CyberSecure Specialist

12 Jan

CISA Releases Twelve Industrial Control Systems Advisories

Attacks, Insights, Malware

Original release date: January 12, 2023 CISA released twelve Industrial Control Systems (ICS) advisories on January 12, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.  CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-23-012-01 Sewio RTLS Studio ICSA-23-012-02 RONDS Equipment Predictive Maintenance Solution ICSA-23-012-03 InHand Networks InRouter ICSA-23-012-04 Panasonic Sanyo CCTV Network Camera ICSA-23-012-05 SAUTER Controls Nova 200 – 220…

Read More
11 Jan

StrongPity espionage campaign targeting Android users

Information

ESET researchers identified an active StrongPity campaign distributing a trojanized version of the Android Telegram app, presented as the Shagle app – a video-chat service that has no app version ESET researchers identified an active campaign that we have attributed to the StrongPity APT group. Active since November 2021, the campaign has distributed a malicious app through a website impersonating Shagle – a random-video-chat service that provides encrypted communications between strangers. Unlike the entirely web-based,…

Read More
11 Jan

Cybercriminals bypass Windows security with driver-vulnerability exploit

Data Breaches, Malware, Social Engineering

The Scattered Spider cybercrime group has recently been observed attempting to deploy a malicious kernel driver using a tactic called bring your own vulnerable driver (BYOVD) — a warning to security professionals that the technique, which exploits longstanding deficiencies in Windows kernel protections, is still being employed by cybercriminals, according to cybersecurity company CrowdStrike. In this latest BYOVD attack, which was observed and stopped by CrowdStrike’s Falcon security system, Scattered Spider attempted to deploy a…

Read More
11 Jan

NCSC-UK Releases Guidance on Using MSP for Administering Cloud Services

Attacks, Insights, Malware

Original release date: January 11, 2023 The United Kingdom’s National Cyber Security Centre (NCSC-UK) has released a blog post, Using MSPs to administer your cloud services, that provides organizations security considerations for using a third party, such as a managed service provider (MSP), to administer cloud services. Contracting with an MSP for cloud service management has become an increasingly appealing option for organizations. The post discusses the trade-offs involved as well as specific security checks…

Read More
11 Jan

StrongPity APT Group Distributing Fake Shagle App

Attacks, Malware

Binary Defense strongly recommends that Android users source their apps from a trusted source such as the Google Play store. Extreme caution should be used when installing an APK from any other source. https://www.bleepingcomputer.com/news/security/hackers-target-android-users-with-fake-shagle-video-chat-app/

Read More
11 Jan

Over 1,300 Fake AnyDesk Sites Push Vidar Info-Stealing Malware

Attacks, Malware

Users are advised to bookmark official sites used for downloading software, avoid clicking on promoted results (ads) in Google Search, and find the official URL of a software project from their official website, documentation, or your OS’s package manager. https://www.bleepingcomputer.com/news/security/over-1-300-fake-anydesk-sites-push-vidar-info-stealing-malware/

Read More
11 Jan

Dark Pink APT Group Targets Government and Military Entities with Custom Malware

Attacks, Malware

While this threat actor has been seen making use of custom malware, Dark Pink, like most threat actors, is still relying on phishing to gain their initial access into an environment. Phishing is one of the most prominent tactics used by threat actors, with the frequency and volume of phishing-related attacks on the rise every year. To protect against phishing, it is recommended to provide sufficient user training and education, as well as implementing an…

Read More
11 Jan

Study shows attackers can use ChatGPT to significantly enhance phishing and BEC scams

Data Breaches, Malware, Social Engineering

Security researchers have used the GPT-3 natural language generation model and the ChatGPT chatbot based on it to show how such deep learning models can be used to make social engineering attacks such as phishing or business email compromise scams harder to detect and easier to pull off. The study, by researchers with security firm WithSecure, demonstrates that not only can attackers generate unique variations of the same phishing lure with grammatically correct and human-like…

Read More
11 Jan

Cyber Incident Hits UK Postal Service, Halts Overseas Mail

Information, News

Britain’s postal service said it was hit Wednesday by a “cyber incident” that is temporarily preventing it from sending letters or parcels to other countries. Royal Mail reported on its website that international export services were “experiencing severe service disruption” without providing further details. “We are temporarily unable to dispatch items to overseas destinations,” the service said, adding that it recommended customers hold on to mail destined for outside the country while it works on…

Read More
11 Jan

Timeline of the latest LastPass data breaches

Data Breaches, Malware, Social Engineering

On November 30, 2022, password manager LastPass informed customers of a cybersecurity incident following unusual activity within a third-party cloud storage service. While LastPass claims that users’ passwords remain safely encrypted, it admitted that certain elements of customers’ information have been exposed. The security incident was the latest to affect the service in recent times in the wake of unauthorized access to its development environment in August last year, serious vulnerabilities in 2017, a phishing…

Read More