Executive summary

Microsoft’s October 2023 Patch Tuesday provides updates to address 103 security issues across its product range, including two actively exploited zero-day vulnerabilities (CVE-2023-36563 and CVE-2023-41763).  One of the exploited zero-day vulnerabilities is a privilege escalation vulnerability in skype. The other is an information disclosure vulnerability in Microsoft WordPad that can result in disclosure of NTLM hashes. Also among the updates provided by Microsoft were 13 critical vulnerabilities.

In addition to the Microsoft updates this week also saw Adobe fix 13 vulnerabilities across various products, with a vulnerability in Adobe Reader under active exploitation, and Google addressing 20 vulnerabilities in Chrome.

What’s the risk to me or my business?

The actively exploited vulnerabilities could allow an attacker with access, to elevate privileges or capture the hashes of user passwords to gain access to that users accounts. Both compromise the confidentiality, integrity and availability of data stored by an organisation.

What can I do?

Security updates are available for all supported versions of Windows impacted. The updates should be applied as soon as possible for the actively exploited vulnerability and all other vulnerabilities that have a critical severity rating.

Technical Summary

CVE-2023-36563: If exploited the vulnerability disclosures of information in Microsoft WordPad that could result in leak in NTLM hashes.

CVE-2023-41763: If actively exploited it allows for an attacker to escalate privileges in Skype that could lead to the exposure of sensitive information, such as IP addresses, port numbers and enabling an attacker to gain access to internal networks.

Adobe

This month, Adobe released fixes for 13 vulnerabilities, of which 8 were rated critical across Adobe Bridge (2), Commerce (10) and Photoshop (1). Adobe have stated a vulnerability in Adobe Reader is under active exploitation. The vulnerabilities include remote code execution, memory leak, privilege escalation and security bypass.

Chrome

An update for Google Chrome which patches 20 vulnerabilities, with the most severe allowing for arbitrary code execution to be performed by a malicious attacker. Depending on the privileges associated with the user an attacker could then install programs; view, delete or modify the data; or create new accounts with full user rights. Users whose accounts have fewer user rights could be less impacted than those who operate with administrative user rights. While there are currently no reports of these vulnerabilities being exploited in the wild, it is advised to update to the latest version as soon as possible.

further details on other specific updates within this patch Tuesday can be found here:

https://msrc.microsoft.com/update-guide/releaseNote/2023-Oct

Further details about CVE-2023-36563 can be found here:              

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-36563

Further details about CVE-2023-41763 can be found here:

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-41763

Further details of the vulnerabilities addressed in Adobe Bridge can be found here:

https://helpx.adobe.com/security/products/bridge/apsb23-49.html

Further details of the vulnerabilities addressed in Adobe Commerce can be found here:

https://helpx.adobe.com/security/products/magento/apsb23-50.html

Further details of the vulnerabilities addressed in Adobe Photoshop can be found here:

https://helpx.adobe.com/security/products/photoshop/apsb23-51.html

Further details of the vulnerabilities addressed in Chrome can be found here:

https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Executive Summary

Microsoft’s April patch Tuesday addressed 97 security issues including one actively exploited zero-day actively being used to launch ransomware attacks. Adobe released updates to fix security issues across a range of their products including Acrobat and Adobe Reader. SAP have also this week issued fixes for a number of their products including BusinessObjects.

 Microsoft

Microsoft’s April Patch Tuesday provides updates to address 97 security issues across its product range, including one actively exploited zero-day vulnerability (CVE-2023-28252) being used to launch ransomware attacks. The exploited zero-day vulnerability is a privilege escalation vulnerability which has been added the US Cybersecurity and Infrastructure Security Agency’s (CISA) “Known Exploited Vulnerabilities Catalog”. 7 critical vulnerabilities were also patched through updates provided by Microsoft.

What’s the risk to me or my business?

The actively exploited vulnerability could allow an attacker with access, to gain SYSTEM privileges and further compromise the confidentiality, integrity and availability of data stored by an organisation.

What can I do?

Security updates are available for all supported versions of Windows impacted. The updates should be applied as soon as possible for the actively exploited vulnerability and all other vulnerabilities that have a critical severity rating.

Technical Summary

CVE-2023-28252: The actively exploited vulnerability could allow an attacker to gain SYSTEM privileges, effectively providing the attacker with the highest permissions of access to a system. The vulnerability is a post exploitation vulnerability which an attacker can exploit once they have gained access to a vulnerable target.

 Adobe

This month, Adobe released fixes for 56 vulnerabilities, of which 49 were rated critical across Adobe Acrobat and Reader (14), InCopy (1), Substance 3D Designer (9), Substance 3D Stager (10), Digital Editions (1) and Dimension (14). At current, Adobe is not aware of any of these vulnerabilities being actively exploited. The vulnerabilities include remote code execution, memory leak, privilege escalation and security bypass.

SAP

Enterprise software vendor SAP has addressed vulnerabilities in several of its products, including two critical-severity vulnerabilities that impact SAP Diagnostic Agent and SAP BusinessObjects Business Intelligence Platform. The updates included fixes for 19 vulnerabilities. Including remote execution and authentication bypass. A total of 5 vulnerabilities were given the “Hot News” priority, which is the highest priority according to SAP.

Further details on other specific updates within this patch Tuesday can be found here: https://www.ghacks.net/2023/04/11/microsoft-windows-security-updates-april-2023-what-you-need-to-know-before-installation/

Further details about CVE-2023-28252 can be found here: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-28252  

Further details of the vulnerabilities addressed in Adobe Acrobat and Reader can be found here: https://helpx.adobe.com/security/products/acrobat/apsb23-24.html

Further details of the vulnerabilities addressed in Adobe InCopy can be found here: https://helpx.adobe.com/security/products/incopy/apsb23-13.html

Further details of the vulnerabilities addressed in Adobe Substance 3D Designer can be found here: https://helpx.adobe.com/security/products/substance3d_designer/apsb23-28.html

Further details of the vulnerabilities addressed in Adobe Substance 3D Stager can be found here: https://helpx.adobe.com/security/products/substance3d_stager/apsb23-26.html

Further details of the vulnerabilities addressed in Adobe Digital Editions can be found here: https://helpx.adobe.com/security/products/Digital-Editions/apsb23-04.html

Further details of the vulnerabilities addressed in Adobe Dimension can be found here: https://helpx.adobe.com/security/products/dimension/apsb23-27.html

Further information on the patches by SAP can be found here: https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Cyber Security Is Getting Harder: More Threats, More Complexity, Fewer People

Splunk and Enterprise Strategy Group released a global research report that examines the security issues facing the modern enterprise. More than 1,200 security leaders participated in the survey, revealing they’ve seen an increase in cyber attacks while their teams are facing widening talent gaps.

