Attacks

According to the advisory, Virtual Private Network (VPN) servers are used in these attacks to gain initial access to targeted networks, often exploiting unpatched security vulnerabilities and compromised credentials obtained via phishing emails. After establishing a foothold, the Daixin Team has been seen moving laterally via Secure Shell (SSH) and remote desktop protocol (RDP), then gaining elevated privileges using techniques like credential dumps. “The actors have leveraged privileged accounts to gain access to VMware vCenter…

Read More

The latest campaign by Domestic Kitten not only highlights the rise of using phishing as an initial attack vector, but also the growing mobile malware market. This form of malware should be on the radar of every enterprise, especially ones with Bring-Your-Own-Device (BYOD) policies, as there are limited ways for an employer to monitor their employees’ mobile devices. With the growing threat of malware targeting mobile devices, it is becoming more and more likely that…

Read More

Installing a strong mobile antivirus solution is advised. Vetting apps before downloading them and monitoring application permissions are highly suggested as well. Unused apps that are given unnecessary permissions should be deleted as a preventative measure. If a device is believed to have been infected, getting a new device, or running a hard factory reset should be considered. Smartphones of Iran’s protest detainees targeted with spyware

Read More

AAH reported that the breach affected 3 million people to the U.S. Department of Health, which listed it on its breach report portal. Analysts Notes: The healthcare provider has disabled the Pixel tracker on all systems and is implementing safeguards to prevent a similar exposure from happening again. Patients are advised to use their web browsers’ tracker-blocking features or use incognito mode when logging in on medical portals. Those with a Facebook or Google account…

Read More

It is highly recommended to implement and maintain good email security products to help detect phishing emails and malicious attachments. It is also recommended to implement an attachment file type block list, if possible, to help prevent attachments with specific file extensions from being delivered to end users. In this scenario, the threat actors used “.docm” files to deliver their malicious payload, which for most organizations would likely be considered an abnormal or suspicious attachment…

Read More

After hacking well-known tech businesses worldwide — including Microsoft, Nvidia, Samsung, Ubisoft, Okta, Vodafone, and Mercado — the Lapsus$ gang has made news this year. In addition, seven people from the UK were detained by the City of London Police in late March on suspicion of connection to the Lapsus$ group. On April 2nd, two of them were accused of helping the Lapsus$ extortion group. Following their appearance before the Highbury Corner Magistrates Court, they…

Read More