Critical RCE Flaws Affect VMware ESXi and vSphere Client — Patch Now
VMware has addressed multiple critical remote code execution (RCE) vulnerabilities in VMware ESXi and vSphere Client virtual infrastructure management platform that may allow attackers to execute arbitrary commands and take control of affected systems.
Masslogger Trojan Upgraded to Steal All Your Outlook, Chrome Credentials
A credential stealer infamous for targeting Windows systems has resurfaced in a new phishing campaign that aims to steal credentials from Microsoft Outlook, Google Chrome, and instant messenger apps.
Privacy Bug in Brave Browser Exposes Dark-Web Browsing History of Its Users
Brave has fixed a privacy issue in its browser that sent queries for .onion domains to public internet DNS resolvers rather than routing them through Tor nodes, thus exposing users' visits to dark web websites. The bug was addressed in a hotfix release (V1.20.108).
New Chrome Browser 0-day Under Active Attack—Update Immediately!
Google has patched a zero-day vulnerability in Chrome web browser for desktop that it says is being actively exploited in the wild.
Emotet—a sophisticated Trojan commonly functioning as a downloader or dropper of other malware—resurged in July 2020, after a dormant period that began in February. Since August, emotet increase in malicious cyber actors targeting state and local governments with it's phishing emails. This increase has rendered Emotet one of the most prevalent ongoing threats.
New Cryptojacking Malware Targeting Apache, Oracle, Redis Servers
A financially-motivated threat actor notorious for its cryptojacking attacks has leveraged a revised version of their malware to target cloud infrastructures using vulnerabilities in web server technologies.
Italy CERT Warns of a New Credential Stealing Android Malware
Researchers have disclosed a new family of Android malware that abuses accessibility services in the device to hijack user credentials and record audio and video.
New Attack Could Let Remote Hackers Target Devices On Internal Networks
A newly devised variant of the NAT Slipstreaming attack can be leveraged to compromise and expose any device in an internal network.
Microsoft Issues Patches for Defender Zero-Day and 82 Other Windows Flaws
For the first patch Tuesday of 2021, Microsoft released security updates addressing a total of 83 flaws spanning as many as 11 products and services, including an actively exploited zero-day vulnerability.
Ransomware Attackers Using SystemBC Malware With RAT and Tor Proxy
Cybercriminals are increasingly outsourcing the task of deploying ransomware to affiliates using commodity malware and attack tools.
Responsible Computer Usage
Responsible Computer Usage
Computers and networks may never be completely safe from security risks but we can follow some simple rules and procedures to try and prevent attacks on our computer systems. Remember that the way you operate your computer has a definite impact on everyone else on the network. A compromised organization's computer can be used to sniff passwords from its neighbors' network traffic or cause poor network performance for other users so it is important to consider the following tips for responsible computer usage to help you mitigate the risks.
Always run up-to-date virus protection
You should make sure that your computer has an anti-virus program and that it is always updated. If it is not evidently running on your PC, you should contact your IT officer. Also, make sure that all the files you send to other people are virus free. Viruses are frequently spread through infected email attachments. So before forwarding an attachment to your colleagues or friends, scan it for viruses.
Check before you install software
While browsing the internet, users may encounter websites that tempt them to install something on their computers. Some software may also be installed without the user's knowledge. These programs may contain spyware or adware. Do not install software that you were not specifically looking for. Some websites trick people into installing programs that claim to improve the performance of their computers. More often than not, the opposite is true. It is also a good practice to research on any software before installing. If you are using a computer at work, do not install unauthorized or personal software. If you need a program installed, ask permission to your IT officer to do so.
Stop sending spam
Are you the type who forwards every joke or cute picture that gets emailed to you? If you are, then you may be considered a spammer. Professional spammers send out millions of email, flooding the network with junk email. This slows down the performance of the entire network. If everyone stops forwarding jokes and chain email, the speed and performance of our networks would greatly improve.
Avoid the use of non-business resource intensive software
Peer to peer programs like Napster, Morpheus and Kazaa are just a few examples of software that slow down computer resources. These programs are non-business tools that are usually a heavy load on the network. They run constantly, and allow people to download files from your computer so you should avoid installing these programs on your computer.
Passwords should be routinely change
The confidentiality of passwords is critical to the protection of any sensitive information and systems. In many cases, passwords offer the first line of defense in stopping unauthorized and malicious users from accessing a user's personal account, or from accessing an organization's systems. It is paramount that the passwords used are adequately protected and remain secret.
It is recommended to change your password routinely as a good practice and it is recommended to use a password that has a minimum of 8 characters. Where possible, passwords should not be identifiable with the user (such as first name, last name, spouse name, friends, relations, colleagues, or other easily guessed names, although you can use names or phrases that you can easily remember that contain a combination of numbers, upper and lower case letters, and non-alphanumeric characters (such as: !@#$%^&*()_~"?><,./\) so the password can be strong. E.g.: theMoon!3*
Never write down your password on a sheet of paper that can be found near your computer. Memorize the password instead. Non-disclosure of passwords: Do not share your password with co-workers since you may be held liable for any misuse or unauthorized activity using your password.
Avoid personal and unauthorized websites
There are some websites that install spyware and adware on your computer without your knowledge. Websites that are known to do this are adult/ sexually explicit sites, hacking sites and sites that distribute pirated software.
Pay attention to the usage and copyright of downloaded files
Check the legality of downloading the information, particularly with respect to copyright permission. If in doubt of the legality, staff members should contact the Center focal point on IP matters for advice.
Do not redistribute downloaded material unless the owner has given permission for them to do so either directly or in the copyright/license terms.
Do not download unlicensed software or violate limitations on the use of particular software as imposed by any license agreements.
Most downloaded software, including shareware and freeware, is copyrighted and subject to license, which sets limitations on its use. Downloading MP3, movie files and games slows down the network. You may also be violating company policy by downloading these files.
Avoid viewing of non-business related streaming media
Streaming media like internet radio or music videos eat up a lot of bandwidth. They run continuously and slow down the network. Avoid using these services if they are non-business related.
Make sure your operating system is patched
The IT departments in the organization are in charge of maintaining your operating system patched, but it is important that you verify that these updates are being implemented successfully because if not updated, your computer may be vulnerable to worms and viruses.
Backup your files
Make sure to regularly backup your most important data and files. Computers are never 100% safe. Even if you get attacked by a hacker or even hardware failure, backing up your data makes recovery much easier. The IT departments usually have some backup procedures in place, so please contact your IT officer for more information about the options in your center.
Be sure to use high-quality media to store your backups. CD-RWs, DVD+RWs, external hard drives are good storage devices you can use.
Keep backup copies in a fireproof and heatproof safe or vault, or offsite (a location separate from the computer site).
Check USB (universal serial bus) memories from virus
USB memories are portable devices that are convenient to transfer files from one place to another. However, it is very easy to get virus transmissions, corruption or loss of data with these devices, so it is recommended to check them before connecting them to your computer in office.
Be careful when transmitting Sensitive or Personal Information
You should not use the Internet to send sensitive information belonging to the center (such as non-public research data or passwords used to gain access to systems and devices within a center) in unencrypted form. This includes the sending of sensitive information using any of the following means: E- mail, Posting to newsgroups or Posting to forums, blogs or websites.
Lock your computer with password when away from your desk
When you leave your workstation unlocked, anyone can assume your identity and gain access to any applications or files that you may have access to. To prevent this, automatic password protection should be invoked after a minimum time period of inactivity (15 minutes recommended) and you should lock your workstation whenever you leave it.