Malware

It is highly recommended to patch any Citrix devices in an organization’s environment as soon as possible if they are vulnerable to either of these vulnerabilities. Since at least one of them is known to have threat actors actively exploiting it, the sooner the devices can be patched, the less chance that a threat actor will be able to compromise it and spread throughout an organization. It is recommended that organizations update their Citrix applications…

To protect against ransomware attacks, organizations should: · Regularly back up data, air gap backups, and password-protect backup copies offline. · Ensure copies of critical data are not accessible for modification or deletion from the system where the data resides. · Implement network segmentation. · Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location · Install updates/patches operating systems, software,…

Companies with well-known brand names should continuously monitor domain name registrations to identify potential typo-squatting attacks impersonating their brand name. The Uniform Domain-Name Dispute Resolution Policy can be used by companies to reclaim brand-infringing domains. If the infringing domain is being used to deliver malware, most domain registrars will honor a request for an immediate take-down of the offending domain. Binary Defense Counterintelligence services include monitoring of typo-squatting domain names and review of impersonating websites.…

BitKeep recommends that anyone who may have installed the trojanized app should first download the official app from a trusted source like the Google Play Store, create a new wallet, and transfer all funds to it before removing the malicious version of the app. Any wallets created via the malicious app should be treated as compromised. In general, Binary Defense recommends only installing applications from the official app stores, such as Google Play for Android…

Data breaches involving healthcare or insurance information could result in insurance fraud. In addition to the normal precautions such as placing a freeze request with the major credit bureaus and monitoring financial accounts for unusual transactions, victims of medical data breaches should also be aware that identity thieves might attempt to get expensive medical procedures using their stolen insurance information. Carefully check “Explanation of Benefits” (EOB) forms or online claims notifications and promptly inform health…

The primary risk introduced by this breach is the combination of the unencrypted metadata with customer account information. With those two pieces of information, malicious actors can put together a profile of websites the exposed customers have accounts on, combine that with open source intelligence (OSINT) from social media, and perform activities such as spearphishing, vishing, or other social engineering techniques against employees. Additional social engineering awareness training may be effective over the next couple…