Attacks

As time progresses, threat actors continue to discover novel ways to evade detection. Now that this technique has been discovered, it seems to be quite simple to detect; modify any preexisting IIS monitoring detections to search for keywords such as “wrde”, “exo”, and “cllo”. In this case, it may be better to search IIS log files being written to temp folders, since it would be relatively easy for malware operators to change these keywords. This…

Read More

It is highly recommended to implement and maintain a regular patching cycle for all devices in an organization and particularly devices that are Internet-facing. Vice Society exploits vulnerabilities to both gain an initial foothold into an environment as well as escalating privileges on infected systems. By making sure all devices are up-to-date on patches consistently, an organization can help prevent threat actors like Vice Society from being able to gain a foothold into an environment.…

Read More

Medibank plans to aid their customers moving forward by providing some resources free of charge, those include: • Financial support for customers who are in a uniquely vulnerable position because of this crime.• Free identity monitoring services for customers who have had their primary ID compromised• Reimbursement of fees for re-issue of identity documents that have been fully compromised in this crime.• Specialist identity protection advice and resources from IDCARE.• Medibank’s mental health and wellbeing…

Read More

Fake accounts, fake job offers, and phishing attacks are all common tactics of threat actors using LinkedIn to target individuals. Threat actors may message individuals asking them to visit a company site which is reality, a fake site designed to steal credentials. Users should always be cautious if sent an external link on LinkedIn. Additionally, users should be wary of any files sent on LinkedIn from unknown users — threat actors will often use this…

Read More

As always, it is highly recommended to patch any appliances using vulnerable versions of software and to implement a plan for regular updates.In the event that applying the official patch is not immediately feasible, VMware has also released a temporary workaround: https://kb.vmware.com/s/article/89809 https://www.bleepingcomputer.com/news/security/vmware-fixes-critical-cloud-foundation-remote-code-execution-bug/

Read More

The U.S. cybersecurity agency also strongly urged all organizations worldwide to prioritize patching these security bugs, even though BOD 22-01 only applies to U.S. FCEB agencies. Organizations are recommended to create a patch management policy to verify that all current systems are kept up to date. https://www.bleepingcomputer.com/news/security/cisco-warns-admins-to-patch-anyconnect-flaw-exploited-in-attacks/

Read More