Cyber Weekly Newsletter

The?weekly?Security, Tech and Cybercrime newsletter from Riskigy's vCISO Cybersecurity team

Cybersecurity awareness tips and alerts from Riskigy Cybersecurity & Tech Advisors to empower your team to #BeCyberSmart #CyberAware

This Weeks Need-to-Know News and Alerts

???Apple emergency updates fix 3 new zero-days exploited in attacks targeting iPhone and Mac users, for a total of 16 zero-days fixed this year. https://www.bleepingcomputer.com/news/apple/apple-emergency-updates-fix-3-new-zero-days-exploited-in...

?? Security software firm Trend Micro has released patches and hotfixes to address a critical security flaw in Apex One and Worry-Free Business Security solutions for Windows that has been actively exploited in real-world attacks. https://thehackernews.com/2023/09/trend-micro-releases-urgent-fix-for.html

?? An estimated 12,000 Juniper SRX firewalls and EX switches are vulnerable to a fileless remote code execution flaw that attackers can exploit without authentication. https://www.bleepingcomputer.com/news/security/thousands-of-juniper-devices-vulnerable-to-unauthenti...

?? GitLab has released security updates to address a critical severity vulnerability that allows attackers to run pipelines as other users via scheduled security scan policies. https://www.bleepingcomputer.com/news/security/gitlab-urges-users-to-install-security-updates-for-cr...

?? Critical Security Flaws Exposed in Nagios XI Network Monitoring Software that could result in privilege escalation and information disclosure. https://thehackernews.com/2023/09/critical-security-flaws-exposed-in.html

?? Security researchers targeted by Fake WinRAR exploit PoC that drops VenomRAT malware. WinRAR is said to have over 500 million users. https://www.scmagazine.com/news/fake-winrar-exploit-poc-drops-venomrat-malware

?? Malicious AI tools flourish, put pressure on lawmakers to pursue plans to keep artificial intelligence in check, hackers are busy breaking generative AI ethical guardrails and bending the technology for their cybercriminal purposes. https://www.scmagazine.com/news/malicious-ai-tools-flourish-put-pressure-on-lawmakers

?? Feds hit legal action against Penn State University under the False Claims Act, saying the university lied or misled about its adherence to government cybersecurity protocols when contracting with the federal government. https://www.scmagazine.com/news/feds-hit-penn-state-university-with-false-claims-lawsuit-over-cyber-...

?? Global password spray attacks target thousands of organizations. Password spraying involves attempting to log into multiple accounts from one organization by trying a limited number of commonly used passwords. https://www.scmagazine.com/news/global-password-spray-attacks-target-thousands-of-organizations

?? A high-severity security flaw has been disclosed in N-Able's Take Control Agent that could be exploited by a local unprivileged attacker to gain SYSTEM privileges. https://thehackernews.com/2023/09/n-ables-take-control-agent.html

From Our Blog

Tips to Secure Microsoft Teams from Phishing Attacks

Microsoft Teams is one of the most popular tools for organizations of all sizes for communication, collaboration, and file sharing, and consequently became familiar with persistent cyber-attacks, ranging from distributed denial of service (DDoS) attacks on their services to exploiting security vulnerabilities to target their users. As organizations continue to heavily rely on collaboration platforms like Microsoft Teams, attackers will continue to take advantage of any...read more now!

The Human Factor Remains a Critical Aspect of Cybersecurity

As Cybersecurity Awareness month October 2023 approaches, we are reminded the human factor is more important than ever.?People can be both the weakest link and a potential solution in creating safe and secure culture.?It is important for organizations to recognize the human factor as a critical component of cybersecurity and develop strategies that address human vulnerabilities and promote a security-aware culture...read more now!

Data Breach Newsnbsp;

???Caesars Entertainment, self-described as the largest U.S. casino chain with the most extensive loyalty program in the industry, says it paid a ransom to avoid the online leak of customer data stolen in a recent cyberattack. https://www.bleepingcomputer.com/news/security/caesars-entertainment-confirms-ransom-payment-custome...

?? Software company Retool says the accounts of 27 cloud customers were compromised following a targeted and multi-stage social engineering attack. https://www.bleepingcomputer.com/news/security/retool-blames-breach-on-google-authenticator-mfa-clou...

?? Threat actors claim to have compromised MGM Resorts’ Okta environment. AlphV may have used tactics similar to social engineering attacks disclosed by Okta in regulatory filing. https://www.cybersecuritydive.com/news/threat-actors-claim--compromised-mgm-okta/693829/

?? Credit reporting firm TransUnion has denied claims of a security breach after a threat actor known as USDoD leaked data allegedly stolen from the company's network. https://www.bleepingcomputer.com/news/security/transunion-denies-it-was-hacked-links-leaked-data-to-...

?? T-Mobile "app glitch" data breach, customers said they could see other peoples' account and billing information after logging into the company's official mobile application. https://www.bleepingcomputer.com/news/security/t-mobile-app-glitch-let-users-see-other-peoples-accou...

?? A cyberattack against Clorox last month shut down factories, automated orders are expected to restart next week at Clorox’s US plants. Product shortages may last months. https://fortune.com/2023/09/18/clorox-cyberattack-shortage-bleach-litter/

Cybersecurity Resources

According to Verizon's latest annual Data Breach report, 75% of Data Breaches Involve: Human Error, Social Engineering, and Use of Stolen Credentials. Leverage our free Cyber Awareness training videos to improve exposure to cybersecurity concepts, terminology, and activities associated with implementing cybersecurity best practices.

??Looking for Cybersecurity Policy templates? Tabletop Exercise (TTE) scenarios??Click here to see the full library?

Cybersecurity Is Complex! We Are Here To Help!

e: [email protected] | p: 888.333.6553

? Follow us on Twitter for more news and alerts!