Attacks

LearnPass site administrators should update the plugin to version 4.2 or above as soon as possible. It is critical for maintainers of WordPress websites to continuously update both WordPress core and all installed plugins. Binary Defense highly recommends WordPress users enable auto-updates wherever possible. https://www.bleepingcomputer.com/news/security/75k-wordpress-sites-impacted-by-critical-online-course-plugin-flaws/

Read More

Keeping Endpoint Detection and Response (EDR) systems up-to-date and properly tuned can help companies identify process injection attacks. To help prevent the macro bypass, companies should limit write access to the default Templates directories for Microsoft Office. The SMB spreader can be detected by collecting a baseline of standard SMB netflow traffic and alerting against deviations from that, though this requires a well-staffed security team. https://thehackernews.com/2023/01/emotet-malware-makes-comeback-with-new.html

Read More

The latest versions of the Safari browser, macOS, iOS, and watchOS address several recently discovered vulnerabilities. Not only does Binary Defense recommend that users upgrade their Apple devices to the latest software versions, but the Cybersecurity and Infrastructure Security Agency (CISA) has issued a notice for Federal Civilian Executive Branch (FCEB) agencies to patch their devices to secure them “against active threats.” https://www.bleepingcomputer.com/news/apple/apple-fixes-actively-exploited-ios-zero-day-on-older-iphones-ipads/ https://support.apple.com/en-us/HT213597

Read More

DragonSpark does not appear to have any notable ties to other Chinese based threat actors. Based on the attacks that the group is carrying out, especially in regards to the locations of the victims as well as the choice of tools primarily developed by Chinese authors, researchers are fairly certain that the group has ties to China. It highly recommended that companies that either have ties to Eastern Asia or do a lot of business…

Read More

“It doesn’t stop with the stacked ads, though. For as many of those as might be rendering on a user’s device at once, they keep loading new ads until the ad slot with the malicious ad code is closed. The actors behind the VASTFLUX scheme clearly have an intimate understanding of the digital advertising ecosystem,” stated the company. In order to mislead both the advertising companies and the applications that display adverts, the campaign also…

Read More

Individuals who have been compromised by this breach should change login information immediately. FanDuel allows for multi-factor authentication (MFA), which should be enabled on any active account. Phishing attacks are likely to occur after this type of information is stolen. FanDuel users that have been notified of a data breach should remain vigilant for future phishing attacks. Many account compromises are caused by using the same credentials across numerous sites. If one site is breached,…

Read More