Overview

Australia and New Zealand’s cyber threat landscape has become increasingly complex, with challenges affecting critical infrastructure, healthcare, finance, and more. The Threat Landscape Report 2024 by Cyble stresses the growing dangers posed by cybercriminals and state-sponsored threat actors alike while highlighting the proactive measures that businesses, especially CISOs (Chief Information Security Officers), can take to strengthen their defenses.

Cyble has found a notable soar in cyberattacks targeting Australia and New Zealand (ANZ). The Threat Landscape Report 2024 has identified these trends as a high priority. Among these, the rise in Ransomware-as-a-Service (RaaS) models and increasing cyberattacks targeting critical sectors such as healthcare, government, and finance stand out. Geopolitical tensions have also intensified the threat, with state-sponsored cyber actors from countries like China and Russia targeting Australian networks for espionage, financial gain, and geopolitical influence.

In FY2023-24, the Australian Signals Directorate (ASD) responded to over 1,100 cyber incidents, with 11% of these attacks focused on critical infrastructure. Furthermore, there was a 12% increase in calls to the Australian Cyber Security Hotline, with more than 36,700 inquiries related to cyber threats.

This surge reflects the growing concern about cybersecurity vulnerabilities across sectors. Data breaches, ransomware attacks, and politically motivated Distributed Denial of Service (DDoS) attacks have been prevalent, underlining the urgent need for more robust security measures across organizations in Australia and New Zealand.

For CISOs, these developments are not just concerning; they accentuate the importance of proactively identifying threats, implementing security protocols in place, and continuously updating cybersecurity strategies to protect against cyber threats.

Key Findings and Threats Identified in the ANZ Threat Landscape Report 2024

Several key findings stand out in the ANZ Threat Landscape Report 2024, providing critical insights into the nature of cybersecurity threats facing organizations in the region:

• Ransomware and RaaS: The rise of RaaS models, particularly with groups like SpiderX, has made it easier for even less experienced cybercriminals to launch ransomware attacks. These services offer low-cost, turnkey solutions that lower the barriers to entry for launching ransomware campaigns. As a result, CISOs must be especially vigilant in defending against these attacks, which often involve data exfiltration and encryption for financial gain.
• Exploitation of Software Vulnerabilities: Exploiting vulnerabilities such as CVE-2024-21887, which affects Industrial Control Systems (ICS) and IoT devices, continues to be a notable attack vector. These vulnerabilities allow attackers to gain unauthorized access and disrupt critical services, making timely patching and vulnerability management crucial for organizations to mitigate risk.
• Geopolitically Motivated Attacks: Tensions in the geopolitical domain have led to a rise in ideologically driven cyberattacks, particularly those targeting government websites, infrastructure, and financial institutions. DDoS attacks, often carried out by groups such as the People’s Cyber Army and Mysterious Team Bangladesh, have been used to send political messages and disrupt operations, making it critical for organizations to strengthen defenses against such campaigns.
• Supply Chain and Phishing Attacks: The Threat Landscape Report 2024 highlights the risk of targeted supply chain attacks, with threat actors leveraging trojanized software packages or compromising third-party vendors to gain access to larger networks. Alongside these threats, phishing remains a pervasive attack technique, making employee training and awareness more important than ever.
• IoT and ICS Systems Vulnerabilities: Cyble also reported a rise in threat to IoT and ICS systems, especially in sectors like manufacturing, energy, and critical infrastructure. Exploits targeting these systems can cause widespread disruption, underscoring the need for specialized security measures tailored to these environments.

