Malware

13 Mar

Dark Pink APT group linked to new KamiKakaBot attacks in Southeast Asia

Data Breaches, Malware, Social Engineering

The recently identified Dark Pink advanced persistent threat (APT) group is likely behind a fresh set of KamiKakaBot malware attacks on ASEAN governments and military entities, according to Netherlands-based cybersecurity company EclecticIQ. The attacks, which took place in February, were “almost identical” to those reported by Singapore-based global cybersecurity firm Group-IB on January 11, ElectricIQ said. Multiple overlapping techniques used in the campaigns helped EclecticIQ analysts attribute the recent attacks as likely to be the…

Read More
13 Mar

Blackbaud penalized $3M for not disclosing the full scope of ransomware attack

Data Breaches, Malware, Social Engineering

Software firm Blackbaud has agreed to pay a $3 million penalty for failing to disclose the full scope of the ransomware attack it suffered in 2020, according to the US Securities and Exchange Commission (SEC). South Carolina headquartered Blackbaud provides donor relationship management software to various non-profit organizations, including charities, higher education institutions, K-12 schools, healthcare organizations, religious organizations, and cultural organizations. The company detected unauthorized access to its systems on May 14, 2020, which…

Read More
13 Mar

6 reasons why your anti-phishing strategy isn’t working

Data Breaches, Malware, Social Engineering

Phishing attempts are typically like fishing in a barrel — given enough time, a bad actor is 100% likely to reel in a victim. Once they recognize organizations as habitually vulnerable, they will continue to target them and the barrel-fishing cycle goes on and on. “Bad actors are highly motivated and funded with the sole attempt to be successful at attracting only one victim,” says Johanna Baum, CEO and founder of Strategic Security Solutions Consulting.…

Read More
11 Mar

CISA has added two new…

Attacks, Insights, Malware

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2020-5741 Plex Media Server Remote Code Execution Vulnerability CVE-2021-39144 XStream Remote Code Execution Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column—which will sort by descending dates. Binding Operational…

Read More
10 Mar

IceFire Ransomware Now Encrypts Both Linux and Windows Systems

Attacks, Malware

This new encryptor demonstrates the shift of many threat actors to target Linux systems. It is necessary for organizations to pivot to ensure that their Linux devices are adequately covered by behavioral as well as signature-based detections. One way that this could be done is by looking for a large number of file renames in quick succession, although this detection would be at the end of the kill chain. Overall, it is best to ensure…

Read More
10 Mar

Business Email Compromise (BEC) Attacks Only Take Hours According to Microsoft

Attacks, Malware

To prevent BEC attacks, Microsoft recommends implementing security measures such as two-factor authentication, using machine learning to identify suspicious activity, and educating employees about the risks and warning signs of BEC attacks. The report also emphasizes the importance of swift action when an attack is detected, as time is a critical factor in preventing further damage. Source: https://www.bleepingcomputer.com/news/security/microsoft-business-email-compromise-attacks-can-take-just-hours/

Read More
10 Mar

Xenomorph Android Malware Now Steals Banking Data

Attacks, Malware

Considering its current distribution channel, the Zombinder, users should be cautious with apps they install from Google Play, read reviews, and run background checks on the publisher. Generally, it is advisable to keep the number of apps running on your phone to the minimum possible and only install apps from known and trustworthy vendors. Source: https://www.bleepingcomputer.com/news/security/xenomorph-android-malware-now-steals-data-from-400-banks/

Read More
10 Mar

New variant of the IceFire ransomware targets Linux enterprise systems

Data Breaches, Malware, Social Engineering

A novel Linux version of the IceFire ransomware that exploits a vulnerability in IBM’s Aspera Faspex file-sharing software has been identified by SentinelLabs, a research division of cybersecurity company  Sentinel One. The exploit is for CVE-2022-47986, a recently patched Aspera Faspex vulnerability. Known up to now to target only Windows systems, the IceFire malware detected by SentinelLabs uses an iFire extension, consistent with a February report from MalwareHunterTeam — a group of independent cybersecurity researchers analyzing…

Read More
10 Mar

Fortinet has released its March…

Attacks, Insights, Malware

Fortinet has released its March 2023 Vulnerability Advisories to address vulnerabilities affecting multiple products. An attacker could exploit one of these vulnerabilities to take control of an affected system.    CISA encourages users and administrators to review the Fortinet March 2023 Vulnerability Advisories page for more information and apply the necessary updates. Please share your thoughts. We recently updated our anonymous Product Feedback Survey and we’d welcome your feedback.

Read More
10 Mar

AT&T informs 9M customers about data breach

Data Breaches, Malware, Social Engineering

AT&T is informing customers about a data breach at a vendor’s system that allowed threat actors to gain access to AT&T’s Customer Proprietary Network Information (CPNI). The incident came to light after customers posted the email communication from AT&T on community forums to know if it was legitimate or email fraud. “We recently determined that an unauthorized person breached a vendor’s system and gained access to your ‘Customer Proprietary Network Information’ (CPNI),” AT&T said in…

Read More