Malware

01 Mar

Parallax RAT Hiding in Legitimate Processes

Attacks, Malware

Phishing continues to be a popular method of initial access for threat actors. The effectiveness of phishing attacks, when paired with increasingly popular evasion techniques such as process injection and process hollowing, create a dangerous combination. These types of attacks will likely continue to grow in popularity due to the accessibility of closed source tools like this. They also serve to highlight the importance of a mature detection program that can respond to complex attacks…

Read More
01 Mar

Cyber Attackers Shift Tactics for Maximum Impact

Attacks, Malware

The first step to secure IoT devices is knowing what is connected. This includes using a device identification and discovery tool that automates three critical IoT security functions: • Automatically and continuously detects, profiles, and classifies IoT devices on the network.• Maintains a real-time inventory of devices.• Provides relevant risk insights for each of these asset classes by continuously monitoring across attack vectors. By following these industry best practices for IoT security and adopting leading-edge…

Read More
01 Mar

CISA Warns of ZK Java Framework RCE Flaw Being Exploited in the Wild

Attacks, Malware

While this vulnerability was patched nearly a year ago, it is still being actively exploited in many organizations. This demonstrates the need for two key functions in any organization – threat intelligence and a patching schedule. Adequate threat intelligence is needed in an organization for a variety of different reasons, but one key reason is to ensure that the organization is made aware of any vulnerabilities that have been released in a timely manner. Threat…

Read More
01 Mar

BlackLotus bootkit can bypass Windows 11 Secure Boot: ESET

Data Breaches, Malware, Social Engineering

A Unified Extensible Firmware Interface (UEFI) bootkit called BlackLotus is found to be capable of bypassing an essential platform security feature, UEFI Secure Boot, according to researchers from Slovakia-based cybersecurity firm ESET. BlackLotus uses an old vulnerability and can run even on fully up-to-date Windows 11 systems with UEFI Secure Boot enabled, the researchers found. UEFI Secure Boot is a feature of the UEFI firmware, which is a successor to the traditional BIOS (Basic Input/Output System)…

Read More
01 Mar

Top 10 open source software risks for 2023

Data Breaches, Malware, Social Engineering

Known vulnerabilities, compromise of legitimate package, and name confusion attacks are expected to be among the top ten open source software risks in 2023, according to a report by Endor Labs. The other major open source software risks, according to the report, include unmaintained software, outdated software, untracked dependencies, license risk, immature software, unapproved changes, and under/oversized dependency. Almost 80% of code in modern applications is code that relies on open source packages. While open…

Read More
01 Mar

How security leaders can effectively manage Gen Z staff

Data Breaches, Malware, Social Engineering

In 2022, I started a podcast aimed at converting more Gen Z to seek careers in cybersecurity. In doing so, I had to educate myself on what they value and realized the many differences between Gen Z and previous generations. Gen Z refers to those born between mid-to-late 1990s and 2010, making them between the ages of 11 and 28. This means they grew up experiencing a much faster rate in which technology evolves. The…

Read More
28 Feb

Hacked home computer of engineer led to second LastPass data breach

Data Breaches, Malware, Social Engineering

Password management company LastPass, which was hit by two data breaches last year, has revealed that data exfiltrated during the first intrusion, discovered in August, was used to target the personal home computer of one of its devops engineers and launch a second successful cyberatttack, detected in November. The threat actor involved in the breaches infected the engineer’s home computer with a keylogger, which recorded information that enabled a cyberattack that exfiltrated sensitive information from…

Read More
28 Feb

New cyberattack tactics rise up as ransomware payouts increase

Data Breaches, Malware, Social Engineering

While phishing, business email compromise (BEC), and ransomware still rank among the most popular cyberattack techniques, a mix of new-breed attacks is gaining steam, according to a new report from cybersecurity and compliance company Proofpoint. “While conventional phishing remains successful, many threat actors have shifted to newer techniques, such as telephone-oriented attack delivery (TOAD) and adversary in the middle (AitM) phishing proxies that bypass multi-factor authentication,” said Ryan Kalember, executive vice president of cybersecurity strategy…

Read More
28 Feb

New SCARLETEEL Threat Group Attacks Cloud Data via Cryptomining

Attacks, Malware

To minimize the traces left behind, the attacker attempted to disable CloudTrail logs in the compromised AWS account. Additionally, Sysdig’s report indicates that the attacker retrieved Terraform state files from the S3 buckets containing IAM user access keys and a secret key for a second AWS account. This account was eventually used for lateral movement within the organization’s cloud network. In order to effectively address the risks introduced by cloud facing threats, organizations are highly…

Read More
28 Feb

Link Found Between Exfiltrator-22 Post-Exploitation Framework And LockBit Ransomware

Attacks, Malware

The CYFIRMA team has discovered evidence that EX-22 was created by LockBit 3.0 associates or members of the ransomware operation’s development staff. Firstly, they discovered that the framework used the same “domain fronting” method used by the LockBit and the TOR obfuscation plugin Meek, which assists in concealing malicious traffic inside normal HTTPS connections to legitimate platforms. Further research by CYFIRMA revealed that EX-22 makes use of the identical C2 infrastructure that was previously disclosed…

Read More