Strategic Insights for CISOs

CISOs across Australia and New Zealand must prioritize cybersecurity strategies that address both immediate and long-term risks. Here are several strategic takeaways for CISOs based on the Threat Landscape Report 2024:

• Given the rise in sophisticated attacks like RaaS and supply chain breaches, CISOs should prioritize proactive security measures such as vulnerability management, continuous monitoring, and threat intelligence sharing. Investing in comprehensive threat detection tools, like Cyble Vision, can help organizations stay alert to cyber threats in the modern world.
• With incidents like ransomware and data breaches on the rise, it is essential for organizations to have a robust incident response plan in place. Engaging with Cyble’s incident response and digital forensics services can help organizations swiftly identify, contain, and mitigate cyberattacks.
• As critical infrastructure remains a primary target, with 11% of cyber incidents in the report related to this sector, CISOs should invest in specialized security solutions to safeguard critical systems. For example, Cyble’s IoT and ICS security tools can help identify vulnerabilities in these environments, reducing the risk of significant disruption.
• The complex nature of cyber threats necessitates using advanced Cyber Threat Intelligence (CTI). Using platforms like Cyble Vision, Hawk, and ODIN, CISOs can access real-time threat data and better understand attack trends, improving decision-making and response times.

Cyble’s Role in Mitigating Cyber Threats

The ANZ Threat Landscape Report 2024 highlights the escalating sophistication of cyber threats targeting organizations in Australia and New Zealand, ranging from RaaS attacks to IoT and ICS systems vulnerabilities. To fight against these threats, CISOs need a comprehensive, proactive approach to cybersecurity. Cyble, a leading threat intelligence provider, offers several cybersecurity solutions to help organizations understand and fight against these challenges.

1. Attack Surface Management (ASM)

Cyble’s Attack Surface Management (ASM) solution helps organizations gain visibility into their digital footprint, identifying potential vulnerabilities before they can be exploited. Cyble’s ASM tools can detect exposed assets, including software vulnerabilities like those detailed in the Threat Landscape Report 2024, such as CVE-2024-21887, by continuously monitoring and analyzing an organization’s attack surface. With real-time alerts and actionable insights, ASM allows CISOs to stay ahead of threats and ensure timely remediation.

• Cyber Threat Intelligence (CTI)

One of the most significant takeaways from the report is the increasing complexity and scale of cyber threats. To stay ahead of attackers, organizations need actionable threat intelligence. Cyble’s Cyber Threat Intelligence (CTI) solutions provide real-time insights into emerging threats, from RaaS to politically motivated attacks. By aggregating data from various sources, including the dark web and hacker forums, Cyble’s CTI platform helps organizations understand threat actors employ tactics, techniques, and procedures (TTPs), enabling a faster, more targeted response to potential attacks.

• Dark Web Monitoring

As data breaches and ransomware attacks become more common, compromised information is often sold or traded on the dark web. Cyble’s Dark Web Monitoring solution helps organizations continuously scan for leaked data, stolen credentials, and other sensitive information that may be used in attacks. For CISOs, this means enhanced visibility into the risk of data exfiltration and the ability to take swift action to mitigate the potential impact of a breach.

• Incident Response and Digital Forensics

The ANZ Threat Landscape Report 2024 highlights that supply chain threats and data breaches raise business concerns. In a cyberattack, quick and efficient incident response is crucial. Cyble’s Digital Forensics & Incident Response (DFIR) services help organizations investigate and recover from cyber incidents. By identifying the root cause of an attack and mitigating its impact, Cyble’s expert team ensures that businesses can resume operations with minimal downtime.

• Vulnerability Management

Cyble’s Vulnerability Management solution provides advanced scanning and remediation strategies that give organizations a comprehensive view of exploitable vulnerabilities. According to the Threat Landscape Report 2024, flaws like CVE-2024-56789, which affects cloud platforms and virtual machines, are increasingly exploited. With Cyble’s solution, businesses can proactively identify and address vulnerabilities, reducing the likelihood of successful cyberattacks and minimizing the risk of exploitation.

• Brand Intelligence

Another key area highlighted in the Threat Landscape Report 2024 is the rise in brand impersonation, phishing attacks, and fraudulent domains targeting businesses. Cyble’s Brand Intelligence services help protect organizations from these threats by identifying fraudulent activities that could damage a company’s reputation or lead to financial losses. By monitoring fake websites, social media impersonation, and phishing attempts, Cyble helps companies safeguard their digital presence.