According to the report, 65% of respondents say they have seen an increase in attempted cyber attacks. In addition, many have been directly impacted by data breaches and costly ransomware attacks, which have left security teams exhausted:

·       49% of organisations say they have suffered a data breach over the past two years, an increase from 39% a year earlier.

·       79% of respondents say they’ve encountered ransomware attacks, and 35% admit that one or more of those attacks led them to lose access to data and systems.

·       59% of security teams say they had to devote significant time and resources to remediation, an increase from 42% a year ago.

·       54% of respondents report that their business-critical applications have suffered from unplanned outages related to cyber security incidents on at least a monthly basis, with a median of 12 outages per year. The median time to recover from unplanned downtime tied to cyber security incidents is 14 hours. Respondents estimated the cost of this downtime averaged about $200,000 per hour.

·       64% of security professionals have stated that it’s challenging to keep up with new security requirements, up from 49% a year ago.

https://www.helpnetsecurity.com/2022/04/13/modern-enterprise-security-issues/

• Terrible Cloud Security Is Leaving the Door Open for Hackers. Here's What You're Doing Wrong

A rise in hybrid work and a shift to cloud platforms has changed how businesses operate - but it's also leaving them vulnerable to cyber attacks.

Cloud applications and services are a prime target for hackers because poor cyber security management and misconfigured services are leaving them exposed to the internet and vulnerable to simple cyber attacks.

Analysis of identity and access management (IAM) polices taking into account hundreds of thousands of users in 18,000 cloud environments across 200 organisations by cyber security researchers at Palo Alto Networks found that cloud accounts and services are leaving open doors for cyber criminals to exploit – and putting businesses and users at risk.

The global pandemic pushed organisations and employees towards new ways of remote and hybrid working, with the aid of cloud services and applications. While beneficial to businesses and employees, it also created additional cyber security risks – and malicious hackers know this.

https://www.zdnet.com/article/terrible-cloud-security-is-leaving-the-door-open-for-hackers-heres-what-youre-doing-wrong/

• More Organisations Are Paying the Ransom. Why?

Most organisations (71%) have been hit by ransomware in 2021, and most of those (63%) opted for paying the requested ransom, the 2022 Cyberthreat Defense Report (CDR) by the CyberEdge Group has shown.

The research company says that possible explanations for the steady yearly rise of the percentage of organisations that decided to pay the ransom may include: the threat of exposing exfiltrated data, increased confidence for data recovery, and the fact that many organisations find that paying a ransom is significantly less costly than system downtime, customer disruption, and potential lawsuits.

“72% of ransom-paying victims recovered their data [in 2021], up from 49% in 2017. This increased confidence for successful data recovery is often factored into the ransom-paying decision,” the company noted.

Similarly, BakerHostatler’s 2022 Data Security Incident Response Report says that in ransomware incidents the US-based law firm was called in to manage in 2021, ransomware groups provided decryptors and stuck to their promise to not publish stolen data 97% of the time.

https://www.helpnetsecurity.com/2022/04/11/organizations-paying-ransom/

• Cyber Attack Puts City Firms on High Alert to Bolster Defences

Experts warn a combination of 'ignorance and arrogance' makes City executives vulnerable to attacks.

City firms on high alert for cyber attacks were sent a clear warning recently, bolstering concerns of the potential for breaches from Russia.

Ince Group, the London-listed law firm, last month fell prey to hackers who infiltrated its computer systems and stole confidential data. The company's security systems detected the intrusion on March 13, prompting the IT team to shut down servers to try and prevent widespread damage.

But soon after, the hackers demanded a ransom for stolen data and threatened to publish it on the dark web if Ince Group, which has clients in the shipping, energy and healthcare sectors, didn't pay up.

The incident has intensified worries of possible breaches after warnings that City firms could be targeted by Russian hackers following Putin’s invasion of Ukraine.

Julia O'Toole, chief executive of MyCena Security Solutions, says executives should be "very concerned" about any news of a cyber attack at a rival company.

https://www.telegraph.co.uk/business/2022/04/11/cyber-attack-puts-city-firms-high-alert-bolster-defences/

• More Than 60% of Organisations Suffered a Breach in the Past 12 Months

Firms focus too narrowly on external attackers when it's insiders, third parties, and stolen assets that cause many breaches, new study shows.

The majority of companies — 63% — have suffered at least one breach in the past 12 months. The global average breach cost $2.4 million — a price tag that increases to $3.0 million for companies unprepared to respond to compromises.

The new data from Forrester Research, released on April 8 in a report titled "The 2021 State Of Enterprise Breaches," found that the number of breaches and the cost of breaches varied widely depending on the geographic location of the business and to what degree the organisation is prepared to respond to breaches. Companies in North America had the largest disparity between the haves and have-nots: While the average organisation required 38 days to find, eradicate, and recover from a breach, companies that failed to adequately prepare for security challenges took 62 days.

The difference in response resulted in a large difference in cost as well, with the average North American company paying $3.0 million to recover from a breach, a bill that rises to $4.0 million if the company suffered from a lack of incident-response preparation.

