Continuous Monitoring and Protection
The IRS provided excellent tips for protecting against these types of scams: • File early. OK. The ship may have already sort of sailed on this one, but the earlier you file, the less time cybercriminals have to use your identity to commit fraud.• Watch out for phishing and smishing. The IRS won’t send unsolicited emails or texts. Skip the links and attachments and go straight to the IRS or the applicable state and city…
Read MoreSome defensive measures can be taken to lessen the likelihood of infection by AresLoader and other malware strains alike, including: 1. Be cautious when downloading and installing software: AresLoader malware is being spread through deceptive software installers, so it’s important to be careful when downloading and installing new software. Only download software from reputable sources and be wary of any installers that look suspicious or untrustworthy. 2. Keep software up to date: Cybercriminals often exploit…
Read MoreNotorious dark web hacking forum BreachForums is reportedly shutting down following the arrest of one of its top administrators by the United States’ Federal Bureau of Information (FBI). The administrator of the site, who went by ‘Pompompurin’ on the site and was named as Conor Brian Fitzpatrick by the FBI, was allegedly arrested by the Bureau on March 15 on suspicion of hosting and running the forum. BreachForums was thought to be the reincarnation of…
Read MoreEmail-based security is one of the most effective methods to help prevent malware infections from occurring in the first place. Utilizing proper email security controls, such as AV scanning and sandboxing for attachments, is highly recommended to help prevent malicious files or URLs from being presented to an end user. In cases where a malicious item may make it through, having strong endpoint security controls, such as an EDR, can help prevent a compromise of…
Read MoreTo protect against Nexus and other Android banking trojans, users should only download apps from official app stores, keep their devices up to date with the latest security patches, and be cautious of suspicious emails and websites. Additionally, users should enable 2FA wherever possible to add an extra layer of security. https://thehackernews.com/2023/03/nexus-new-rising-android-banking-trojan.html?&web_view=true
Read MoreThe following ThinServer vulnerabilities are notable: CVE-2023-28756 (CVSS score: 7.5) and CVE-2023-28755 (CVSS score: 9.8), because they could enable an unauthenticated, remote attacker to upload any file to the directory where ThinServer.exe is installed. In addition, a threat actor might use the CVE-2023-28755 vulnerability to replace current executable files with trojanized versions. To reduce security risks, users are urged to update software to the following versions: 11.0.6, 11.1.6, 11.2.7, 12.0.5, 12.1.6, and 13.0.2. Versions 6.x…
Read MoreToday, CISA released the Untitled Goose Tool to help network defenders detect potentially malicious activity in Microsoft Azure, Azure Active Directory (AAD), and Microsoft 365 (M365) environments. The Untitled Goose Tool offers novel authentication and data gathering methods for network defenders to use as they interrogate and analyze their Microsoft cloud services. The tool enables users to: Export and review AAD sign-in and audit logs, M365 unified audit log (UAL), Azure activity logs, Microsoft Defender…
Read MoreIn today’s blog post, Associate Director of the Joint Cyber Defense Collaborative (JCDC) Clayton Romans highlighted recent successes of pre-ransomware notification and its impact in reducing harm from ransomware intrusions. With pre-ransomware notifications, organizations can receive early warning and potentially evict threat actors before they can encrypt and hold critical data and systems for ransom. Using this proactive cyber defense capability, CISA has notified more than 60 entities of early-stage ransomware intrusions since January 2023, including…
Read MoreWhile exploitation was not seen prior to disclosure, it is likely that these vulnerabilities will start to be exploited by attackers who modify the Proof-of-Concept exploit for their own use. This article demonstrates the need to stay up to date on patching, as the patch was released nearly 3 months before these exploits were made public. Additionally, these vulnerabilities demonstrate the need for a defense-in-depth strategy, as many of these cannot be exploited without requiring…
Read MoreThis threat actor has been seen running similar campaigns in the past, but these recent campaigns drew attention from German government authorities due to targeting “experts on issues relating to the Korean Peninsula.” Government bodies publicly speaking out regarding phishing campaigns is a major step in raising awareness about such attacks, which decreases their effectiveness. This campaign is ongoing, with the malicious domains still appearing to be active. To check for evidence of this attack,…
Read More