Malware

As time progresses, supply chain attacks are growing to become a popular attack vector among threat actors across the world. Fortunately, it seems that this vulnerability was not exploited in the wild in the seven months that it remained unpatched, but this will likely change. The problem with supply chain attacks is that in many instances, there are limited ways to detect them until they are more broadly known. It is recommended to have a…

Read More

SIM swapping attacks have gained popularity and are very useful to threat actors that already have breached credentials but get stopped from accessing accounts via Multi-Factor Authentication (MFA). MFA is always a recommended tool to add another layer of defense to credential theft, but it is typically recommended that MFA is provided through a trusted third-party application and never through a phone number. SIM swapping attacks are great example of why it is dangerous to…

Read More

MotW is an essential security mechanism, especially when it comes to malicious Microsoft Office documents that contain macros. By default, Office will only block macros in files that contain the MotW, allowing threat actors to abuse this flaw to smuggle in malicious macros with no warning to users. It is recommended to disable macros via Group Policy until Microsoft releases an official patch for the MotW flaw. https://www.bleepingcomputer.com/news/microsoft/windows-mark-of-the-web-bypass-zero-day-gets-unofficial-patch/

Read More

It is critical for organizations to keep their ESXi servers up to date. Vulnerabilities may accumulate, allowing an attacker a variety of opportunities for exploitation. In addition, because ESXi servers host virtual machines, they are a very desirable target for attackers. The compromise of a single ESXi server could lead to the compromise of dozens of production servers hosted within.System administrators can use this resource from VMware to plan a proactive update cycle and avoid…

Read More