• Executive Monitoring

Cyble’s Executive Monitoring Solution offers comprehensive protection for executives by actively monitoring and tracking impersonations, deepfake content, and leaks of personally identifiable information (PII) across social media, dark web platforms, and cybercrime forums. Utilizing advanced AI technology, the solution can quickly identify and remove manipulated media, including deepfakes, in real time. This helps protect the reputation and integrity of key personnel by preventing identity theft, reputation damage, and the exploitation of sensitive information.

• Physical Security Intelligence

Cyble cybersecurity solutions offer comprehensive threat management that provides real-time updates to identify and address potential physical security risks proactively. Designed to protect assets and personnel, the solution ensures that security measures are always up-to-date and effective. With a centralized oversight platform, organizations can easily manage security across multiple locations, including offices and warehouses, from one unified interface. This streamlined approach by Cyble’s physical security intelligence helps improve operational efficiency while ensuring security remains a top priority across diverse environments.

• Takedown Services

Cyble offers powerful tools to combat online fraud and cybercrime by identifying and removing malicious content. These takedown services ensure that fraudulent activities and harmful online threats are promptly addressed, helping to protect organizations from reputational damage and financial loss. Cyble’s solution provides a critical layer of defense by disrupting cybercrime operations and protecting digital environments from online threats.

1. Bot Shield

Cyble offers advanced intelligence on compromised hosts within your network, providing detailed insights into infected devices communicating with known command-and-control infrastructures. This bot shield solution helps detect and mitigate botnet activities by identifying and isolating compromised devices, preventing further exploitation. By monitoring and addressing threats in real-time, Cyble enhances network security and protects your organization from potential cyberattacks driven by botnet infections.

1. Third Party Risk Management (TPRM)

Cyble’s Third-Party Risk Management (TPRM) solution helps identify and mitigate risks associated with third-party collaborations, ensuring secure business operations. By assessing the security posture of vendors and partners, Cyble enables organizations to proactively manage potential vulnerabilities in their supply chain and external relationships.

1. Cloud Security Posture Management (CSPM)

Cyble’s Cloud Security Posture Management (CSPM) solution continuously monitors cloud environments to identify misconfigurations and ensure compliance with security policies. Consistent evaluation of cloud infrastructure helps businesses secure their cloud platforms, mitigate potential security gaps, and enhance the overall security posture, providing real-time protection against cloud threats.

Conclusion

The ANZ Threat Landscape Report 2024 vividly describes the growing cybersecurity threats facing organizations across Australia and New Zealand. With ransomware attacks, politically motivated cybercrimes, and critical infrastructure vulnerabilities on the rise, CISOs must be more vigilant than ever in strengthening their organizations’ defenses.

Cyble offers a suite of cybersecurity solutions for organizations in Australia and New Zealand, including Cyble Vision for real-time threat intelligence and vulnerability management, Cyble Hawk for national security insights, Odin for internet scanning and vulnerability detection, AmIBreached for dark web risk mitigation, and The Cyber Express for expert cybersecurity news. These tools help organizations proactively address threats and enhance security in a complex cyberspace.

The post CISOs’ Key Takeaways from the ANZ (Australia and New Zealand) Threat Landscape Report 2024 appeared first on Cyble.

Blog – Cyble – ​Read More

• QR codes are disproportionately effective at bypassing most anti-spam filters, as most filters are not designed to recognize that a QR code is present in an image and decode the QR code. According to Talos’ data, roughly 60% of all email containing a QR code is spam.  
• Talos discovered two effective methods for defanging malicious QR codes, a necessary step to make them safe for consumption. Users could obscure the data modules, the black and white squares within the QR code that represent the encoded data. Alternatively, users could remove one or more of the position detection patterns — large square boxes located in corners of the QR code used to initially identify the code’s orientation and position. 
• Further complicating detection, both by users and anti-spam filters, Talos found QR code images which are “QR code art”. These images blend the data points of a QR code seamlessly into an artistic image, so the result does not appear to be a QR code at all. 

