CyberSecure Specialist

30 Oct

CloudScout: Evasive Panda scouting cloud services

Information

In this blogpost, we provide a technical analysis of CloudScout, a post-compromise toolset used by Evasive Panda to target a government entity and a religious organization in Taiwan from 2022 to 2023. The CloudScout toolset is capable of retrieving data from various cloud services by leveraging stolen web session cookies. Through a plugin, CloudScout works seamlessly with MgBot, Evasive Panda’s signature malware framework. Key points of this blogpost: The CloudScout toolset was detected in Taiwan,…

Read More
30 Oct

Tony Fadell: Innovating to save our planet | Starmus highlights

Information

We Live Science As methane emissions come under heightened global scrutiny, learn how a state-of-the-art satellite can pinpoint their sources and deliver the insights needed for targeted mitigation efforts 28 Oct 2024 While carbon dioxide typically takes center stage in discussions about climate change, methane emissions have historically flown somewhat under the radar. So what’s the real story with methane and how exactly do the emissions of this powerful greenhouse gas accelerate climate change? Increased…

Read More
30 Oct

Change Healthcare Breach Hits 100M Americans

Data Breaches, Information, Insights

Change Healthcare says it has notified approximately 100 million Americans that their personal, financial and healthcare records may have been stolen in a February 2024 ransomware attack that caused the largest ever known data breach of protected health information. Image: Tamer Tuncay, Shutterstock.com. A ransomware attack at Change Healthcare in the third week of February quickly spawned disruptions across the U.S. healthcare system that reverberated for months, thanks to the company’s central role in processing…

Read More
30 Oct

Fortinet Updates Guidance and Indicators of Compromise following FortiManager Vulnerability Exploitation

Attacks, Insights, Malware

Fortinet has updated their security advisory addressing a critical FortiManager vulnerability (CVE-2024-47575) to include additional workarounds and indicators of compromise (IOCs). A remote, unauthenticated cyber threat actor could exploit this vulnerability to gain access to sensitive files or take control of an affected system. At this time, all patches have been released. CISA previously added this vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation, as confirmed by Fortinet. CISA strongly encourages users…

Read More
29 Oct

JCDC’s Industry-Government Collaboration Speeds Mitigation of CrowdStrike IT Outage

Attacks, Insights, Malware

CISA, through the Joint Cyber Defense Collaborative (JCDC), enabled swift, coordinated response and information sharing in the wake of a significant IT outage caused by a CrowdStrike software update. This outage, which impacted government, critical infrastructure, and industry across the globe, led to disruptions in essential services, including air travel, healthcare, and financial operations. Leveraging its unique ability to bring together public and private sector partners, JCDC facilitated virtual engagements with over 1,000 federal agency…

Read More
25 Oct

Embargo ransomware: Rock’n’Rust

Information

ESET researchers have discovered new Rust-based tooling leading to the deployment of Embargo ransomware. Embargo is a relatively new player in the ransomware scene, first observed by ESET in June 2024. The new toolkit consists of a loader and an EDR killer, named MDeployer and MS4Killer respectively by ESET. MS4Killer is particularly noteworthy as it is custom compiled for each victim’s environment, targeting only selected security solutions. Both tools are written in Rust, the Embargo…

Read More
25 Oct

ESET Research Podcast: CosmicBeetle

Information

ESET Research Learn how a rather clumsy cybercrime group wielding buggy malicious tools managed to compromise a number of SMBs in various parts of the world ESET Research 24 Oct 2024  •  , 1 min. read Some cybercriminal groups are sophisticated, create advanced schemes, cooperate with other attackers and do everything to stay under the radar. Then there are threat actors like CosmicBeetle – they lack the necessary skills set, write crude malware, yet still…

Read More
24 Oct

CISA, US, and International Partners Release Joint Guidance to Assist Software Manufacturers with Safe Software Deployment Processes

Attacks, Insights, Malware

Today, CISA—along with U.S. and international partners—released joint guidance, Safe Software Deployment: How Software Manufacturers Can Ensure Reliability for Customers. This guide aids software manufacturers in establishing secure software deployment processes to help ensure software is reliable and safe for customers. Additionally, it offers guidance on how to deploy in an efficient manner as part of the software development lifecycle (SDLC). A well-designed software deployment process can help guarantee customers receive new features, security, and reliability…

Read More
24 Oct

Cisco Releases Security Bundle for Cisco ASA, FMC, and FTD Software

Attacks, Insights, Malware

Cisco released its October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication to address vulnerabilities in Cisco ASA, FMC, and FTD. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.    CISA encourages users and administrators to review the following advisory and apply the necessary updates:   Cisco Event Response: October 2024 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication

Read More
23 Oct

Google Voice scams: What are they and how do I avoid them?

Information

Scams Watch out for schemes where fraudsters trick people into sharing verification codes so they can gain access to their phone numbers Phil Muncaster 21 Oct 2024  •  , 5 min. read In our hyper-connected world, technology has transformed the way we communicate, enabling us to connect with anyone, anywhere, at the touch of a button. One of the most popular services to take advantage of the near ubiquity of high-speed internet coverage is Google…

Read More