Westan Cyber Risk Solutions

06/03/2024

https://www.techrepublic.com/article/5-reasons-why-you-should-use-a-password-manager/

Here are 5 reasons why you should consider using a password manager to protect your data and improve password management.

06/02/2022

"- Similar to what we observed with Log4j, the methods of ex*****on and outcomes of this vulnerability continue to expand as it gains more researcher and attacker attention.

- Specific attackers have been observed exploiting the vulnerability. Chinese APTs have potentially made use of it around May 20th, 2022, but first samples identified as easily as mid-April 2022.

- Defenders should consider it a critical vulnerability and seek mitigation steps immediately. Additional effort should then be made to hunt for ex*****on prior to public knowledge as attackers could have already abused it."

Microsoft Windows Support Diagnostic Tool is confirmed to be vulnerable to a zero-click, zero day vulnerability. Read how to prepare your cyber response.

05/20/2022

Weak Security Controls and Practices Routinely Exploited for Initial Access

SUMMARY
Cyber actors routinely exploit poor security configurations (either
misconfigured or left unsecured), weak controls, and other poor
cyber hygiene practices to gain initial access or as part of other
tactics to compromise a victims’ system.

05/12/2022

"Over US $43 billion has been lost through Business Email Compromise attacks since 2016, according to data released this week by the FBI."

Over US $43 billion has been lost through Business Email Compromise attacks since 2016, according to data released this week by the FBI.

03/16/2022

- Enforce MFA for all users, without exception. Before implementing, organizations should review configuration policies to protect against “fail open” and re-enrollment scenarios.
- Implement time-out and lock-out features in response to repeated failed login attempts.
- Ensure inactive accounts are disabled uniformly across the Active Directory, MFA systems etc.
- Update software, including operating systems, applications, and firmware on IT network assets in a timely manner. Prioritize patching known exploited vulnerabilities, especially critical and high vulnerabilities that allow for remote code ex*****on or denial-of-service on internet-facing equipment.
- Require all accounts with password logins (e.g., service account, admin accounts, and domain admin accounts) to have strong, unique passwords. Passwords should not be reused across multiple accounts or stored on the system where an adversary may have access.
- Continuously monitor network logs for suspicious activity and unauthorized or unusual login attempts.
- Implement security alerting policies for all changes to security-enabled accounts/groups, and alert on suspicious process creation events (ntdsutil, rar, regedit, etc.).

Multifactor Authentication (MFA): A Cybersecurity Essential • MFA is one of the most important cybersecurity practices to reduce the risk of intrusions—according to industry research, users who enable MFA are up to 99 percent less likely to have an account compromised. • Every organization sho...

03/01/2022

"CISA recommends all organizations—regardless of size—adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets."

Every organization in the United States is at risk from cyber threats that can disrupt essential services and potentially result in impacts to public safety. Over the past year, cyber incidents have impacted many companies, non-profits, and other organizations, large and small, across multiple secto...

09/17/2021

"Bitdefender announced the availability of a universal decryptor for REvil/Sodinokibi. Created in collaboration with a trusted law enforcement partner, this tool helps victims encrypted by REvil ransomware to restore their files and recover from attacks made before July 13, 2021."

Bitdefender announced the availability of a universal decryptor for REvil/Sodinokibi.

09/14/2021

Have an iPhone, iPad, Mac computer, or Apple Watch? Do this update ASAP.

Researchers at Citizen Lab found that NSO Group, an Israeli spyware company, had infected Apple products without so much as a click.

07/01/2021

"A proof-of-concept for a critical Windows security vulnerability that allows remote code ex*****on (RCE) was dropped on GitHub on Tuesday – and while it was taken back down within a few hours, the code was copied and is still out there circulating on the platform."

The "PrintNightmare" bug may not be fully patched, some experts are warning, leaving the door open for widespread remote code ex*****on attacks.

03/25/2021

Mamba Ransomware Weaponizing DiskCryptor
https://www.ic3.gov/Media/News/2021/210323.pdf

Indicators in advisory include:
C:\Users\Public\dcapi.dll - DiskCryptor software executable
C:\Users\Public\dcinst.exe - DiskCryptor software executable
C:\Users\Public\dccon.exe - DiskCryptor software executable
C:\Users\Public\dcrypt.sys - DiskCryptor software executable

03/11/2021

"FINRA warns member firms of an ongoing phishing campaign that involves fraudulent emails (see sample in Appendix) purporting to be from “FINRA Membership” and using the email address “[email protected]”. The email asks the recipient to respond to an issue of “regulatory non-compliance for which your immediate response is required” and then asks the recipient to click on a link or document."

Summary FINRA warns member firms of an ongoing phishing campaign that involves fraudulent emails (see sample in Appendix) purporting to be from “FINRA Membership” and using the email address “[email protected]”. The email asks the recipient to respond to an issue of “regulatory non...

10/29/2020

JOINT CYBERSECURITY ADVISORY Ransomware Activity Targeting the Healthcare and Public Health Sector