"The misalignment between the expectation and the reality of breaches has become very important," says Allie Mellen, an analyst with Forrester's Security and Risk group. "On a global scale, there is a big disparity of about $600,000 between those who are prepared to respond to a breach and those who are not."

https://www.darkreading.com/attacks-breaches/more-than-60-of-organizations-suffered-a-breach-in-the-past-12-months

• Account Takeover Poised to Surpass Malware as The No. 1 Security Concern

As most researchers and financial executives can attest, virtually all types of fraud have dramatically risen over the past two years. However, attackers taking over legitimate financial accounts have become even more of a favourite with cyber criminals than most fraud schemes.

Many major recent research reports have pointed out that account takeover (ATO), a form of identity theft where bad actors access legitimate bank accounts, change the account information and passwords, and hijack a real customer’s account, has skyrocketed since last year. According to Javelin Research’s annual "Identity Fraud Study: The Virtual Battleground" report, account takeover increased by 90% to an estimated $11.4 billion in 2021 when compared with 2020 — representing roughly one-quarter of all identity fraud losses last year.

Like many types of financial fraud, cyber thieves are betting on the fact that if they attempt to seize a large number of legitimate accounts, eventually they will get a payoff.

Account takeovers are a numbers game, the more accounts that an organisation has, the bigger their risk that some of them will be compromised.

Account takeovers often piggyback off of previous attacks, making these crimes a way for hackers to make the most out of stolen information. Diskin pointed out that account takeovers most commonly happen when a password is “taken from another data leak and reused for different accounts. But there are a variety of risky scenarios that can lead to compromise.”

https://www.scmagazine.com/analysis/cybercrime/account-takeover-poised-to-surpass-malware-as-the-no-1-security-concern

• Security Research Reveals 42% Rise in New Ransomware Programs In 2021

Critical infrastructure in the crosshairs: operational technology vulnerabilities jump 88% .

Threat intelligence analysts at Skybox Research Lab uncovered a 42% increase in new ransomware programs targeting known vulnerabilities in 2021. The Silicon Valley cyber security company released its annual 2022 Vulnerability and Threat Trends Report, revealing how quickly cyber criminals capitalise on new security weaknesses – shrinking the window that organisations have to remediate vulnerabilities ahead of an attack.

With 20,175 new vulnerabilities published in 2021, Skybox Research Lab witnessed the most vulnerabilities ever reported in a single year. And these new vulnerabilities are just the tip of the iceberg. The total number of vulnerabilities published over the last 10 years reached 166,938 in 2021 — a three-fold increase over a decade. These cumulative vulnerabilities, piling up year after year, represent an enormous aggregate risk, and they’ve left organisations struggling with a mountain of cyber security debt. As the US Cybersecurity and Infrastructure Security Agency (CISA) highlights in its Top Routinely Exploited Vulnerabilities list, threat actors are routinely exploiting publicly disclosed vulnerabilities from years past.

The sheer volume of accumulated risks — hundreds of thousands or even millions of vulnerability instances within organisations — means they can’t possibly patch all of them. To prevent cyber security incidents, it is critical to prioritise exposed vulnerabilities that could cause the most significant disruption, then, apply appropriate remediation options including configuration changes or network segmentation to eliminate risk, even before patches are applied or in cases where patches aren’t available.

https://informationsecuritybuzz.com/study-research/skybox-security-research-reveals-42-rise-in-new-ransomware-programs-in-2021/

• Fraudsters Stole £58m with Remote Access Trojans (RATs) in 2021

2021 saw victims of Remote Access Tool (RAT) scams lose £58m in 2021, official UK police figures show.

RAT scams involve scammers taking control of a victim’s device, typically in order to access bank accounts.

Some 20,144 victims fell for this type of scam in 2021, averaging around £2800 stolen per incident.

Typically, RAT attacks begin with a victim being inundated with pop-ups claiming there is a problem with the computer. Users are often then asked to call a “hotline” number, when a scammer will persuade them to download a RAT.

RAT scams are often compared to the classic “tech support” scams. Modern RAT scams are typically more devious, however, with scammers often cold-calling their victims pretending to work for their bank and claiming that they need computer access to investigate a fraudulent transaction.

https://www.itsecurityguru.org/2022/04/11/fraudsters-stole-58m-with-rats-in-2021/

• As State-Backed Cyber Threats Grow, Here's How the World Is Reacting

With the ongoing conflict in Eurasia, cyber warfare is inevitably making its presence felt. The fight is not only being fought on the fields. There is also a big battle happening in cyberspace. Several cyber-attacks have been reported over the past months.

Notably, cyber attacks backed by state actors are becoming prominent. There have been reports of a rise of ransomware and other malware attacks such as Cyclops Blink, HermeticWiper, and BlackCat. These target businesses as well as government institutions and nonprofit organisations. There have been cases of several attempts to shut down online communications and IT infrastructure.

The ongoing list of significant cyber incidents curated by the Center for Strategic and International Studies (CSIS) shows that the number of major incidents in January 2022 is 100% higher compared to the same period in the previous year. With the recent activities in cyberspace impacted by the emergence of the geopolitical tumult in February, it is not going to be surprising to see an even more dramatic rise in the number of significant incidents.

https://thehackernews.com/2022/04/as-state-backed-cyber-threats-grow.html

• Q1 Reported Data Compromises Up 14% Over 2021

The Identity Theft Resource Center published a First Quarter 2022 Data Breach Analysis which found that Q1 of 2022 began with the highest number of publicly reported data compromises in the past three years.

Publicly reported data compromises totalled 404 through March 31, 2022, a 14 percent increase compared to Q1 2021.

This is the third consecutive year when the number of total data compromises increased compared to Q1 of the previous year. It also represents the highest number of Q1 data compromises since 2020.

https://informationsecuritybuzz.com/expert-comments/q1-reported-data-compromises-up-14-over-2021/

• Europol Announces Operation to Hit Russian Sanctions-Evaders

European police have announced a major new operation designed to crack down on Russian oligarchs and businesses looking to circumvent sanctions.

Operation Oscar will run for at least a year as an umbrella initiative that will feature many separate investigations, Europol explained.

The policing organisation’s European Financial and Economic Crime Centre will work to exchange information and intelligence with partners and provide operational support in financial crime investigations.

A key focus appears to be on illicit flows of money, which Russian individuals and entities will be trying to move around the region in order to bypass sanctions imposed since President Putin’s invasion of Ukraine.

