Attacks

13 Dec

CISA Updates Advisory on #StopRansomware: Cuba Ransomware

Attacks, Insights, Malware

Original release date: December 13, 2022 The Federal Bureau of Investigation (FBI) and CISA have updated joint Cybersecurity Advisory AA22-335A: #StopRansomware: Cuba Ransomware, originally released on December 01, 2022. The advisory has been updated to include additional indicators of compromise (IOCs). CISA encourages organizations to review the latest update to AA22-335A and apply the recommended mitigations. This product is provided subject to this Notification and this Privacy & Use policy.

Read More
13 Dec

Citrix Releases Security Updates for Citrix ADC, Citrix Gateway

Attacks, Insights, Malware

Original release date: December 13, 2022 Citrix has released security updates to address a critical vulnerability (CVE-2022-27518) in Citrix ADC and Citrix Gateway. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability has been exploited in the wild. CISA encourages users and administrators to review Citrix security bulletin CTX457836 and Citrix’s blog post for more information and to apply the necessary updates. Additionally, CISA urges organizations to review NSA’s advisory…

Read More
13 Dec

Mozilla Releases Security Updates for Thunderbird and Firefox

Attacks, Insights, Malware

Original release date: December 13, 2022 Mozilla has released security updates to address vulnerabilities in Thunderbird, Firefox ESR, and Firefox. An attacker could exploit these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review Mozilla’s security advisories for Thunderbird 102.6, Firefox ESR 102.6, and Firefox 108 for more information and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Read More
13 Dec

VMware Releases Security Updates for Multiple products

Attacks, Insights, Malware

Original release date: December 13, 2022 VVMware has released security updates to address multiple vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisories VMSA-2022-0031, VMSA-2022-0033, and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Read More
12 Dec

Fortinet Releases Security Updates for FortiOS

Attacks, Insights, Malware

Original release date: December 12, 2022 Fortinet has released security updates to address a heap-based buffer overflow vulnerability (CVE-2022-42475) in FortiOS. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability has been exploited in the wild.  CISA encourages users and administrators to review Fortinet security advisory FG-IR-22-368, apply the necessary updates, and validate systems against the IOCs listed in the advisory.  This product is provided subject to this Notification…

Read More
12 Dec

Clop Ransomware Uses TrueBot Malware for Access to Networks

Attacks, Malware

Organizations should also initiate proactive measures to ensure they are protected from ransomware. To protect against ransomware attacks, organizations should:• Regularly back up data, air gap, and password protect backup copies offline.• Ensure copies of critical data are not accessible for modification or deletion from the system where the data resides.• Implement network segmentation.• Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate,…

Read More
12 Dec

IcedID Malware Distributed from Fake Zoom Installation Website

Attacks, Malware

As of December 12th, the malicious website was still active and serving malware installation files. Binary Defense analysts noted that the malware installation program, named “ZoomInstallerFull.exe” drops a legitimate, signed copy of the real Zoom software installer as a Microsoft Installer package file named “ikm.msi” and installs it. It also drops a malicious DLL file named “ikm.aaa” and runs it via rundll32.exe. The DLL file was identified as IcedID. The Command and Control (C2) server…

Read More
12 Dec

Australia’s Largest Telecom Company Leaks Unlisted Customer Data

Attacks, Malware

Telstra will likely restructure their security strategy. They should consider adopting a defense-in-depth strategy in the future. Customers of Telstra should be aware of the increased likelihood that they will be targeted in phishing attacks. Messages from unknown senders should be approached with caution and attachments should not be interacted with unless they can be verified. https://www.bankinfosecurity.com/australian-telecom-firm-leaks-data-130000-customers-a-20681?&web_view=true

Read More
09 Dec

Hacked Corporate Email Accounts Used to Send MSP Remote Access Tool

Attacks, Malware

MuddyWater has been seen using sophisticated techniques to compromise organizations in the past. However, in this campaign, they are using a freely available tool and relatively unsophisticated tactics. This campaign demonstrates the rise of phishing and the use of legitimate remote access tools to compromise organizations, which is relying primarily on the human behind the screen being vulnerable. To protect against attacks such as this, organizations should actively employ an email monitoring solution as well…

Read More
09 Dec

Cisco Discloses High-Severity IP Phone Bug with Exploit Code

Attacks, Malware

While a security update to address CVE-2022-20968 is not yet available, Cisco provides mitigation advice for administrators who want to secure vulnerable devices in their environment from potential attacks. This requires disabling the Cisco Discovery Protocol on affected IP Phone 7800 and 8800 Series devices that also support Link Layer Discovery Protocol (LLDP) for neighbor discovery. “Devices will then use LLDP for the discovery of configuration data such as voice VLAN, power negotiation, and so…

Read More