Malware

28 Oct

CraneFly Hacking Group using Microsoft IIS Web Server Logs to Control Malware

Attacks, Malware

As time progresses, threat actors continue to discover novel ways to evade detection. Now that this technique has been discovered, it seems to be quite simple to detect; modify any preexisting IIS monitoring detections to search for keywords such as “wrde”, “exo”, and “cllo”. In this case, it may be better to search IIS log files being written to temp folders, since it would be relatively easy for malware operators to change these keywords. This…

Read More
28 Oct

Phishing attacks increase by over 31% in third quarter: Report

Data Breaches, Malware, Social Engineering

Email security and threat detection company Vade has found that phishing emails in the third quarter this year increased by more than 31% quarter on quarter, with the number of emails containing malware in the first three quarters surpassing the 2021 level by 55.8 million. Malware emails in the third quarter of 2022 alone increased by 217% compared to same period in 2021. Malware email volume peaked in July, reaching 19.2 million, before month-over-month declines…

Read More
28 Oct

Joint CISA FBI MS-ISAC Guide on Responding to DDoS Attacks and DDoS Guidance for Federal Agencies

Attacks, Insights, Malware

Original release date: October 28, 2022 CISA, the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have released Understanding and Responding to Distributed Denial-of-Service Attacks to provide organizations proactive steps to reduce the likelihood and impact of distributed denial-of-service (DDoS) attacks. The guidance is for both network defenders and leaders to help them understand and respond to DDoS attacks, which can cost an organization time, money, and reputational damage.…

Read More
28 Oct

VMware Releases Security Updates

Attacks, Insights, Malware

Original release date: October 28, 2022 VMware has released security updates to address multiple vulnerabilities in VMware Cloud Foundation. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2022-002 and apply the necessary updates and workarounds. This product is provided subject to this Notification and this Privacy & Use policy.

Read More
28 Oct

Top cybersecurity M&A deals for 2022

Data Breaches, Malware, Social Engineering

The number of cybersecurity mergers and acquisitions deals in 2021 set a record pace. The first three quarters of the year saw 151 transactions in the industry, according to 451 Research. That’s up from 94 for the same period in 2020. That trend is likely to continue in 2022. Many of the 2021 transactions CSO reported were in the identity and cloud security markets, especially toward the end of the year. This trend is likely…

Read More
27 Oct

CISA Releases Four Industrial Control Systems Advisories

Attacks, Insights, Malware

Original release date: October 27, 2022 CISA has released four (4) Industrial Control Systems (ICS) advisories on October 27, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations: •    ICSA-22-300-01 Rockwell Automation FactoryTalk Alarm and Events Server •    ICSA-22-300-02 SAUTER Controls moduWeb •    ICSA-22-300-03 Rockwell Automation Stratix Devices Containing Cisco IOS •  …

Read More
27 Oct

Vice Society Hackers Are Behind Several Ransomware Attacks Against Education Sector

Attacks, Malware

It is highly recommended to implement and maintain a regular patching cycle for all devices in an organization and particularly devices that are Internet-facing. Vice Society exploits vulnerabilities to both gain an initial foothold into an environment as well as escalating privileges on infected systems. By making sure all devices are up-to-date on patches consistently, an organization can help prevent threat actors like Vice Society from being able to gain a foothold into an environment.…

Read More
27 Oct

Medibank Provides An Update

Attacks, Malware

Medibank plans to aid their customers moving forward by providing some resources free of charge, those include: • Financial support for customers who are in a uniquely vulnerable position because of this crime.• Free identity monitoring services for customers who have had their primary ID compromised• Reimbursement of fees for re-issue of identity documents that have been fully compromised in this crime.• Specialist identity protection advice and resources from IDCARE.• Medibank’s mental health and wellbeing…

Read More
27 Oct

LinkedIn’s New Security Features Combat Fake Profiles, Threat Actors

Attacks, Malware

Fake accounts, fake job offers, and phishing attacks are all common tactics of threat actors using LinkedIn to target individuals. Threat actors may message individuals asking them to visit a company site which is reality, a fake site designed to steal credentials. Users should always be cautious if sent an external link on LinkedIn. Additionally, users should be wary of any files sent on LinkedIn from unknown users — threat actors will often use this…

Read More
27 Oct

How Cisco’s Cloud Control Framework helps it comply with multiple security standards

Data Breaches, Malware, Social Engineering

An XKCD comic strip shows two tech workers frustrated that there are 14 competing standards for a variety of use cases. “We need to develop one unified standard that covers everyone’s use cases,” they say. The next frame shows that there are now 15 standards instead of one. Brad Arkin, the chief security and trust officer at Cisco, will tell you that this illustration of how standards proliferate hits uncomfortably close to the truth. “Everybody…

Read More