“Europol will centralise and analyse all information contributed under this operation to identify international links, criminal groups and suspects, as well as new criminal trends and patterns,” Europol said.

“Europol will further provide tailor-made analytical support to investigations, as well as operational coordination, forensics and technical expertise, and financial support to the relevant national authorities.”

https://www.infosecurity-magazine.com/news/europol-hit-russian/

Threats

Ransomware

• Ransomware: These Two Gangs Are Behind Half of All Attacks | ZDNet

• Clueless Hackers Spent Months Inside a Network And Nobody Noticed. But Then a Ransomware Gang Turned Up | ZDNet

• Conti Ransomware Leak Shows Group Operates Like a Normal Tech Company, with an HR Department, Performance Reviews and an ‘Employee of the Month’ (cnbc.com)

• Don't Let Ransomware Gangs Spend Months in Your Network • The Register

• Dismantling ZLoader: How Malicious Ads Led to Disabled Security Tools And Ransomware - Microsoft Security Blog

• Analysis of the SunnyDay Ransomware - Security Affairs

• Karakurt Data Thieves Linked to Larger Conti Hacking Group | CSO Online

• Conti Ransomware Gang Claims Responsibility for The Nordex Hack - Security Affairs

• OldGremlin Ransomware Gang Targets Russia with New Malware (bleepingcomputer.com)

• Conti Ransomware Offshoot Targets Russian Organisations | Malwarebytes Labs

Other Social Engineering

• FBI: Payment App Users Targeted in Social Engineering Attacks (bleepingcomputer.com)

• These Hackers Pretend to Poach, Recruit Rival Bank Staff In New Cyber Attacks | ZDNet

Malware

• Credential-Stealing Malware Disguises Itself As Telegram, Targets Social Media Users | Malwarebytes Labs

• Microsoft Sounds The Alarm Over New Cunning Windows Malware | TechRadar

• Spring4Shell Under Active Exploit by Mirai Botnet Herders • The Register

• Haskers Gang Gives Away ZingoStealer Malware to Other Cyber Criminals for Free (thehackernews.com)

• Hackers Hijack Adult Websites to Infect Victims With Malware | TechRadar

• Qbot Malware Switches To New Windows Installer Infection Vector (bleepingcomputer.com)

• Windows 11 tool to Add Google Play Secretly Installed Malware (bleepingcomputer.com)

• Over 16,500 Sites Hacked to Distribute Malware via Web Redirect Service (thehackernews.com)

• Researchers Warn of FFDroider and Lightning Info-Stealers Targeting Users in The Wild (thehackernews.com)

• Enemybot: a New Mirai, Gafgyt Hybrid Botnet Joins The Scene | ZDNet

Mobile

• Android Banking Malware Intercepts Calls to Customer Support (bleepingcomputer.com)

• How to Stop Octo Malware From Remotely Accessing Your Android (lifehacker.com)

IoT

• New EnemyBot DDoS Botnet Recruits Routers and IoTs Into Its Army (bleepingcomputer.com)

• 3 Reasons Connected Devices are More Vulnerable than Ever (bleepingcomputer.com)

Data Breaches/Leaks

• GitHub Says Hackers Breached Dozens of Organisations Using Stolen OAuth Access Tokens (thehackernews.com)

Organised Crime & Criminal Actors

• New Industrial Spy Stolen Data Market Promoted Through Cracks, Adware (bleepingcomputer.com)

• Google Files Suit Against Cameroonian Cyber Criminal Who Used Puppies as Lures - CyberScoop

Cryptocurrency/Cryptomining/Cryptojacking

• 10 NFT and Cryptocurrency Security Risks That CISOs Must Navigate | CSO Online

• A Practical Reason Why Crypto Might Not Work for Large-Scale Sanctions Evasion - CyberScoop

Insider Risk and Insider Threats

• Who Is Your Biggest Insider Threat? | CSO Online

• Former DHS Acting IT Chief Convicted in Software, Database Theft Scheme (darkreading.com)

Fraud, Scams & Financial Crime

• Cyber Criminals Do Their Homework for Latest Banking Scam • The Register

Denial of Service DoS/DDoS

• New Fodcha DDoS Botnet Targets Over 100 Victims Every Day (bleepingcomputer.com)

• New EnemyBot DDoS Botnet Borrows Exploit Code from Mirai and Gafgyt (thehackernews.com)

Cloud

• 99% Of Cloud Identities Are Overly Permissive, Opening Door to Attackers | CSO Online

• The Perils of SaaS Misconfigurations - Help Net Security

• Top Attack Techniques for Breaching Enterprise And Cloud Environments - Help Net Security

• Finding Attack Paths in Cloud Environments (thehackernews.com)

• The Two Words You Should Never Forget When You’re Securing a Cloud - Help Net Security

Privacy

• Muting Your Mic Reportedly Doesn’t Stop Big Tech from Recording Your Audio (thenextweb.com)

Spyware, Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Preparing for Armageddon: How Ukraine Battles Russian hackers | Ars Technica

• Ukraine Proves Cyber War Has No Borders - MSSP Alert

• Hackers Target Ukrainian Govt with IcedID Malware, Zimbra Exploits (bleepingcomputer.com)

• Russia’s Sandworm Hackers Attempted a Third Blackout In Ukraine | Ars Technica

• The Unceasing Action of Anonymous Against Russia - Security Affairs

• European Officials Reportedly Targeted by NSO Spyware • The Register

Nation State Actors

Nation State Actors – Russia

• CISA Warns Orgs of WatchGuard Bug Exploited by Russian State Hackers (bleepingcomputer.com)

Nation State Actors – China

• China-Linked Hafnium APT Leverages Tarrask Malware to Gain Persistence - Security Affairs

• China ‘Decodes’ An Orbiting US Satellite; Claims Expertise In Automatically Detecting & Fixing Security Flaws In Outer Space (eurasiantimes.com)

Nation State Actors – North Korea

• US Gov Believes Lazarus APT is Behind Ronin Validator Cyber Heist - Security Affairs

