CyberSecure Specialist

30 Aug

CISA and FBI Publish Joint Advisory on QakBot Infrastructure

Today, the Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory (CSA), Identification and Disruption of QakBot Infrastructure, to help organizations detect and protect against newly identified QakBot-related activity and malware. QakBot—also known as Qbot, Quackbot, Pinkslipbot, and TA570—is responsible for thousands of malware infections globally. Originally used as a banking trojan to steal banking credentials for account compromise, QakBot—in most cases—was delivered via phishing campaigns containing…

30 Aug

VMware Releases Security Updates for Aria Operations for Networks

Attacks, Insights, Malware

VMware has released security updates to address multiple vulnerabilities in Aria Operations for Networks. A cyber threat actor can exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2023-0018 and apply the necessary updates.

29 Aug

Recovering from a supply-chain attack: What are the lessons to learn from the 3CX hack?

Information

The campaign started with a trojanized version of unsupported financial software

29 Aug

Mom’s Meals issues “Notice of Data Event”: What to know and what to do

Information

by Paul Ducklin US food delivery compeny PurFoods, which trades as Mom’s Meals, has just admitted to a cyberintrusion that took place from 2023-01-16 to 2023-02-22. The company stated officially that: [The] cyberattack […] included the encryption of certain files in our network. Because the investigation identified the presence of tools that could be used for data exfiltration (the unauthorized transfer of data), we can’t rule out the possibility that data was taken from one…

29 Aug

U.S. Hacks QakBot, Quietly Removes Botnet Infections

Information, Insights

The U.S. government today announced a coordinated crackdown against QakBot, a complex malware family used by multiple cybercrime groups to lay the groundwork for ransomware infections. The international law enforcement operation involved seizing control over the botnet’s online infrastructure, and quietly removing the Qakbot malware from tens of thousands of infected Microsoft Windows computers. Dutch authorities inside a data center with servers tied to the botnet. Image: Dutch National Police. In an international operation announced…

29 Aug

New ‘MMRat’ Android Trojan Targeting Users in Southeast Asia

Information, News

A newly identified Android trojan targeting users in Southeast Asia is allowing attackers to control devices remotely and perform bank fraud, Trend Micro reports. Dubbed MMRat and active since June, the malware can capture user input and take screenshots, and uses a customized command-and-control (C&C) protocol based on Protobuf, which improves its performance when transferring large amounts of data. The malware has been distributed via websites masquerading as official application stores, and which were tailored…

29 Aug

CISA Releases IOCs Associated with Malicious Barracuda Activity

Attacks, Insights, Malware

CISA has released additional indicators of compromise (IOCs) associated with exploitation of CVE-2023-2868. CVE-2023-2868 is a remote command injection vulnerability affecting Barracuda Email Security Gateway (ESG) Appliance, versions 5.1.3.001-9.2.0.006. Malicious threat actors exploited this vulnerability as a zero day as early as October 2022 to gain access to ESG appliances. Download the newly released IOCs associated with this activity: IOCs Associated with Exploitation of Barracuda ESG Vulnerability CVE-2023-2868 (JSON, 85.34 KB ) Review the following…

28 Aug

Acquisition Chatter Swirls Around SentinelOne, BlackBerry

Information, News

Prominent anti-malware vendors SentinelOne and BlackBerry have been separately named in public acquisition chatter, underscoring a clear signal of impending consolidation in cybersecurity. According to published reports, private equity firm Veritas Capital is in early talks to acquire BlackBerry, the venerable tech firm that acquired Cylance and reinvented itself as a cybersecurity vendor. Neither Veritas or BlackBerry has commented on the reports, which say Veritas is interested in acquiring all of the Canadian company, while…

26 Aug

How a Telegram bot helps scammers target victims – Week in security with Tony Anscombe

Information

ESET researchers uncover a Telegram bot that enables even less tech-savvy scammers to defraud people out of their money

25 Aug

Kroll Employee SIM-Swapped for Crypto Investor Data

Data Breaches, Information, Insights

Security consulting giant Kroll disclosed today that a SIM-swapping attack against one of its employees led to the theft of user information for multiple cryptocurrency platforms that are relying on Kroll services in their ongoing bankruptcy proceedings. And there are indications that fraudsters may already be exploiting the stolen data in phishing attacks. Cryptocurrency lender BlockFi and the now-collapsed crypto trading platform FTX each disclosed data breaches this week thanks to a recent SIM-swapping attack…

CISA and FBI Publish Joint Advisory on QakBot Infrastructure

VMware Releases Security Updates for Aria Operations for Networks

Recovering from a supply-chain attack: What are the lessons to learn from the 3CX hack?

Mom’s Meals issues “Notice of Data Event”: What to know and what to do

U.S. Hacks QakBot, Quietly Removes Botnet Infections

New ‘MMRat’ Android Trojan Targeting Users in Southeast Asia

CISA Releases IOCs Associated with Malicious Barracuda Activity

Acquisition Chatter Swirls Around SentinelOne, BlackBerry

How a Telegram bot helps scammers target victims – Week in security with Tony Anscombe

Kroll Employee SIM-Swapped for Crypto Investor Data

Search

The 6 Stages of a Vulnerability Management Process

Get Cybersecurity Alerts

Read More

Categories

Site Navigation

Resources