Attacks

While this threat actor has been seen making use of custom malware, Dark Pink, like most threat actors, is still relying on phishing to gain their initial access into an environment. Phishing is one of the most prominent tactics used by threat actors, with the frequency and volume of phishing-related attacks on the rise every year. To protect against phishing, it is recommended to provide sufficient user training and education, as well as implementing an…

Read More

Companies can mitigate attacks like this by using the latest versions of container images to ensure the images are adequately patched. Some of the vulnerabilities being exploited are over two years old, with the associated patches released for nearly as long. Moreover, engineers and administrators can check vendor guides for recommended security settings to harden deployments. Administrators can restrict public access to containers to the bare minimum appropriate to an organization’s risk management framework. In…

Read More

All users of Ubuntu are urged to update as soon as possible. To update, the following command can be used:sudo apt update && sudo apt full-upgradeBelow are the patched kernel versions for each Ubuntu version: • Ubuntu 22.10◦ linux-image 5.19.0.28.25• Ubuntu 22.04 LTS◦ linux-image 5.15.0-57.63• Ubuntu 20.04 LTS◦ linux-image 5.15.0-57.63~20.04.1◦ linux-image 5.4.0.136.134• Ubuntu 18.04 LTS◦ linux-image 5.4.0.136.153~18.04.111◦ linux-image 4.15.0.201.184 Ubuntu Users Get Massive Kernel Security Updates, More Than 20 Vulnerabilities Patched

Read More

Users looking to protect themselves from these types of attacks should do the following: • Always hover all URLs before clicking• Always double-check sender addresses• Log into the Facebook account directly to check the status of the account instead of clicking on the URL in the email https://www.avanan.com/blog/facebook-termination-notices-leads-to-phishing

Read More

This tunnel technique is a unique tactic used by the threat actor. The idea is to leverage the tunnel to remotely access the compromised computer via a Flask-based app, which contains a trojan dubbed xrat (but codenamed poweRAT by Phylum). The malicious program allows threat actors to execute arbitrary Python code, download and run remote files on the host, exfiltrate files and entire directories, run shell commands, and more. The Flask application supports a “live”…

Read More

Threat actors can leverage stolen medical records to impersonate legitimate patients to commit various forms of fraud, including submitting fraudulent claims to health insurers without authorization. This could not only affect healthcare coverage, but also compromise safety if ther i’s misinformation on file that is needed for medical treatment. Anyone who may have been a victim of a medical data breach should get confirmation from their provider to find out exactly what information was stolen.…

Read More

While no official statement has been released as to how the malware variants are spreading, it can be assumed that these are likely spreading through phishing campaigns and malicious websites. From an enterprise level, the best course of action to take to prevent against this malware would be to educate end users on the best practices to take when browsing the internet, to verify application legitimacy, and to read application reviews prior to installation. Applications…

Read More