Malware

10 Dec

S3 Ep112: Data breaches can haunt you more than once! [Audio + Text]

Information, Malware

by Paul Ducklin DATA BREACHES – THE STING IN THE TAIL Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL of our RSS feed into your favourite podcatcher. READ…

Read More
09 Dec

Hacked Corporate Email Accounts Used to Send MSP Remote Access Tool

Attacks, Malware

MuddyWater has been seen using sophisticated techniques to compromise organizations in the past. However, in this campaign, they are using a freely available tool and relatively unsophisticated tactics. This campaign demonstrates the rise of phishing and the use of legitimate remote access tools to compromise organizations, which is relying primarily on the human behind the screen being vulnerable. To protect against attacks such as this, organizations should actively employ an email monitoring solution as well…

Read More
09 Dec

Cisco Discloses High-Severity IP Phone Bug with Exploit Code

Attacks, Malware

While a security update to address CVE-2022-20968 is not yet available, Cisco provides mitigation advice for administrators who want to secure vulnerable devices in their environment from potential attacks. This requires disabling the Cisco Discovery Protocol on affected IP Phone 7800 and 8800 Series devices that also support Link Layer Discovery Protocol (LLDP) for neighbor discovery. “Devices will then use LLDP for the discovery of configuration data such as voice VLAN, power negotiation, and so…

Read More
09 Dec

HR and Payroll Company Discloses Data Breach

Attacks, Malware

The company has offered identity protection services to anyone impacted in the breach. Sequoia declined to comment on the amount of victims it has offered identity protection services too. Anyone that has been notified that they may have been a victim of this breach should sign up for the free monitoring service being offered by Sequoia and go through credit reports to make sure nothing was created in between the time of breach and notification.…

Read More
09 Dec

Cisco Releases Security Advisory for IP Phone 7800 and 8800 Series

Attacks, Insights, Malware

Original release date: December 9, 2022 Cisco released a security advisory for a vulnerability affecting IP Phone 7800 and 8800 Series. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. For more information, see the Cisco Security Advisories page. CISA encourages users and administrators to review Cisco IP Phone 7800 and 8800 Series Cisco Discovery Protocol Stack Overflow Vulnerability and apply the necessary updates. This product is provided subject to this Notification and…

Read More
09 Dec

Uptycs launches agentless cloud workload scanning

Data Breaches, Malware, Social Engineering

CNAPP (cloud native application protection platform) and XDR (extended detection and response ) provider Uptycs announced Friday that it has added agentless scanning to its existing cloud workload protection platform, which it said will open up a range of new use cases and attract new potential customers. The company said that its agentless workload scanning system will be fully interoperable with its agent-based Uptycs sensors, providing security metadata in the same format and letting users…

Read More
09 Dec

Credit card skimming – the long and winding road of supply chain failure

Information, Malware

by Paul Ducklin Researchers at application security company Jscrambler have just published a cautionary tale about supply chain attacks… …that is also a powerful reminder of just how long attack chains can be. Sadly, that’s long merely in terms of time, not long in terms of technical complexity or the number of links in the chain itself. Eight years ago… The high-level version of the story published by the researchers is simply told, and it…

Read More
08 Dec

JSON-based SQL injection attacks trigger need to update web application firewalls

Data Breaches, Malware, Social Engineering

Security researchers have developed a generic technique for SQL injection that bypasses multiple web application firewalls (WAFs). At the core of the issue was WAF vendors failing to add support for JSON inside SQL statements, allowing potential attackers to easily hide their malicious payloads. The bypass technique, discovered by researchers from Claroty’s Team82, was confirmed to work against WAFs from Palo Alto Networks, Amazon Web Services (AWS), Cloudflare, F5, and Imperva. These vendors have released…

Read More
08 Dec

Internet Explorer 0-day exploited by North Korean actor APT37

Attacks, Malware

TAG also identified other documents likely exploiting the same vulnerability and with similar targeting, which may be part of the same campaign. Although this campaign mainly targets South Korea, the tactic of using current events to lure potential victims into downloading malware is common and individuals should always verify the source of a link or document.Organizations should use the following preventative measures to protect themselves from an attack:• Implement network segmentation.• Install updates/patch operating systems,…

Read More
08 Dec

New Zerobot Malware Has 21 Exploits for BIG-IP, Zyxel, D-Link Devices

Attacks, Malware

It is highly recommended to make sure that all devices, including any network or IoT devices, that are exposed to the Internet are up-to-date on patching. The main infection vector of Zerobot is using one of the 21 exploits it supports to infect an Internet accessible device and propagating within the network from there. By making sure that all devices are properly patched, the attack surface that Zerobot can use to infect an environment is…

Read More