Prior to 1994, most code scanning technology utilized one-dimensional barcodes. These one-dimensional barcodes consist of a series of parallel black lines of varying width and spacing. We are all familiar with these codes, like the type you might find on the back of a cereal box from the grocery store. However, as the use of barcodes spread, their limitations became problematic, especially considering that a one-dimensional barcode can only hold up to 80 alphanumeric characters of information. To eliminate this limitation, a company named Denso Wave created the very first “Quick Response“ codes (QR codes). 

QR codes are a 2-dimensional matrix bar code that can hold encode just over seven thousand numeric characters, or up to approximately four thousand three hundred alphanumeric characters. While they can represent almost any data, most frequently we encounter QR codes that are used to encode URLs. 

Quantifying the QR code problem 

Cisco Talos extracts QR codes from images inside email messages and attached PDF files for analysis. QR codes in email messages make up as little as .01% up to .2% of all email, worldwide. This equates to roughly 1 out of every 500 email messages. This is not a very big number. However, because QR codes are disproportionately effective at bypassing anti-spam filters, a significant number find their way into users’ email inboxes, skewing users’ perception of the overall problem.  

Also, of course, not all email messages with a QR code inside are spam or malicious. Many email users send QR codes as part of their email signature, or you may also find legitimate emails containing QR codes used as signups for events, and so on. However, according to Talos’ data, roughly 60% of all email containing a QR code is spam.   

Truly malicious QR codes can be found in a much smaller number of messages. These emails contain links to phishing pages, etc. The most common malicious QR codes tend to be multifactor authentication requests used for phishing user credentials. 

One of the problems that defenders may encounter when dealing with users’ scanning of QR codes received via email, assuming the user’s device is not connected to the corporate Wi-Fi, is that subsequent traffic between the victim and the attacker will traverse the cellular network, largely outside the purview of corporate security devices. This can complicate defense, because few/no alerts from security devices will notify security teams that this has occurred.  

Why are malicious QR codes hard to detect? 

Because QR codes are displayed in images, it can be difficult for anti-spam systems to identify problematic codes. Identifying and filtering these messages requires the anti-spam system to recognize that a QR code is present in an image, decode the QR code, then analyze the link (or other data) present in the decoded data. As spammers are always looking for innovative ways to bypass spam filters, using QR codes has been a valuable technique for spammers to accomplish this. 

As anti-spam systems improve their capability to detect malicious QR codes in images, enterprising attackers have instead decided to craft their QR codes using Unicode characters. Below is an example of an email containing a Unicode art QR code.    

 The graphical parts of the image are contained within a PDF file. The PDF metadata indicates was created from HTML using the tool wkhtmltopdf. Converting the PDF back into HTML shows the Unicode that is being used to construct the QR code. 

Defanging QR codes 

When sharing malicious URLs, it is common to change the protocol from “http” to “hxxp”, or to add brackets [] around one of the dots in the URL. This makes it so browsers and other applications do not render the link as an active URL, ensuring that users do not inadvertently click on the malicious URL. This is a process known as “defanging”. Unfortunately, while defanging URLs is commonplace, many people do not defang malicious QR codes. For example, below is a news article from BBC about criminals who put QR code stickers on parking meters in an attempt to harvest payment credentials from unsuspecting victims. 

The problem is that these QR codes can still be scanned, taking visitors to whatever malicious link that the QR code encoded. To make malicious QR codes safe for consumption, they should be defanged. 

There are a couple of different ways to do this. One way is to obscure the data modules, the black and white squares within the QR code that represent the encoded data. This is where the data that the QR code represents is located. However, based on Talos’ own research, a far easier way to defang a QR code is to remove one or more of the position detection patterns (a.k.a. finder patterns). These are the large square boxes located in three of the four corners of the QR code, which are used by the QR code scanner to initially identify the code’s orientation and position. Removing the position detection patterns renders a QR code unscannable by virtually all scanners. 

Be careful what you scan! 

For years security professionals have encouraged users not to click on unfamiliar or suspicious URLs. These URLs could potentially lead to phishing pages, malware or other harmful sites. However, many users do not exercise the same care when scanning an unknown QR code as they do when clicking on a suspicious link. To be clear, scanning an unknown/suspicious QR code is equivalent to clicking on a suspicious URL. 

