Attacks

As with many campaigns, this malware is spread through phishing techniques. This demonstrates the benefit of employing an email monitoring solution in an enterprise environment. Additionally, it demonstrates the need for constant – and recurring – user education on common phishing tactics and how to detect and protect against them. Apart from these general statements that can apply to most new campaigns, this RAT also demonstrates a few different techniques that are possible to monitor.…

Read More

LearnPass site administrators should update the plugin to version 4.2 or above as soon as possible. It is critical for maintainers of WordPress websites to continuously update both WordPress core and all installed plugins. Binary Defense highly recommends WordPress users enable auto-updates wherever possible. https://www.bleepingcomputer.com/news/security/75k-wordpress-sites-impacted-by-critical-online-course-plugin-flaws/

Read More

Keeping Endpoint Detection and Response (EDR) systems up-to-date and properly tuned can help companies identify process injection attacks. To help prevent the macro bypass, companies should limit write access to the default Templates directories for Microsoft Office. The SMB spreader can be detected by collecting a baseline of standard SMB netflow traffic and alerting against deviations from that, though this requires a well-staffed security team. https://thehackernews.com/2023/01/emotet-malware-makes-comeback-with-new.html

Read More

The latest versions of the Safari browser, macOS, iOS, and watchOS address several recently discovered vulnerabilities. Not only does Binary Defense recommend that users upgrade their Apple devices to the latest software versions, but the Cybersecurity and Infrastructure Security Agency (CISA) has issued a notice for Federal Civilian Executive Branch (FCEB) agencies to patch their devices to secure them “against active threats.” https://www.bleepingcomputer.com/news/apple/apple-fixes-actively-exploited-ios-zero-day-on-older-iphones-ipads/ https://support.apple.com/en-us/HT213597

Read More

DragonSpark does not appear to have any notable ties to other Chinese based threat actors. Based on the attacks that the group is carrying out, especially in regards to the locations of the victims as well as the choice of tools primarily developed by Chinese authors, researchers are fairly certain that the group has ties to China. It highly recommended that companies that either have ties to Eastern Asia or do a lot of business…

Read More

“It doesn’t stop with the stacked ads, though. For as many of those as might be rendering on a user’s device at once, they keep loading new ads until the ad slot with the malicious ad code is closed. The actors behind the VASTFLUX scheme clearly have an intimate understanding of the digital advertising ecosystem,” stated the company. In order to mislead both the advertising companies and the applications that display adverts, the campaign also…

Read More