FISA

 Veeam Software has patched CVE-2023-27532, a high-severity security hole in its widely-used Veeam Backup & Replication solution, and is urging customer to implement the fix as soon as possible.\ About CVE-2023-27532 The nature of CVE-2023-27532 has not been explained – Veeam only says that “the vulnerable process, Veeam.Backup.Service.exe (TCP 9401 by default), allows an unauthenticated user to request encrypted credentials.” Obtaining encrypted credentials might ultimately allow attackers to gain access to the backup infrastructure hosts, the company noted. The email sent by the company to users notifying them of the flaw and the need to patch also did not offer much insight, but noted that “if you use an all-in-one Veeam appliance with no remote backup infrastructure components, you can also block external connections to port TCP 9401 in the backup server firewall as a temporary remediation until the patch is installed.” The email created some confusion with customers, becau...

  What is SLP protocol? Service Location Protocol (SLP) is a network protocol designed to simplify the process of discovering and accessing network services. Developed by the Internet Engineering Task Force (IETF) and defined in RFC 2608, SLP eliminates the need for users or administrators to manually configure clients with the addresses of available network services. Instead, it allows devices and applications to automatically find and connect to services in their local area networks (LANs). Since the SLP protocol doesn’t require authentication, anyone can register new services, which is why it wasn’t intended to be publicly available over the Internet. How Does SLP Work? SLP operates based on a request-response model that involves three primary components: User Agents (UAs), Service Agents (SAs), and Directory Agents (DAs). User Agents (UAs): UAs are clients seeking network services. They send out service requests to discover the available services in the network. Service Agents ...

  The ALPHV ransomware group (aka BlackCat) was observed employing signed malicious Windows kernel drivers to evade detection by security software during attacks. The driver seen by Trend Micro is an improved version of the malware known as 'POORTRY' that Microsoft, Mandiant, Sophos, and SentinelOne spotted in ransomware attacks late last year.  The POORTRY malware is a Windows kernel driver signed using stolen keys belonging to legitimate accounts in Microsoft's Windows Hardware Developer Program. This malicious driver was used by the UNC3944 hacking group, also known as 0ktapus and Scattered Spider, to terminate security software running on a Windows device to evade detection. While security software is usually protected from being terminated or tampered with, as Windows kernel drivers run with the highest privileges in the operating system, they can be used to terminate almost any process. Trend Micro says the ransomware actors attempted to use the Microsoft-signed POO...

  Procurement teams must adapt to stay ahead of the curve in 2023. Five key trends will shape the future, from sustainability to diversity and inclusion. As the world becomes more interconnected and businesses expand globally, the role of procurement has become increasingly vital. As we look to the future, there are five key trends that procurement teams can expect in 2023. These trends are likely to shape the way procurement is carried out, and businesses will need to adapt to stay ahead of the curve. In this article, we will delve into each of these trends, and the impact they will have on procurement in the years to come. 1: Increased Emphasis on Sustainability The first trend that procurement teams can expect in 2023 is an increased emphasis on sustainability. Sustainability has been a growing concern for businesses in recent years, and it is only going to become more critical as we move forward. In 2023, procurement teams will need to consider the environmental impact of the p...

  The computing giant said it terminated 428,000 developer accounts for potential fraudulent activity, blocked 105,000 fake developer account creations, and deactivated 282 million bogus customer accounts. It further noted that it thwarted 198 million attempted fraudulent new accounts prior to their creation. In contrast, Apple is estimated to have booted out 802,000 developer accounts in 2021. The company attributed the decline to new App Store "methods and protocols" that prevent the creation of such accounts in the first place. "In 2022, Apple protected users from nearly 57,000 untrustworthy apps from illegitimate storefronts," the company  emphasized . "These unauthorized marketplaces distribute harmful software that can imitate popular apps or alter them without the consent of their developers." It also touted its App Review process as having been able to flag apps using malicious code designed to steal users' credentials from third-party services...

  Remote and hybrid work models, increased adoption of cloud services and heavy investments in DevOps allow for cost savings and improves an organization’s operational efficiencies but creates significant cybersecurity debt. The proliferation of identities can become an attack vector, especially if a compromised identity enables attackers to move laterally and steal critical assets. Privileged access management (PAM) presents a barrier for cyberattacks. Prioritize PAM in your organization. Here’s why. 1.       Reduce Credential Theft Reduce the risk of credential theft by automatically discovering and onboarding privileged accounts and credentials with central management in the vault. Rotating credentials are key to PAM and make it extremely challenging to steal passwords through brute-force or social engineering attacks. Reduce the risk of credential theft by automatically discovering and onboarding privileged accounts and credentials with central ...

 One of the most challenging aspects of cloud-hosted applications and data is achieving your desired outcome without being shocked by your bill  at the end of the month. Balancing the needs of your business and your proverbial checkbook is not an easy thing. In fact, an entire practice called FinOps – a portmanteau of finance and DevOps – was born just to address this, bringing together business and technical teams to collaborate on efficient and optimized spending, particularly in the cloud. One area where this is of particular importance is cloud backup. We’re dealing with copies of large data sets that are often stored for lengthy periods of time, and all of these consume pay-for-what-you-use compute, storage and networking resources. So, what are some best practices when it comes to cloud backup to meet required service level agreements (SLAs) like RTOs, RPOs and retention without breaking the bank? Right-Sizing All cloud providers offer a wide selection of instance/virtua...

  Splunk Enterprise 8.2, has focused their development offers across a number of themes: insights, admin productivity, data infrastructure, and performance. Be sure to check out Splunk Docs for a complete and definitive guide on how and where you can access and use these new features. Insights Dashboard Studio is now generally available (GA) and is now integrated directly into Search & Reporting, alongside the Classic Dashboard experience. Dashboard Studio is the new and intuitive dashboard-builder for creating visually-compelling dashboards with advanced visualization tools and fully customizable formats. Also, Splunk Secure Gateway (SSG) App is now delivered as part of Splunk Enterprise. SSG lets you configure your Connected Experiences mobile deployment and register devices to a Splunk instance. Dashboard Studio in action Admin Productivity Spunk has done a lot in this release to help admins do more with less. The Splunk Health Report also now displays in...

  A new ransomware-as-service (RaaS) operation called MichaelKors has become the latest file-encrypting malware to target Linux and  VMware ESXi systems  as of April 2023.                            The development points to cybercriminal actors increasingly setting their eyes on the ESXi, cybersecurity firm CrowdStrike said in a  report  shared with The Hacker News.                          "This trend is especially noteworthy given the fact that ESXi, by design, does not support third-party agents or AV software," the company said.                                                                     "In fact, VMware goes as far as to claim it's not req...

  A Golang implementation of Cobalt Strike called Geacon is likely to garner the attention of threat actors looking to target Apple macOS systems. That's according to findings from SentinelOne, which observed an increase in the number of Geacon payloads appearing on VirusTotal in recent months. "While some of these are likely red-team operations, others bear the characteristics of genuine malicious attacks," security researchers Phil Stokes and Dinesh Devadoss said in a report. Cobalt Strike is a well-known red teaming and adversary simulation tool developed by Fortra. Owing to its myriad capabilities, illegally cracked versions of the software have been abused by threat actors over the years. While post-exploitation activity associated with Cobalt Strike has primarily singled out Windows, such attacks against macOS are something of a rarity. In May 2022, software supply chain firm Sonatype disclosed details of a rogue Python package called "pymafka" that was de...