This month, Microsoft announced a vulnerability in NFS. The exploit lies in how an attacker can force a victim NFS server to request an address from the attacker’s fake NFS server. The address returned will overflow memory on the victim NFS server and cause a crash. Through Microsoft’s MAPP program, Corelight Labs reviewed a proof-of-concept exploit for this vulnerability and wrote a Zeek®-based detection for it. You can find a PCAP of this exploit in our GitHub repository.

This month, Microsoft announced a vulnerability in PPTP, a part of the VPN remote access services on Windows systems that runs on port 1723/tcp. Through Microsoft’s MAPP program, Corelight Labs reviewed a proof of concept exploit for this vulnerability and wrote a Zeek®-based detection for it.

With the Internet's widespread growth, South Africa has become quite dependent on it for economic affairs. This sharing of self-generated data is a boon to all business transactions and even social interactions. The increased dependence on the digital world raises significant concerns about cyber security. Cybercrime is a global problem that has affected South Africa, both in the private sector and in government.

We are excited to announce Quadrant Knowledge Solutions has named CrowdStrike as a 2022 technology leader in the SPARK Matrix analysis of the global Digital Threat Intelligence Management market. Among all 28 vendors in the report, CrowdStrike received the highest score in the Technology Excellence category. The SPARK Matrix evaluates top vendors in the Digital Threat Intelligence Management space on a variety of criteria and groups them into Leaders, Challengers and Aspirants.

I hope you’re doing well and enjoying weather as nice as we have here in Canada. It’s gardening season and I have big plans to make sure I (once again!) win my tomato competition with my neighbour. I’m on a winning streak and am planting twice as many this year to guarantee victory. 😃 1Password 8 has scored some big wins as well. Let’s take a look.

The great thing about working in the world of cybersecurity is that there’s always something new. You may think you’ve seen it all, and then something comes along that completely surprises you. And that’s certainly true of the GoodWill ransomware, which security firm CloudSEK described this week.

Trustwave SpiderLabs in early April observed a Grandoreiro malware campaign targeting bank users from Brazil, Spain, and Mexico. The campaign exploits the tax season in target countries by sending out tax-themed phishing emails. Grandoreiro was first detected in 2016 is one of the largest banking trojan families developed to strike targets Latin America.

Read also: GM hit by a cyberattack, the Conti ransomware gang shuts down operation, and more cybersecurity news of the week.

WatchGuard’s Product Security Incident Response Team (PSIRT) has launched our public PSIRT page to provide a consolidated resource where network administrators can find advisories and information about security vulnerabilities in WatchGuard products, as well as WatchGuard’s investigations into industry-wide security issues that may impact our products or services.

When defining security policies, it is critical to know who the user is and what their privileges should be based on their role, and whether the device itself or the state of the device at the time of connection is in a known good state.