Attacks

Governments across the globe continue to look for ways to effectively battle ransomware. It has become a top priority for many world leaders especially in the US, but organizations still need to take their own steps to ensure they are protected from ransomware. To protect against ransomware attacks, organizations should:• Regularly back up data, air gap, and password protect backup copies offline.• Ensure copies of critical data are not accessible for modification or deletion from…

The issue in the Galaxy Store app relates to how deeplinks are configured for Samsung’s Marketing and Content Service (MCS), which might create a situation where arbitrary code injected into the MCS website could lead to its execution. This vulnerability could be leveraged to download and install malicious programs on the Samsung smartphone. “To be able to successfully exploit the victim’s server, it is necessary to have HTTPS and CORS bypass of chrome,” stated the…

Credential stuffing attacks highlight the importance of taking proper measures to ensure accounts are secured. Individuals should use strong and unique passwords for each account that requires them, especially for those that contain sensitive information. Taking advantage of Multi-Factor Authentication when it’s offered is also strongly suggested https://www.stuff.co.nz/business/130310228/air-nz-faces-cyber-breach-multiple-accounts-compromised?&web_view=true

Even though this zero-day was most likely only used in targeted attacks, it’s strongly suggested to patch even older devices as soon as possible to block potential attack attempts. The impacted devices include iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation). Apple disclosed the security flaw “may have been actively exploited” in the wild but…

This switch in tactics by the Clop threat group is not uncommon amongst these groups. Rapidly changing tactics and leveraging dark web Malware-as-a-Service (MaaS) offerings allows threat groups to infect companies at a faster rate since they do not have to wait on a successful phishing campaign. Illicit access is frequently brokered in the underground economy. To mitigate the risks of attacks similar to Raspberry Robin, a good rule amongst organizations is to never use…

As time progresses, threat actors continue to discover novel ways to evade detection. Now that this technique has been discovered, it seems to be quite simple to detect; modify any preexisting IIS monitoring detections to search for keywords such as “wrde”, “exo”, and “cllo”. In this case, it may be better to search IIS log files being written to temp folders, since it would be relatively easy for malware operators to change these keywords. This…