• Feds Offer $5m Reward for Info on North Korean Cyber Crooks • The Register

• FBI Links Largest Crypto Hack Ever to North Korean Hackers (bleepingcomputer.com)

• Symantec: North Korea's Lazarus Targets Chemical Companies • The Register

Vulnerabilities

• Microsoft Issues Patches for 2 Windows Zero-Days and 126 Other Vulnerabilities (thehackernews.com)

• Google Issues Third Emergency Fix For Chrome This Year • The Register

• Critical HP Teradici PCoIP Flaws Impact 15 Million Endpoints (bleepingcomputer.com)

• Critical Windows RPC Vulnerability Raises Alarm (techtarget.com)

• VMware Workspace One Flaw Actively Exploited in The Wild (techtarget.com)

• Adobe Patches Gaping Security Holes in Acrobat, Reader, Photoshop | SecurityWeek.Com

• Cisco Vulnerability Lets Hackers Craft Their Own Login Credentials (bleepingcomputer.com)

• Critical VMware Cloud Director Bug Could Let Hackers Takeover Entire Cloud Infrastructure (thehackernews.com)

• Several Vulnerabilities Allow Disabling of Palo Alto Networks Products | SecurityWeek.Com

• Cisco Patches Critical Vulnerability in Wireless LAN Controller | SecurityWeek.Com

• Critical Flaw in Elementor WordPress Plugin May Affect 500k Sites (bleepingcomputer.com)

• Critical Apache Struts RCE Vulnerability Wasn't Fully Fixed, Patch Now (bleepingcomputer.com)

• Attackers Are Exploiting VMware RCE to Deliver Malware (CVE-2022-22954) - Help Net Security

• These D-Link Routers Are Vulnerable To Remote Hacks And Should Be Retired Immediately | HotHardware

• Upgrades for Spring Framework Have Stalled (darkreading.com)

Sector Specific

CNI, OT, ICS, IIoT and SCADA

• CISA Alert on ICS, SCADA Devices Highlights Growing Enterprise IoT Security Risks (darkreading.com)

• Pipedream Malware: Feds Uncover 'Swiss Army Knife' for Industrial System Hacking | WIRED

• New Malware Tools Pose 'Clear and Present Threat' to ICS Environments (darkreading.com)

• US Warns of APT Hackers Targeting ICS/SCADA Systems with Specialized Malware (thehackernews.com)

• Flaws in ABB Network Interface Modules Expose Industrial Systems to DoS Attacks | SecurityWeek.Com

Energy & Utilities

• US Agencies Warn of Custom-Made Hacking Tools Targeting Energy Sector Systems - The Record by Recorded Future

Reports Published in the Last Week

• The 2021 State Of Enterprise Breaches | Forrester

• First Quarter 2022 Data Breach Analysis Report | Identity Theft Resource Centre
  

Other News

• Singapore To License Infosec Service Providers • The Register

• What Is the Cyber Kill Chain? A Model for Tracing Cyber Attacks | CSO Online

• Cyber Defense: Prioritized By Real-World Threat Data - Help Net Security

• How Can You Spot Fake News? And What Should We, As A Society, Do About Mass Disinformation? - Information Security Buzz

• The Cyber Criminal Isn’t Necessarily Who You Think… | Mind Matters

• Consumer Trust Is in The Doldrums: Indifference Towards Data Exposure Is Widespread - Help Net Security

• How Cryptocurrency Gave Birth to the Ransomware Epidemic (vice.com)

• Dark Data Is a Pain Point For Many Security Leaders - Help Net Security

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Executive Summary

Adobe has released several security updates deemed as ‘critical’ across their product range to address various vulnerabilities. The affected applications include Adobe Acrobat and Reader which are used by most commercial organisations, along with Photoshop and other products within their range. Some of these vulnerabilities could give a malicious actor access to remote code execution.

What’s the risk to me or my business?

While Adobe has disclosed that they are not aware of these vulnerabilities being currently exploited, it is highly likely that they will a target by malicious actors since products such as Adobe Reader are used by a large percentage of organisations.

What can I do?

Apply the available updates from Adobe as soon as possible for the software products deployed across your organisation, while taking into consideration any potential downtime that these updates may cause.

Technical Summary

The vulnerabilities have been confirmed to affect both Windows and MacOS versions of various Adobe products, including Acrobat, Reader, Photoshop, After Effects, commerce, Magento Open Source, DC. Some of the effects of the vulnerabilities may be mitigated by good security practices, such as limiting end users local privileged access on end points. Further details on the individual vulnerabilities can be found here: Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution (cisecurity.org)

 Need help understanding your gaps, or just want some advice? Get in touch with us.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Cyber Insurance Firms Start Tapping Out As Ransomware Continues To Rise

In early May, global insurer AXA made a landmark policy decision: The company would stop reimbursing French companies for ransomware payments to cyber criminals. The decision, which reportedly came after French authorities questioned whether the practice had fuelled the current epidemic in ransomware attacks, may be just the beginning of a general retreat that will force companies to reconsider their attempts to outsource cyber-risk to insurance firms. Already, the massive damages from one damaging crypto worm, NotPetya, caused multiple lawsuits when insurers refused to pay out on cyber insurance claims.

https://www.darkreading.com/risk/cyber-insurance-firms-start-tapping-out-as-ransomware-continues-to-rise/d/d-id/1341109

Irish Health Service Faces Final Bill Of At Least €100M Following Cyber Attack

The cyber attack on IT systems in the health service will cost it at least €100 million, according to chief executive Paul Reid. This is at the lower end of estimates of the total cost, he indicated, and includes the cost of restoring the network, upgrading systems to Microsoft 365 and the disruption caused to patients. Appointments for about 7,000 patients a day are being cancelled, almost two weeks after a criminal gang hacked the HSE systems. Mr Reid said the HSE was keen to see an independent and objective assessment of the cyber attack.

https://www.irishtimes.com/news/health/cyberattack-hse-faces-final-bill-of-at-least-100m-1.4577076

