Practikal IT Solutions

A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP. The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests. https://lnkd.in/gCEb7dMk

The ASD’s ACSC is aware of CVE-2024-24919 that enables access of sensitive information to an unauthorised actor. Background / What has happened? • The ASD's ACSC is tracking a vulnerability in Check Points’ Quantum Security Gateway devices. • The ASD's ACSC is aware of active exploitation of vulnerable instances. Mitigation / How do I stay secure? • Australian organisations should review their networks for use of vulnerable instances of Check Points’ Quantum Security Gateway and implement the mitigation advice provided by the vendor. • A hotfix for CVE-2024-24919 is available. The ACSC strongly recommends that affected Australian organisations patch this vulnerability as a matter of high priority. Assistance / Where can I go for help? The ASD's ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations that have been impacted or require assistance can contact us via 1300 CYBER1 (1300 292 371).

(High) Increased cyber threat activity targeting Snowflake customers Background / What has happened? • The ASD's ACSC is tracking increased cyber threat activity relating to Snowflake customer environments. • The ASD's ACSC is aware of successful compromises of several companies utilising Snowflake environments. Mitigation / How do I stay secure? Australian organisations who utilise Snowflake should reset credentials for active accounts, disable non-active accounts, enable Multi-Factor Authentication (MFA), and review user activity. Snowflake have published an advisory to assist in identifying instances of unauthorised access. Assistance / Where can I go for help? The ASD's ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations that have been impacted or require assistance can contact us via 1300 CYBER1 (1300 292 371).

Pervasive SQL injection in DAS component An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiClientEMS may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted requests. https://lnkd.in/gTF4xJn7

Whether you're in the bustling metro areas or the serene regional landscapes of Western Australia, Practikal IT Solutions is here to address any IT challenges and provide effective solutions to propel your business forward. Our Managed IT Services include: • Proactive IT Support: We keep your systems running smoothly, preventing issues before they disrupt your business. • Network Security: Safeguard your sensitive data with our robust cybersecurity measures, protecting your business from evolving threats. • Cloud Solutions: Embrace the flexibility and scalability of the cloud with our tailored solutions, enhancing collaboration and efficiency. • Data Backup and Recovery: Ensure business continuity with our automated backup and rapid recovery services, minimizing downtime. • 24/7 Monitoring: Our team keeps a vigilant eye on your IT infrastructure, ready to respond to any issues, day or night. Why Choose Practikal IT Solutions? • Experience: With over 15 years of industry expertise, we understand the unique challenges businesses face in the digital landscape. • Custom Solutions: Tailored services to meet your specific needs and business goals. • Client-Centric Approach: Your success is our priority, and we're dedicated to providing exceptional service and support. Ready for Hassle-Free IT Management? Contact Practikal IT Solutions. Email us [email protected] or call 08 6285 0996 to explore how our IT solutions can drive your business success.

Understanding Ransomware Threat Actors: LockBit In 2022, LockBit was the most deployed ransomware variant across the world and continues to be prolific in 2023. Since January 2020, affiliates using LockBit have attacked organizations of varying sizes across an array of critical infrastructure sectors, including financial services, food and agriculture, education, energy, government and emergency services, healthcare, manufacturing, and transportation. LockBit ransomware operation functions as a Ransomware-as-a-Service (RaaS) model where affiliates are recruited to conduct ransomware attacks using LockBit ransomware tools and infrastructure. Due to the large number of unconnected affiliates in the operation, LockBit ransomware attacks vary significantly in observed tactics, techniques, and procedures (TTPs). This variance in observed ransomware TTPs presents a notable challenge for organizations working to maintain network security and protect against a ransomware threat. The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the following international partners, hereafter referred to as “authoring organizations,” are releasing this Cybersecurity Advisory (CSA) detailing observed activity in LockBit ransomware incidents and providing recommended mitigations to enable network defenders to proactively improve their organization’s defenses against this ransomware operation. Australian Signals Directorate’s Australian Cyber Security Centre (ASD's ACSC) Canadian Centre for Cyber Security (CCCS) United Kingdom’s National Cyber Security Centre (NCSC-UK) National Cybersecurity Agency of France (ANSSI) Germany’s Federal Office for Information Security (BSI) New Zealand’s Computer Emergency Response Team (CERT NZ) and National Cyber Security Centre (NCSC NZ) The authoring organizations encourage the implementation of the recommendations found in this CSA to reduce the likelihood and impact of future ransomware incidents. To read more visit https://lnkd.in/gqnE4kcY

