Attacks

It is highly recommended to make sure all systems are fully up-to-date on patching, particularly systems that are externally facing. It appears that the threat actors are exploiting an Oracle WebLogic vulnerability from 2017, dubbed CVE-2017-10271, to establish an initial foothold in the environment. Newer versions of Oracle WebLogic are no longer vulnerable to this, so upgrading to the latest version is recommended to help prevent this attack. Likewise, implementing and maintaining endpoint security controls,…

Read More

Security patches are available in the following versions: • FortiOS v.6.2.13, v.6.4.12, v.7.0.10, v.7.2.4, v.7.4.0• FortiOS-6K7K v.6.2.13, v.6.4.12, v.7.0.10• FortiProxy v.2.0.12, 7.0.9, v.7.0.9 Fortinet also advises customers to disable the HTTP/HTTPS administration interface or restrict the IP addresses that can access it as workarounds. It is recommended for organizations to implement these changes to secure administration interfaces, regardless of their vulnerability management cycle and patch deployment. https://thehackernews.com/2023/03/new-critical-flaw-in-fortios-and.html

Read More

These attacks can have severe consequences for both the affected organization and its clients or customers, as sensitive information can be leaked or lost, and operations can be disrupted.To prevent these attacks, organizations must take measures to secure their networks and train employees on how to spot and avoid phishing emails and other types of social engineering attacks. It is also essential to have a robust backup system in place so that data can be…

Read More

As IT spending on the cloud continues to grow, organizations need to make sure they’re also reviewing their security sets to ensure they can handle new, cloud-related obstacles. Source: https://www.axios.com/2023/03/07/hackers-cloud-breaches-cybersecurity?&web_view=true

Read More

Espionage groups using social engineering tactics on government and military officials are nothing new. This campaign demonstrates the risks associated with downloading apps outside of app stores that are maintained by a trusted source. Furthermore, this highlights the importance of segmenting personal and professional devices. Compromising a personal phone, while impactful, could have a greatly reduced impact if that device doesn’t contain confidential information that an attacker could be seeking out. Source: https://thehackernews.com/2023/03/transparent-tribe-hackers-distribute.html

Read More

While many of the capabilities of this malware framework are rather typical, this “Radio Silence” mode is somewhat novel and is not seen displayed by many malware implants. Many times, malware in an environment can be identified through abnormal communications, such as a large number of connections from a host over the weekend that is typically dormant. With this feature, however, the operators can pick and choose when they want their communications to be sent,…

Read More

Binary Defense and SentinelOne advise system administrators to set Windows UAC to “Always Notify,” with the caveat that this may be excessively intrusive for some organizations. For trusted filesystem paths with trailing spaces, administrators should keep an eye out for suspicious file creations and process executions, especially in directories containing the string “Windows”. https://www.bleepingcomputer.com/news/security/old-windows-mock-folders-uac-bypass-used-to-drop-malware/

Read More

There is no indication that this attack is being carried out in the wild. Microsoft has addressed the issue with a patch but warned that there are other workarounds if needed. For anyone that cannot apply the fix for some reason, Microsoft recommends reading all emails in plain text. Another workaround is to enable the Microsoft Office File Block Policy, which prevents Office apps from opening RTF documents from unknown origins. To do this, the…

Read More

This incident follows a series of Acer security breaches that happened over the previous few years. The REvil ransomware gang attacked the computer manufacturer in March 2021, demanding a record-breaking $50,000,000 ransom payment for a decryptor. The hacker group Desorden gained access to Acer’s after-sales systems in India. As a result, over 60GB of data was compromised, including information about thousands of customers, retailer records, and distributors. https://www.bleepingcomputer.com/news/security/acer-confirms-breach-after-160gb-of-data-for-sale-on-hacking-forum/

Read More