To complicate the situation even more, there are QR code images which are “QR code art”. These images blend the data points of a QR code seamlessly into an artistic image, so the result does not appear to be a QR code at all. The potential danger with QR code art images is that a user could conceivably be tricked into scanning a QR code art image with their camera, and then inadvertently navigate to the linked content without realizing it. Below are some QR codes found online by Talos which illustrate a range of artistic possibilities.  

Note: these images have been created by third parties and posted online. Talos is not responsible for the artwork, nor the linked content.

How to protect yourself from malicious QR codes 

QR codes have become ubiquitous, appearing in email, on restaurant menus, at events, on retail packaging, in museums, even public parks and trails. The perfect defense is to avoid scanning *any* QR codes, however, it can be difficult to avoid scanning these entirely, so users must exercise caution. Scanning a QR code is essentially the same as clicking on an unknown hyperlink, but without the ability to see the full URL beforehand. 

There are several QR code decoders freely available online. Typically, if you can save a screenshot of the QR code, you can upload this image to one of these decoders, and the QR code decoder will tell you what data was encoded inside the QR code. This will enable you more closely inspect the link. You can also choose to navigate to that URL using an application like Cisco Secure Malware Analytics (Threat Grid). This will allow you to view the content behind the URL from a safe place, without jeopardizing the security of your desktop or mobile device. As always, never EVER enter your username and password into an unknown site. It is better to navigate directly to anywhere you wish to login, rather than clicking on a URL presented to you from an unknown third party. 

Cisco Talos Blog – ​Read More

We’re always working to ensure our products and solutions remain top-tier — both in our own view and in the eyes of independent researchers. We take a comprehensive approach to this, adding new features, combating emerging malware, simplifying migration, and continually enhancing user experience.

Today, we’re excited to introduce a major update to Kaspersky Password Manager for mobile devices. This update will be available in all app stores during November 2024. We’re confident this refresh will make storing and managing passwords, two-factor authentication codes, and encrypted documents even easier. In this article, we’ll cover advanced filtering, search functionality, synchronization, and more.

Highlights

The mobile version of our password manager is celebrating its 10^th  anniversary this year (while the desktop version turns 15), and in those 10 years we’ve managed to consolidate all the best features into a single app. In recent years, we’ve been conducting extensive Kaspersky Password Manager user-behavior research and, based on the findings, we’ve completely revamped the navigation in our mobile app.

What’s new:

• The side menu has been replaced with a navigation bar at the bottom of the screen. The product’s core features are now organized into sections.
• We’ve created a dedicated section for the in-app search, and improved the search scenarios.
• Managing favorite entries is now more convenient; they’re now pinned at the top of the list.
• We’ve added a “Sync” button and placed it in a prominent location.
• The password generator, import, and security-check features have been grouped into a separate “Tools” section.

These changes are available to all Kaspersky Password Manager users on both Android (app version 9.2.106 and later) and iOS (app version 9.2.92 and later).

Navigation bar

All core Kaspersky Password Manager functions are now accessible through the navigation bar at the bottom of the screen.

Updated home screen of Kaspersky Password Manager for iOS (left) and Android (right)

Let’s look at each element of the new bar from left to right.

1. All Entries. This is the main menu – the heart of our password manager.
2.  Subscription. Here, you can view your current subscription, including the expiry date and provider. If you don’t have a subscription, you can create or log in to a My Kaspersky account to activate or purchase one.
3. Tools. Here, you’ll find the “Password Generator”, “Password Check”, and “Import Passwords” tools. The names speak for themselves. With a single click, you can create strong, unique passwords, check your existing passwords for uniqueness, strength, security, and compromise in data breaches, and import passwords from built-in browser password managers and similar products into our secure vault.
4. Search. If you’re an active internet user and have dozens or even hundreds of unique passwords for different accounts saved in Kaspersky Password Manager, simply click on the magnifying glass icon and type just a few characters to quickly find the entry you need.
5. Settings. This is where you can enable notifications, change your primary password, configure auto-lock and login methods, choose sorting options, access help resources, check the app version, and log out of your account.

