Malware

23 Dec

S3 Ep114: Preventing cyberthreats – stop them before they stop you! [Audio + Text]

Information, Malware

by Paul Ducklin STOP THE CROOKS BEFORE THEY STOP YOU! Paul Ducklin talks to world-renowned cybersecurity expert Fraser Howard, Director of Research at SophosLabs, in this fascinating episode, recorded during our recent Security SOS Week 2022. When it comes to fighting cybercrime, Fraser truly is a “specialist in everything”, and he also has the knack of explaining this tricky and treacherous subject in plain English. Click-and-drag on the soundwaves below to skip to any point.…

Read More
23 Dec

Microsoft Patches Azure Cross-Tenant Data Access Flaw

Information, Malware, News

Microsoft has silently fixed an important-severity security flaw in its Azure Container Service (ACS) after an external researcher warned that a buggy feature allowed cross-tenant network bypass attacks. The vulnerability, documented by researchers at Mnemonic, effectively removed the entire network and identity perimeter around  internet-isolated Azure Cognitive Search instances and allowed cross-tenant access to the data plane of ACS instances from any location, including instances without any explicit network exposure. According to Mnemonic researcher Emilien…

Read More
22 Dec

Zerobot Botnet Emerges as a Growing Threat with New Exploits and Capabilities

Attacks, Malware

The main methods that Zerobot uses to infect a system, via brute-force or vulnerability exploitation, can easily be prevented by following a few recommended steps. The first recommendation would be to make sure all devices on a network are up-to-date on their patches, particularly any Internet-facing devices. The threat actors rely on devices remaining unpatched to infect systems and grow their botnet, so by making sure all devices are up-to-date and not vulnerable, an organization…

Read More
22 Dec

FIN7 Cybercrime Syndicate Emerges as Major Player in Ransomware Landscape

Attacks, Malware

To protect against ransomware attacks, organizations should: • Regularly back up data, air gap, and password protect backup copies offline.• Ensure copies of critical data are not accessible for modification or deletion from the system where the data resides.• Implement network segmentation.• Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location• Install updates/patch operating systems, software, and firmware as soon…

Read More
22 Dec

The Guardian Media Group Hit by Ransomware Attack

Attacks, Malware

Companies looking to defend against ransomware should consider adopting a defense-in-depth strategy. Network segmentation, backups, regular patching, and vulnerability assessments are just a few of the measures that should be taken when attempting to lessen the likelihood of an attack. Promoting healthy cyber habits within a company is also crucial. https://www.infosecurity-magazine.com/news/ransomware-attack-guardian

Read More
22 Dec

Zerobot IoT Botnet Adds More Exploits, DDoS Capabilities

Information, Malware, News

The recently detailed Internet of Things (IoT) botnet Zerobot has been updated with an expanded list of exploits and distributed denial-of-service (DDoS) capabilities. Initially detailed two weeks ago, Zerobot is a self-replicating and self-propagating piece of malware written in the Golang (Go) programming language, which can target twelve device architectures. Fortinet, which first warned of the threat’s capabilities, analyzed two variants of the malware, one of which contained exploits targeting 21 known vulnerabilities, including the…

Read More
22 Dec

How Marvel’s Avengers inspire Pinsent Masons CISO to adapt cybersecurity hiring

Data Breaches, Malware, Social Engineering

Cybersecurity’s ongoing battle with a “skills shortage” has seen the sector lose its way regarding talent hiring and retention, says Christian Toon, CISO at London-based law firm Pinsent Masons. In an industry crying out for diversity and innovation, this year’s number one UK CSO 30 Awards winner says he takes inspiration from the Marvel Comics universe to challenge traditional HR approaches and more effectively recruit and keep security talent. “We have what some describe as…

Read More
21 Dec

Threat Actors Continue to Deploy Raspberry Robin

Attacks, Malware

The primary attack vector has been infected USB drives which download a malicious MSI installer file that deploys the primary payload. Either msiexec.exe or wmic.exe are utilized as trusted installers. Some UBS drives have a configured autorun.inf file that will automatically run the payload, whereas others rely on social engineering to invite a targeted user to click on an associated .LNK file. The payload loader now deploys a decoy adware named BrowserAssistant in order to…

Read More
21 Dec

Microsoft Pushes Emergency Fix for Windows Server Hyper-V VM Issues

Attacks, Malware

These updates are not delivered through Windows Updates and will not install automatically on impacted servers. To get the standalone package, admins must search for the KB number in the Microsoft Update Catalog, download it, and install it manually. They can also be manually imported into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. Microsoft also provides instructions on importing updates into WSUS and Configuration Manager from the Microsoft Update Catalog. “You do…

Read More
21 Dec

Ukraine’s DELTA Military System Users Targeted by Info-Stealing Malware

Attacks, Malware

Phishing has continued to be one of the most common means of initial access for threat actors of all skill levels. In this instance, the actor was likely trying to steal credentials and information concerning the DELTA program in order to assist with counterintelligence. Protecting against phishing campaigns is often difficult as it takes just one user to fall victim to the campaign to be successful – it is even more difficult with advanced phishing…

Read More