Attacks

Phishing continues to be a popular method of initial access for threat actors. The effectiveness of phishing attacks, when paired with increasingly popular evasion techniques such as process injection and process hollowing, create a dangerous combination. These types of attacks will likely continue to grow in popularity due to the accessibility of closed source tools like this. They also serve to highlight the importance of a mature detection program that can respond to complex attacks…

Read More

The first step to secure IoT devices is knowing what is connected. This includes using a device identification and discovery tool that automates three critical IoT security functions: • Automatically and continuously detects, profiles, and classifies IoT devices on the network.• Maintains a real-time inventory of devices.• Provides relevant risk insights for each of these asset classes by continuously monitoring across attack vectors. By following these industry best practices for IoT security and adopting leading-edge…

Read More

While this vulnerability was patched nearly a year ago, it is still being actively exploited in many organizations. This demonstrates the need for two key functions in any organization – threat intelligence and a patching schedule. Adequate threat intelligence is needed in an organization for a variety of different reasons, but one key reason is to ensure that the organization is made aware of any vulnerabilities that have been released in a timely manner. Threat…

Read More

To minimize the traces left behind, the attacker attempted to disable CloudTrail logs in the compromised AWS account. Additionally, Sysdig’s report indicates that the attacker retrieved Terraform state files from the S3 buckets containing IAM user access keys and a secret key for a second AWS account. This account was eventually used for lateral movement within the organization’s cloud network. In order to effectively address the risks introduced by cloud facing threats, organizations are highly…

Read More

The CYFIRMA team has discovered evidence that EX-22 was created by LockBit 3.0 associates or members of the ransomware operation’s development staff. Firstly, they discovered that the framework used the same “domain fronting” method used by the LockBit and the TOR obfuscation plugin Meek, which assists in concealing malicious traffic inside normal HTTPS connections to legitimate platforms. Further research by CYFIRMA revealed that EX-22 makes use of the identical C2 infrastructure that was previously disclosed…

Read More

The company that has developed the theme was made aware of attacks that were being carried out in the wild and has provided updates to the theme and login register. The theme that is not vulnerable to this bug is version 2.7.2 and later, which will prevent the first vulnerability. The second vulnerability can be mitigated by ensuring the login register is running version 2.6.4 or later. Anyone running the Houzez theme and plugin should…

Read More

To protect against attacks such as this, organizations should:• Configure email clients to notify users when emails originate from outside the organization.• Focus on cyber security awareness and training.• Regularly provide users with training on information security principles and techniques as well as overall emerging cybersecurity risks and vulnerabilities.• Ensure Office applications are configured to disable all macros without notification.• Pay special attention to warning notifications in email clients and Office applications.• Implement monitoring of…

Read More

Individuals who were affected by this incident should consider following these steps: 1. Take advantage of the identity theft protection services offered by the university. This will help monitor any suspicious activity related to personal information.2. Monitor financial accounts and credit reports regularly. Look for any unauthorized activity or changes to credit reports that aren’t recognized.3. Change passwords for any accounts that use the same password as the Stanford University account. Use strong, unique passwords…

Read More

The hijacking of x64dbg to load PlugX was discovered last month by Palo Alto Networks Unit 42, which discovered a new variant of the malware that hides malicious files on removable USB devices to propagate the infection to other Windows hosts. Persistence is achieved by changing the Windows Registry and setting up scheduled processes to maintain access. Trend Micro’s analysis also revealed the use of x32dbg.exe to deploy a backdoor, a User Datagram Protocol (UDP)…

Read More