Malware

01 Nov

K7SecuritySuite Antivirus Software Exploited to Deploy LODEINFO Malware

Attacks, Malware

DLL side-loading remains a popular technique for malware developers because it offers a lot of potential for detection evasion by masking its execution with legitimate software execution. This problem can be approached in a number of ways. Organizations may find application whitelisting and disabling installation by unprivileged users via group policy to be useful in mitigating this threat. EDR and SIEM tools also provide very valuable insight into anomalous software installations and executions in an…

Read More
01 Nov

CISA Releases Updated Guidance on Implementing Phishing-Resistant Multifactor Authentication

Attacks, Malware

When considering the current threat landscape, MFA should be required for all devices accessed from outside of internal resources and for any high-value devices internal to the organization. This includes solutions used to work from home (WFH) such as Virtual Private Networks (VPNs) or Virtual Desktop Infrastructure (VDI), as well as business-critical servers and accounts that have access to sensitive data. FIDO/WebAuthn authentication keys, such as YubiKeys, are by far the MFA most resistant to…

Read More
01 Nov

ConnectWise Addresses Critical Remote Code Vulnerability

Attacks, Malware

ConnectWise has announced that they do not have any evidence of the vulnerability currently being exploited in the wild. Anyone that runs this software should ensure that they are staying up to date on security patches and are running the most current version to prevent them from being susceptible to the vulnerability. Experts warn of critical RCE in ConnectWise Server Backup Solution

Read More
01 Nov

CISA Upgrades to TLP 2.0

Attacks, Insights, Malware

Original release date: November 1, 2022 Today, CISA officially upgraded to Traffic Light Protocol (TLP) 2.0, which facilitates greater information sharing and collaboration. CISA made this upgrade in accordance with the recommendation from the Forum of Incident Response and Security Teams to upgrade to TLP 2.0 by January 2023. Key TLP 2.0 updates: TLP 2.0 changes TLP:WHITE to TLP:CLEAR. TLP 2.0 adds the designation TLP:AMBER+STRICT, which instructs the recipient to keep the information strictly within…

Read More
01 Nov

CISA Releases One Industrial Control Systems Advisory

Attacks, Insights, Malware

Original release date: November 1, 2022 CISA released one Industrial Control Systems (ICS) advisory on November 1, 2022. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations: ICSA-22-221-01 Mitsubishi Electric Multiple Factory Automation Products (Update C) This product is provided subject to this Notification and this Privacy & Use policy.

Read More
01 Nov

The OSPO – the front line for secure open-source software supply chain governance

Data Breaches, Malware, Social Engineering

Organizations of every shape, size, and sector have embraced open-source software (OSS). The financial, medical, and manufacturing industries – and even national security – now use OSS to power their most critical applications and activities. However, this widespread adoption comes with pitfalls: a corresponding increase of almost 800% in software supply chain attacks according to the State of the Software Supply Chain from Sonatype. With the rapid growth of OSS adoption, organizations have begun to…

Read More
31 Oct

White House Seeks International Cooperation to Thwart Growing Ransomware Threat

Attacks, Malware

Governments across the globe continue to look for ways to effectively battle ransomware. It has become a top priority for many world leaders especially in the US, but organizations still need to take their own steps to ensure they are protected from ransomware. To protect against ransomware attacks, organizations should:• Regularly back up data, air gap, and password protect backup copies offline.• Ensure copies of critical data are not accessible for modification or deletion from…

Read More
31 Oct

Samsung Galaxy Store Bug

Attacks, Malware

The issue in the Galaxy Store app relates to how deeplinks are configured for Samsung’s Marketing and Content Service (MCS), which might create a situation where arbitrary code injected into the MCS website could lead to its execution. This vulnerability could be leveraged to download and install malicious programs on the Samsung smartphone. “To be able to successfully exploit the victim’s server, it is necessary to have HTTPS and CORS bypass of chrome,” stated the…

Read More
31 Oct

Credential Stuffing Attack Impacts Air New Zealand Customers

Attacks, Malware

Credential stuffing attacks highlight the importance of taking proper measures to ensure accounts are secured. Individuals should use strong and unique passwords for each account that requires them, especially for those that contain sensitive information. Taking advantage of Multi-Factor Authentication when it’s offered is also strongly suggested https://www.stuff.co.nz/business/130310228/air-nz-faces-cyber-breach-multiple-accounts-compromised?&web_view=true

Read More
31 Oct

Engineering workstation attacks on industrial control systems double: Report

Data Breaches, Malware, Social Engineering

Engineering workstation compromises were the initial attack vector in 35% of all operational technology (OT) and industrial control system breaches in companies surveyed globally this year, doubling from the year earlier, according to research conducted by the SANS Institute and sponsored by Nozomi Networks. While the number of respondents who said they had experienced a breach in their OT/ICS systems during the last 12 months dropped to 10.5% (down from 15% in 2021), one third…

Read More