Malware

07 Dec

Antwerp City Services Down After Digital Partner is Breached

Attacks, Malware

While there is currently not a lot of information available into how the breach of Digipolis occurred, the effects of the breach on the City of Antwerp are apparent. This attack is a recent example of a supply-chain attack, where a threat actor infiltrates one organization through a breach of another. Overall, the recommended strategy to protect against attacks such as these is to have a defense in depth strategy when it comes to security.…

Read More
07 Dec

Elon Musk’s Twitter Followers Targeted in Fake Crypto Giveaway Scam

Attacks, Malware

As with any crypto giveaway scam, the victim ends up sending the funds to the attacker’s wallet but never receives any amount back. Twitter accounts following famous personalities should be wary of suspicious messages and notifications heading their way. https://www.bleepingcomputer.com/news/security/elon-musks-twitter-followers-targeted-in-fake-crypto-giveaway-scam/

Read More
07 Dec

US Congress rolls back proposal to restrict use of Chinese chips

Data Breaches, Malware, Social Engineering

The US Congress is rolling back proposed legislation that would place restrictions on the use of Chinese-made chips by the government and its contractors, after  companies argued that the measures would raise costs. While the draft legislation still provides for restrictions to be enacted, contractors now have five years to comply with them, rather than the two years stipulated in an earlier version of the proposal, and the language of the new draft leaves room…

Read More
07 Dec

Athletic shoe maker Brooks runs down cyberattacks with zero-trust segmentation

Data Breaches, Malware, Social Engineering

Ransomware was again the top attack type in 2021, with manufacturing replacing financial services as the top industry in a Brooks Jon Hocut, director of information security for Brooks ssailants’ crosshairs—representing 23.2% of the global attacks remediated last year by IBM Security’s X-Force, according to the company’s Threat Intelligence Index 2022 report. With news like this, it is not surprising that “ransomware is the threat that keeps me up the most at night,” says Jon…

Read More
06 Dec

Ransomware attack knocks Rackspace’s Exchange servers offline

Data Breaches, Malware, Social Engineering

Cloud services and hosting provider Rackspace Technology acknowledged Tuesday that a recent incident that took most of its Hosted Exchange email server business offline was the product of a ransomware attack. The company shut the service down last Friday. It was not, initially, clear what had caused the outage, but Rackspace quickly moved to shift Exchange customers over to Microsoft 365, as this part of the company’s infrastructure was apparently unaffected. Rackpsace offers migration to…

Read More
06 Dec

Threat Actors Abuse PRoot Linux Utility to Simplify Malware Deployment

Attacks, Malware

Threat actors observed using this technique have been able to utilize free file sharing services like Google Drive, Dropbox, or OneDrive to host their compressed filesystem containing their malware, making them readily accessible from victim devices. Organizations should be sure to monitor for connections to these file sharing services, especially ones that are not commonly used for an organization’s business processes.Organizations may also find it useful to monitor for the execution of the PRoot tool,…

Read More
06 Dec

CISA Order Agencies to Patch Google Chrome Vulnerability

Attacks, Malware

This is the ninth high severity bug for which Chrome has released a patch during 2022. CISA has given three weeks to its agencies to patch their systems. Because of this timeline, it is likely we will not see technical details of this vulnerability until after this date. It is highly recommended that any organization with users running Google Chrome should use CISA’s requirements as a guideline for themselves, and endeavor to have all systems…

Read More
06 Dec

Three BMC Vulnerabilities Impact Manufacturers Industrywide

Attacks, Malware

Much of the risk of these vulnerabilities can be mitigated by controlling access to remote management interfaces. Companies should endeavor to never leave these exposed to the internet, and further limit which devices or networks can access these interfaces. User behavior analysis can help identify exploitation of vulnerabilities like these; mass password reset requests and root-level activities that differ from baseline can be reliable indicators of a compromise. https://thehackernews.com/2022/12/new-bmc-supply-chain-vulnerabilities.html

Read More
06 Dec

Flaws in MegaRAC baseband management firmware impact many server brands

Data Breaches, Malware, Social Engineering

Researchers have found three vulnerabilities in AMI MegaRAC, a baseband management controller (BMC) firmware used by multiple server manufacturers. If exploited, the flaws could allow attackers to remotely control servers, deploy malware and firmware implants, or trigger damaging actions that leave them inoperable. BMCs are microcontrollers present on server motherboards that have their own firmware, dedicated memory, power, and network ports and are used for out-of-band management of servers when their main operating systems are…

Read More
06 Dec

Action1 launches threat actor filtering to block remote management platform abuse

Data Breaches, Malware, Social Engineering

Action1 has announced new AI-based threat actor filtering to detect and block abuse of its remote management platform. The cloud-native patch management, remote access, and remote monitoring and management (RMM) firm stated its platform has been upgraded to spot abnormal user behavior and automatically block threat actors to prevent attackers exploiting its tool to carry out malicious activity. The release comes amid a trend of hackers misusing legitimate systems management platforms to deploy ransomware or…

Read More