New filtering

Let’s dive a little deeper. Another additional feature is the option to select entry categories within a section. Now, clicking “All Entries” opens a dropdown menu with these categories: websites, apps, other, bank cards, documents, addresses, notes, authenticator, and folders (you can create new folders as needed).

New entry category display in Kaspersky Password Manager for iOS (left) and Android (right)

Other additions

In the top right corner, you’ll notice a new “Sync” icon – replacing the “Search” button, which now resides in the navigation bar. Clicking this new icon displays the current synchronization status of your entries between your cloud storage and devices. If everything is in order, and your smartphone is connected to the internet and operating normally, you’ll see “All data is synced” with the date and time of the last sync. To refresh the data manually, click “Sync”.

The Search function has not only gotten its own tab in the navigation bar, but now also remembers your last search within the current session. For example, let’s say you were searching for your virtual card details while shopping, then switched to the “All Entries” menu, checked the settings and sync status, and then returned to “Search”. Your query and results will remain, despite your little wander through Kaspersky Password Manager. However, if you restart the app or clear the search, you’ll have to enter the query again.

Important note for Kaspersky Password Manager users on iOS 18. Due to Apple’s policies, the default source for auto-filling passwords and logins in iOS 18 is Apple’s built-in “Passwords” app, not Kaspersky Password Manager. This is easy to fix:

1. After updating to iOS 18, you need to launch Apple’s “Passwords” app at least once. This will activate the “AutoFill & Passwords” section in your device settings.
2. Go to “AutoFill & Passwords” in the device settings.
3. Select Kaspersky Password Manager as the preferred password auto-filling source.
4. In the “Set Up Codes In” section, select Kaspersky Password Manager.

Everything is now set for secure password management. On Android devices, when you first launch the password manager, enable autofill permissions. Simply follow the in-app instructions to do so.

Kaspersky official blog – ​Read More

From kids to retirees, no one is safe from cybercrooks. And if you’re always putting cybersecurity on hold because it all seems so daunting, our five dead-simple tips are just the ticket. Each of them will greatly beef up your protection against the most common cyberthreats. We compiled this post as part of INTERPOL’s #ThinkTwice global information campaign to raise awareness of the main cybercrime vectors plus simple but effective ways to counter them.

Automate your passwords

Make all your passwords for both websites and apps long enough (at least 12 characters) and unique (that is, never use them more than once). No one can think up and memorize so many passwords, so use a password manager to create, store and enter them. You’ll only need to come up with and memorize just one (long!) main password for it; everything else — from generating to entering passwords — will be done automatically.

Keep in mind: you need to install the password manager on all your devices to enter passwords easily and safely everywhere. The data will be synched across all your devices. So, having saved a password on your smartphone, you’ll be able to automatically enter it on your desktop, and vice versa. Note that the password manager will let you store in encrypted form not only passwords, but also PINs, full credit card details, addresses, notes, and even document scans.

Pro level: for maximum security, disable biometric login to the password manager — this way you’ll have to enter the main password every time you use the app, but no one will be able to access all your data without knowing the main password (don’t write it on a sticky note, by the way).

Enable double checking

Double checking, or two-factor authentication, protects you from password-stealing hackers who break into your accounts using leaked credentials. Besides the password, they’ll need to enter a one-time code sent to you via a text or an authenticator app.

Although banks enable two-factor authentication (2FA) automatically, in many other online services it remains optional. Wherever your data is even a tiny bit confidential (social networks, messengers, government services, email), we recommend enabling 2FA in the settings, if available.

Keep in mind: There’s usually a choice of how to get one-time codes: by email or text, or by generating them in a special authenticator app on your smartphone. Of these methods, the safest is to use the latter; next come codes via text (they can be intercepted), and the least secure option is codes via email.

With an authenticator app, the only risk is if you lose your smartphone, in which case you’ll also lose access to accounts protected by one-time codes. Here again, Kaspersky Password Manager comes to the rescue: not only does it securely store authentication tokens and generate one-time codes, it also synchronizes them across all your devices. So, if your smartphone is lost or broken, you can easily generate a verification code on any of your other devices, as well as restore all your Kaspersky Password Manager data to a new phone.