Ransomware: Dramatic Increase In Attacks Is Causing Harm On A Significant Scale

A dramatic increase in the number of ransomware attacks and their severity is causing harm on a significant scale, the UK's National Crime Agency (NCA) has warned. The NCA's annual National Strategic Assessment (NSA) of Serious and Organised Crime details how the overall threat from cyber crime has increased during the past year, with more severe and high-profile attacks against victims. Ransomware attacks have grown in frequency and impact over the course of the last year, to such an extent that they rank alongside other major crimes "causing harm to our citizens and communities on a significant scale," warns the report.

https://www.zdnet.com/article/ransomware-dramatic-increase-in-attacks-is-causing-harm-on-a-significant-scale/

Deepfakes Could Be The Next Big Security Threat To Businesses

An overwhelming majority of businesses say that manipulated online content and media such as deepfakes are a serious security risk to their organisation. Deepfakes have already been shown to pose a threat to people portrayed in the manipulated videos, and could have serious repercussions when the individual holds a position of importance, be it as a leader of a country, or a leader of an enterprise. Earlier in 2021, the FBI’s cyber division warned that deepfakes are a critical emerging threat that can be used in all manners of social engineering attacks including ones aimed at businesses.

https://www.techradar.com/news/deepfakes-could-be-the-next-big-security-threat-to-businesses

Ransomware: Two-Thirds Of Organisations Say They'll Take Action To Boost Their Defences

The severe disruption caused by the Colonial Pipeline ransomware attack has alerted organisations to the need to bolster their defences against cyber attacks – and two-thirds are set to take actions required to prevent them becoming another ransomware victim following the incident. The ransomware attack against Colonial Pipeline – one of the largest pipeline operators in the United States, providing almost half of the East Coast's fuel – caused disruption to operations and led to gas shortages, demonstrating how cyber attacks can have physical consequences.

https://www.zdnet.com/article/ransomware-two-thirds-of-organisations-say-theyll-take-action-to-boost-their-defences/

The 10 Most Dangerous Cyber Threat Actors

When hacking began many decades ago, it was mostly the work of enthusiasts fuelled by their passion for learning everything they could about computers and networks. Today, nation-state actors are developing increasingly sophisticated cyber espionage tools, while cyber criminals are cashing in millions of dollars targeting everything from Fortune 500 companies to hospitals. Cyber attacks have never been more complex, more profitable, and perhaps even more baffling. At times, drawing clear lines between different kinds of activities is a challenging task. Nation-states sometimes partner with each other for a common goal, and sometimes they even appear to be working in tandem with cyber criminal gangs.

https://www.csoonline.com/article/3619011/the-10-most-dangerous-cyber-threat-actors.html

Cyber Security Leaders Lacking Basic Cyber Hygiene

Constella Intelligence released the results of a survey that unlocks the behaviours and tendencies that characterize how vigilant organisations’ leaders are when it comes to reducing cyber vulnerability, allowing the industry to better understand how social media is leveraged as an attack vector and how leaders are responding to this challenge. The findings from the survey, which polled over 100 global cyber security leaders, senior-level to C-suite, across all major industries, including financial services, technology, healthcare, retail, and telecommunications, revealed that 57% have suffered an account takeover (ATO) attack in their personal lives—most frequently through email (52%), followed by LinkedIn (31%) and Facebook (26%).

https://www.helpnetsecurity.com/2021/05/26/cybersecurity-leaders-cyber-hygiene/

Watch Out: Crypto Jacking Is On The Rise Again

During the last year, though, malicious crypto mining has seen a resurgence, with NTT’s 2021 Global Threat Intelligence Report, published this month, revealing that crypto miners have now overtaken spyware as the world’s most common malware. Crypto miners, says NTT, made up 41% of all detected malware in 2020, and were most widely found in Europe, the Middle East, Africa, and the Americas. The most common coinminer variant was XMRig, which infects a user’s computer to mine Monero, accounting for 82% of all mining activity. Others included Crypto miner and XMR-Stack.

https://cybernews.com/security/watch-out-cryptojacking-is-on-the-rise-again/

Threats

Ransomware

• Ransomware Attacks Are Becoming More Common – How Do We Stop Them?

• Ryuk Ransomware Operators Shift Tactics To Target Victims

• Bose Confirms Ransomware Attack That Exposed Employee Data

• Russian To Be Deported After Failed Tesla Ransomware Plot

• Ransomware Attack Halts Child Protection Court Cases

• FBI Warns Of Conti Ransomware Attacks Against Healthcare Organisations

• HSE Cyber Attack Has Had ‘Devastating Impact’, Cancer Services Director Says

Phishing

• Financial Spear-Phishing Campaigns Pushing RATs

• This Massive Phishing Campaign Delivers Password-Stealing Malware Disguised As Ransomware

Other Social Engineering

• NatWest Launches 'Urgent' Crypto Currency Scam Alert

• Eight Men Arrested Over Royal Mail Delivery Scam Texts

• Fake Amazon Order Emails Lead To Vishing

Malware

• This Fake Streaming Service Will Spread Malware

• This Ransomware-Spreading Malware Botnet Just Will Not Go Away

Mobile

• New Malware Plunders Dutch Android Users’ Bank Accounts

IOT

• Hackers Can Use Smart Plugs To Break Into Your Home Network

Vulnerabilities

• VMware Sounds Ransomware Alarm Over Critical Severity Bug

• Trend Micro Bugs Threaten Home Network Security

• Digging Into A Ubiquiti Firmware Update Bug

• “Unpatchable” Vuln In Apple’s New MAC Chip – What You Need To Know

• PDF Feature ‘Certified’ Widely Vulnerable To Attack

• SonicWall urges customers to 'immediately' patch NSM On-Prem bug

• FBI Issues Warning About Fortinet Vulnerabilities After Apt Group Hacks Local Gov’t Office

