technology innovation through machine learning and automation.

William Chisholm

The company emerged from the previously announced merger between McAfee Enterprise and FireEye in October 2021.

We are very pleased that Trellix is now part of the STG portfolio. Customers can expect the Trellix security platform to deliver the boldest innovations on the market.said William Chisholm, managing partner of STG. Modern organizations are striving for digital transformation. A strong security foundation is [...]