Pro level: get yourself a FIDO U2F hardware key — this dongle looks like a tiny flash drive and offers the best protection against hackers.

Double-check links and attachments

Never follow links or open files sent via messenger or email if you don’t recognize the sender or aren’t expecting any messages. If a friend, colleague or acquaintance writes you a message, but it looks even a little strange, call them, or reply via another communication channel to make sure it really is them and not a scammer.

Keep in mind: use two layers of defense! The first layer is your vigilance; the second is a comprehensive security solution. This will keep you away from phishing sites looking to extract passwords and money, as well as stop malware in its tracks. Incidentally, if a message or website asks you to turn off your antivirus – 99% of the time it’s an attempt to infect you.

Pro level: sign in to email, banking and other accounts only from browser bookmarks or by entering the address manually, and never open links in messages, emails or notifications — it might be phishing.

Enable automatic updates

This is to prevent cybercriminals from infecting you by exploiting bugs in your operating system, browser, office applications or other software. They can all update themselves — you just need to not postpone this action when prompted to restart the program or computer.

Keep in mind: sometimes “updates” are offered on websites. You go to the site, which says you need to update the browser, or video player, or Windows — and invites you to download an update on the spot. Stop! It’s a trick to sneak a virus into your device or computer. Genuine update prompts appear right in an application’s menu or as operating system notifications.
Pro level: Kaspersky Premium can monitor all your installed programs and notify you whenever an update becomes available. One click or tap, and everything’s up-to-date!

Think twice before sharing online

Photos sent to a stranger or scanned documents posted on social media can come back to bite you. You or family members might become victims of extortion, or scammers might use such information to create a convincing cover story to extract money from you or your friends. Therefore, only send and post things that you wouldn’t mind showing on a billboard outside your home. What gets posted online can be very difficult, if not impossible, to remove.

Keep in mind: social networks and messengers have privacy settings to adjust the visibility of your posts. Go there and change as many settings as possible from “Visible to everyone” to “Friends only”. To find out how to best configure privacy for operating systems, browsers, social networks and other programs, visit our Privacy Checker site.

Pro level: use a tool to monitor online leaks of personal information. A free option is to create a Google Alert for your name; a more powerful alternative is to go for a premium service. For example, Kaspersky Premium monitors leaks of personal data linked to all phone numbers and email addresses used by you and your loved ones as a standard feature.

How to automate protection

These tips are much easier to follow with an app that automates each aspect of security. Kaspersky Premium includes a password and one-time 2FA code manager, anti-phishing and anti-malware protection, update management and leak monitoring — all this and much more is available for both computers and smartphones. Join the club of savvy users who enjoy robust protection for next-to-no effort!

Kaspersky official blog – ​Read More

Overview

The Cybersecurity and Infrastructure Security Agency (CISA) has officially added two high-severity vulnerabilities affecting Palo Alto Networks Expedition to its Known Exploited Vulnerability (KEV) Catalog.

The two Palo Alto Networks vulnerabilities, which are actively being targeted by cybercriminals, are identified as CVE-2024-9463 and CVE-2024-9465; both have critical severity ratings and are known to be actively exploited in real-world attacks. Organizations using affected versions of Palo Alto Networks Expedition are urged to take immediate action to mitigate the risks.

The vulnerabilities in question—CVE-2024-9463 (OS Command Injection) and CVE-2024-9465 (SQL Injection)—impact Palo Alto Networks’ Expedition software, a tool for migrating and optimizing PAN-OS configurations. Both flaws have been assigned CVSSv4 scores of 9.9 and 9.2, respectively, signifying their high criticality.

These vulnerabilities could allow attackers to gain unauthorized access to sensitive data or execute arbitrary commands on affected systems, posing online risks to organizations’ security.