• Restaurant Reservation System Patches Easy-To-Exploit XSS Bug

• Bluetooth Flaws Allow Attackers To Impersonate Legitimate Devices

Data Breaches

• UK Police Suffered Thousands Of Data Breaches In 2020

• Air India Cyber Attack: Personal Data Of Over 4.5 Million Passengers Leaked

Organised Crime & Criminal Actors

• ‘Privateer’ Threat Actors Emerge From Cyber Crime Swamp

Cryptocurrency

• Crypto Currency Crackdown Will not Stop Ransomware, CISA Official Says

• Watch Out: Crypto Jacking Is On The Rise Again

• Bitcoin Mine Found Stealing Electricity

Dark Web

• French Authorities Seize Their Third Dark Web Marketplace

OT, ICS, IIoT and SCADA

• Cyber Attacks On Operational Technology Are On The Rise

• UK Prepares For Ransomware Attacks On Pipelines

Nation State Actors

• Threat Actor ‘Agrius’ Emerges To Launch Wiper Attacks Against Israeli Targets

• Russian Group Behind SolarWinds Spy Campaign Conduct New Cyber Attacks

• Belgium Uproots Cyber Espionage Campaign With Suspected Ties To China

Privacy

• Employers Are Watching Remote Workers And They Are Monitoring These Activities

• GCHQ’s Mass Data Interception Violated Right To Privacy, Court Rules

• Amazon Devices Will Soon Automatically Share Your Internet With Neighbours

Reports Published in the Last Week

• Report: Cloud Security Breaches Surpass On-Prem Ones For The First Time

Other News

• Enemy Hackers Target NATO With Constant Cyber Attacks

• Security Is An Architectural Issue: Why The Principles Of Zero Trust And Least Privilege Matter So Much Right Now

• GDPR Is Being Used As A Bureaucratic Dodge To Avoid Public Scrutiny

• UK Universities To Be Offered Advice On National Security Threats

• How Hacking Became A Professional Service In Russia

• A Chinese Hacking Competition May Have Given Beijing New Ways To Spy On The Uyghurs

• 'Did Weak WiFi Password Lead The Police To Our Door?'

• How Much Economic Damage Would Be Done If A Cyber Attack Took Out The Internet?

• German Cyber Security Chief Fears Hackers Could Target Hospitals

• How The Post-Pandemic World Will Challenge CISOs

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Two Thirds Of CISOs Across World Expect Damaging Cyber Attack In Next 12 Months

More than 1,000 CISOs around the world have expressed concerns about the security ramifications of the massive shift to remote work since the beginning of the pandemic. One hundred CISOs from the US, Canada, the UK, France, Germany, Italy, Spain, Sweden, the Netherlands, UAE, Saudi Arabia, Australia, Japan, and Singapore were interviewed for the report, with many highlighting significant problems in the current cyber security landscape.

https://www.zdnet.com/article/two-thirds-of-cisos-across-world-expect-damaging-cyberattack-in-next-12-months/

Ransomware: Don't Pay Up, It Just Shows Cyber Criminals That Attacks Work, Warns Home Secretary

For victims of ransomware attacks, paying the ransom does not guarantee that their network will be restored – and handing money to criminals only encourages them to try their luck infecting more companies with the file-encrypting malware. The impact of ransomware attacks continues to rise as cyber criminals encrypt networks, while also blackmailing victims with the prospect of stolen data being published, to generate as much money as possible from extortion.

https://www.zdnet.com/article/ransomware-dont-pay-the-ransom-it-just-encourage-cyber-criminals-that-attacks-work-warns-home-secretary/

The Most Significant Cyber Attacks From 2006-2020, By Country

Committing a cyber crime can have serious consequences. In the US, a cyber criminal can receive up to 20 years in prison for hacking into a government institution if it compromises national security. Yet, despite the consequences, cyber criminals continue to wreak havoc across the globe. But some countries seem to be targeted more than others. Using data from SpecOps Software, this graphic looks at the countries that have experienced the most significant cyber attacks over the last two decades.

https://www.visualcapitalist.com/cyber-attacks-worldwide-2006-2020/

The Shape Of Fraud And Cyber Crime: 10 Things We Learned From 2020

While it remains true that the older you are, the greater the financial loss, why would fraudsters target the young, who are arguably less well off? The answer lies in volume. Criminals have been offsetting higher monetary gain for higher attack rates, capitalising on the fact that the young are perhaps both more liberal with personal information (and privacy in general) and, at the same time, heavy digital users (social media, surveys, games, and so on). In fact, it is scary to see how much value the humble email address can have for criminals. We often forget that once obtained, it can be used further down the line to commit more fraud.

https://www.computerweekly.com/opinion/The-shape-of-fraud-and-cyber-crime-10-things-we-learned-from-2020

Is Third-Party Software Leaving You Vulnerable To Cyber Attacks?

When companies buy digital products, they expect them to be secure. In most cases, they do not test for vulnerabilities down the digital supply chain — and do not even have adequate processes or tools to do so. Hackers have taken note, and incidents of supply chain cyber attacks, which exploit weaknesses within the digital supply chain to break into organisations’ internal networks, are on the rise. As a result, there have been many headline incidents that not only bring shame to the companies involved, but rachet up the visibility of these threats to top executives who want to know their offerings are secure.

https://hbr.org/2021/05/is-third-party-software-leaving-you-vulnerable-to-cyberattacks

US Pipeline Ransomware Attack Serves As Fair Warning To Persistent Corporate Inertia Over Security

Organisations that continue to disregard the need to ensure they have adopted basic cyber security hygiene practices should be taken to task. This will be critical, especially as cyber criminals turn their attention to sectors where cyber threats can result in real-world risks, as demonstrated in the US Colonial Pipeline attack. In many of my conversations with cyber security experts, there is a shared sense of frustration that businesses still are failing to get some of the most basic things right. Default passwords are left unchanged, frontline staff and employees are still falling for common scams and phishing attacks, and major businesses think nothing of using technology that are decades old.

https://www.zdnet.com/article/us-pipeline-ransomware-attack-serves-as-fair-warning-to-persistent-corporate-inertia-over-security/