ASD’s ACSC, CISA, and Partners Release Secure by Design Guidance on Choosing Secure and Verifiable Technologies Today, the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), together with CISA, the Canadian Centre for Cyber Security (CCCS), the United Kingdom’s National Cyber Security Centre (NCSC-UK), and the New Zealand National Cyber Security Centre (NCSC-NZ) are releasing the following guidance: Secure by Design Choosing Secure and Verifiable Technologies. This guidance was crafted to provide organizations with secure by design considerations when procuring digital products and services. The guidance contains a range of internal and external considerations and offers sample questions to leverage at each stage of the procurement process. Additionally, the guidance informs manufacturers on steps they should be taking to align their development processes to secure by design principles and practices. CISA and partners encourage all organizations to read the guidance to assist with making secure and informed choices when procuring digital products and services. Software manufacturers are also encouraged to incorporate the secure by design principles and practices found in the guidance. To learn more about secure by design principles and practices, visit CISA’s Secure by Design webpage. https://lnkd.in/gckqvEVZ

Whether you're in the bustling metro areas or the serene regional landscapes of Western Australia, Practikal IT Solutions is here to address any IT challenges and provide effective solutions to propel your business forward. Our Managed IT Services include: • Proactive IT Support: We keep your systems running smoothly, preventing issues before they disrupt your business. • Network Security: Safeguard your sensitive data with our robust cybersecurity measures, protecting your business from evolving threats. • Cloud Solutions: Embrace the flexibility and scalability of the cloud with our tailored solutions, enhancing collaboration and efficiency. • Data Backup and Recovery: Ensure business continuity with our automated backup and rapid recovery services, minimizing downtime. • 24/7 Monitoring: Our team keeps a vigilant eye on your IT infrastructure, ready to respond to any issues, day or night. Why Choose Practikal IT Solutions? • Experience: With over 15 years of industry expertise, we understand the unique challenges businesses face in the digital landscape. • Custom Solutions: Tailored services to meet your specific needs and business goals. • Client-Centric Approach: Your success is our priority, and we're dedicated to providing exceptional service and support. Ready for Hassle-Free IT Management? Contact Practikal IT Solutions. Email us [email protected] or call 08 6285 0996 to explore how our IT solutions can drive your business success.

CISA and Partners Release Fact Sheet on Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity Today, CISA, in collaboration with U.S. and international partners, published a joint fact sheet, Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity. This fact sheet provides information and mitigations associated with cyber operations conducted by pro-Russia hacktivists who seek to compromise industrial control systems (ICS) and small-scale operational technology (OT) systems in North American and European critical infrastructure sectors, including Water and Wastewater Systems, Dams, Energy, and Food and Agriculture Sectors. The pro-Russia hacktivist activity appears mostly limited to unsophisticated techniques that manipulate ICS equipment to create nuisance effects. However, investigations have identified that these actors are capable of techniques that pose physical threats against insecure and misconfigured OT environments. CISA and partners encourage OT operators in critical infrastructure sectors to apply the recommendations listed in the fact sheet to defend against this activity. To learn more about secure by design principles and practices, visit CISA's Secure by Design webpage. For more information and guidance on protection against the most common and impactful threats, tactics, techniques, and procedures, visit CISA’s Cross-Sector Cybersecurity Performance Goals. https://lnkd.in/gXDjGNCZ

CVE-2023-42950 Ause after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution. https://lnkd.in/gaJ9Nn_v