Details of Palo Alto Networks Vulnerabilities: CVE-2024-9463 and CVE-2024-9465

The first vulnerability, CVE-2024-9463, is a critical OS command injection flaw that affects Palo Alto Networks Expedition. Assigned a CVSSv4 score of 9.9, this vulnerability allows unauthenticated attackers to execute arbitrary operating system commands on the affected system.

If successfully exploited, this can compromise the integrity of the system, giving attackers the ability to disclose sensitive information. This includes usernames, cleartext passwords, device configurations, and API keys associated with PAN-OS firewalls, which are critical for securing network traffic.

Attackers exploiting this flaw can gain root access to these systems, making this vulnerability a prime target for those seeking to compromise firewall configurations and sensitive network data.

Another critical flaw, CVE-2024-9465, is a SQL injection vulnerability found in Expedition. This flaw, with a CVSSv4 score of 9.2, allows attackers to interact with and manipulate the system’s database, exposing sensitive information such as password hashes, usernames, and device configurations. Exploiting this vulnerability could give attackers the ability to create and read arbitrary files on the system, which increases the risk of a full system compromise.

Similar to CVE-2024-9463, the vulnerable version for CVE-2024-9465 is Expedition < 1.2.96. Additionally, proof-of-concept (PoC) exploits for this vulnerability have already been released to the public, escalating the risk of widespread attacks. As the PoC code is now accessible, it allows potential attackers to easily replicate the exploit and target vulnerable systems more efficiently.

Both CVE-2024-9463 and CVE-2024-9465 are critical vulnerabilities in the Expedition software suite. Organizations that are running versions of Expedition older than 1.2.96 are strongly advised to immediately update to the latest patched version. Given the severity and the ongoing active exploitation of these vulnerabilities, patching is crucial to protect sensitive information and maintain system security.

Cyble researchers have observed active exploitation of these flaws, with CVE-2024-9463 being particularly concerning due to its ability to grant attackers root-level access. This could result in a wide range of malicious activities, including data breaches, ransomware deployment, and unauthorized system modifications. Organizations should be particularly vigilant in monitoring their systems for signs of exploitation.

Recommendations and Mitigations

Palo Alto Networks has already released patches to address both vulnerabilities and organizations are urged to upgrade to Expedition version 1.2.96 or later. However, simply applying the patch may not be enough. The following mitigation strategies are recommended:

• Organizations should immediately apply the latest patches released by Palo Alto Networks to close the vulnerabilities. Ensuring that systems are updated with the latest software versions will significantly reduce the risk of exploitation.
• After upgrading to the fixed version of Expedition, all Expedition usernames, passwords, and API keys should be rotated to prevent attackers from using previously exposed credentials to access systems. Similarly, any firewall usernames, passwords, and API keys processed by Expedition should also be updated to maintain system security.
• Organizations should implement comprehensive monitoring and logging solutions to detect suspicious activities. SIEM (Security Information and Event Management) tools can help organizations identify and respond to potential exploitation attempts in real-time.
• Regular vulnerability assessments and penetration testing should be conducted to identify and address any other potential weaknesses. This proactive approach ensures that other unknown vulnerabilities are addressed.
• Organizations should have a well-defined incident response and recovery plan in place, which includes procedures for detecting, responding to, and mitigating the effects of an attack. Regular testing and updates to the plan are crucial to ensure readiness against online threats.

Conclusion

The inclusion of CVE-2024-9463 and CVE-2024-9465 in CISA’s Known Exploited Vulnerabilities catalog highlights the urgent need for organizations to address these critical vulnerabilities in the Palo Alto Networks Expedition.

With active exploitation ongoing, it is important for organizations using vulnerable versions to prioritize patching and apply recommended security measures. Delaying action could lead to severe data breaches and system compromises.

References:

• https://www.cisa.gov/news-events/alerts/2024/11/14/cisa-adds-two-known-exploited-vulnerabilities-catalog
• https://nvd.nist.gov/vuln/detail/cve-2024-9463
• https://nvd.nist.gov/vuln/detail/cve-2024-9465

The post CISA Adds Two Critical Palo Alto Networks Vulnerabilities to Known Exploited Catalog appeared first on Cyble.

Blog – Cyble – ​Read More