Ransomware Attackers Are Now Using Triple Extortion Tactics

The number of organisations affected by ransomware so far this year has more than doubled, compared with the same period in 2020, according to the report. Since April, Check Point researchers have observed an average of 1,000 organisations impacted by ransomware every week. For all of 2020, ransomware cost businesses worldwide around $20 billion, more than 75% higher than the amount in 2019. The healthcare sector has been seeing the highest volume of ransomware with around 109 attacks per organization each week. Amid news of a ransomware attack against gas pipeline company Colonial Pipeline, the utilities sector has experienced 59 attacks per organization per week. Organisations in the insurance and legal sector have been affected by 34 such attacks each week.

https://www.techrepublic.com/article/ransomware-attackers-are-now-using-triple-extortion-tactics/

AXA Pledges To Stop Reimbursing Ransom Payments For French Ransomware Victims

Insurance company AXA has revealed that, at the request of French government officials, it will end cyber insurance policies in France that pay ransomware victims back for ransoms paid out to cyber criminals. While unconfirmed, the Associated Press reported that the move was an industry first. AXA is one of the five biggest insurers in Europe and made the decision as ransomware attacks become a daily occurrence for organisations across the world.

https://www.zdnet.com/article/axa-pledges-to-stop-reimbursing-ransom-payments-for-french-ransomware-victims/

The Dystopic Future Of Cyber Security And The Importance Of Empowering CISOs

Over a decade ago, in 2007, the first iPhone was released and with it emerged an ecosystem of apps that continues to expand to this day. This was a watershed moment, not solely for the technology industry, but civilization. It was a catalyst for what was to come. Suddenly, every consumer could access the internet at a touch of a button, and the accumulation of their data by private companies began en masse. It was at this point that data was established as an increasingly valuable commodity, and in turn, became a heightened exploitation risk. It also instigated a wave of innovation that has yet to break and is only growing rapidly in pace. In this state, technology providers, users, and manufacturers get excited about new functionalities, new features, new developments, while little thought is given to the negative consequences that could arise as a result. Indeed, fear has no place in the state of innovation as it is this primal thinking that inhibits creativity.

https://www.infosecurity-magazine.com/blogs/the-dystopic-future-of/

Cyber Security Experts Warn Over Online Wine Scams

Online wine scams became a bigger threat as cyber criminals sought to take advantage of more people and businesses organising virtual drinks and ordering bottles on the internet in the wake of Covid-19 restrictions, suggests the report. So-called ‘phishing emails’ were a particular concern, according to findings published in April by US-based group Recorded Future in partnership with Area 1 Security. From January 2020 onwards, the authors found a significant rise in legitimate wine-themed web domain registrations using terms like Merlot, Pinot, Chardonnay or Vino.

https://www.decanter.com/wine-news/cyber-security-experts-warn-over-online-wine-scams-457647/

Threats

Ransomware

• New Ransomware: CISA Warns Over Fivehands File-Encrypting Malware Variant

• Energy Companies Are The Firms Most Likely To Pay Cyber Attack Ransoms

• A Student Pirating Software Led To A Full-Blown Ryuk Ransomware Attack

• MTR In Real Time: Pirates Pave Way For Ryuk Ransomware

• Ransomware Going For $4K On The Cyber Underground

• Foreign Secretary Issues Warning To Russia On Ransomware

• Anatomy Of A $2 Million Darkside Ransomware Breach

BEC

• Business Email Compromise Attack Targeted Dozens Of Orgs

Phishing

• Phishing Attacks Exploit Cognitive Biases, Research Finds

• AI Discovers A Complex Phishing Crypto Currency Scam Campaign

Other Social Engineering

• Coronavirus-Related Cyber Crime Contributes To 15-Fold Surge In Scam Takedowns

• She Responded To A Smishing Scam. Then The Spam Texts Got Worse.

Malware

• Emails Reveal 128 Million iOS Users Were Affected By ‘Xcodeghost’ Malware

Mobile

• A New Smishing Trojan Is Out And About

• New Android Malware Targeting Banks In Italy, Spain, Germany, Belgium, And The Netherlands

IOT

• How To Apply A Zero Trust Approach To Your IoT Solutions

• Troy Hunt At Black Hat Asia: ‘We’re Making It Very Difficult For People To Make Good Security Decisions’

Vulnerabilities

• Don’t Delay Installing Your Windows 10 May Patch Tuesday Update – It Fixes 3 Zero-Day Exploits

• Patch Adobe Reader Now Or Risk A Major Security Attack

• WiFi Vulnerability May Leave Millions Of Devices Open To 'Frag Attacks'

• Remote Mouse Mobile App Contains Raft Of Zero-Day RCE Vulnerabilities

• Lemon Duck Hacking Group Adopts Microsoft Exchange Server Vulnerabilities In New Attacks

Data Breaches

• Hackers release personal info of 22 DC Police officers

• Anatomy Of A $2 Million Darkside Ransomware Breach

Organised Crime & Criminal Actors

• Bulletproof Hosting Admins Plead Guilty To Running Cyber Crime Safe Haven

Supply Chain

• Rapid7 Source Code, Credentials Accessed In Codecov Supply-Chain Attack

Nation State Actors

• Russian Hackers Are Targeting These Vulnerabilities, So Patch Now

• NCSC Warns British Start-Ups Of Threat From Chinese And Russian Hackers

• NCSC, CISA publish new information on Russia’s Cozy Bear

Privacy

• Your Employer May Be Spying On You — Here Are 3 Ways To Stop It

Reports Published in the Last Week

• DDOS Attacks In Q1 2021

• Verizon 2021 Data Breach Investigations Report (DBIR)

Other News

• University Cancels Exams After Cyber Attack

• Your Old Mobile Phone Number Could Compromise Your Cyber Security

• Microsoft's New Security Feature Locks Hackers Out With GPS

• Biden Signs Executive Order Aiming To Prevent Future Cyber Security Disasters

• Cyber Security And Compliance For Healthcare Organizations

• Train Firm’s ‘Worker Bonus’ Email Is Actually Cyber Security Test

• Half Of Government Security Incidents Caused By Missing Patches

• 90% Of Security Leaders View Bot Management As A Top Priority

• 'Everyone Had To Rethink Security': What Microsoft Learned In Last Year

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.