Malware

24 Feb

US warns of cyberattacks by Russia on anniversary of Ukraine war

Data Breaches, Malware, Social Engineering

The US Cybersecurity and Infrastructure Security Agency has issued an advisory urging organizations to increase cybersecurity vigilance today, the anniversary of Russia’s invasion of Ukraine, in the wake of a cyberattack against several Ukrainian government websites. “The United States and European nations may experience disruptive and defacement attacks against websites in an attempt to sow chaos and societal discord,” the CISA advisory said. The cyberattack in Ukraine, detected yesterday, hit the websites of a number…

Read More
24 Feb

Microsoft tells Exchange admins to revert previously recommended antivirus exclusions

Data Breaches, Malware, Social Engineering

Microsoft is advising Exchange Server administrators to remove some of the endpoint antivirus exclusions that the company’s own documentation recommended in the past. The rules are no longer needed for server stability and their presence could prevent the detection of backdoors deployed by attackers. “Times have changed, and so has the cybersecurity landscape,” the Exchange Server team said in a blog post. “We’ve found that some existing exclusions — namely the Temporary ASP.NET Files and…

Read More
24 Feb

Dutch Police Arrest Three Ransomware Group Members

Attacks, Malware

The threat of leaking data if a ransom is not paid is a common tactic amongst ransomware actors. In this case, the group would still leak data even if ransom was paid. By using this model, the group was setting themselves up to not get paid by anyone because there would be no benefit to paying. Although this is a risk taken by companies paying a ransom, most groups do not follow this model to…

Read More
24 Feb

Microsoft Urges Exchange Administrators to Remove Some Antivirus Exclusions

Attacks, Malware

This new recommendation from Microsoft demonstrates how adding over-encompassing AV exclusions can negatively impact and organization’s security. Especially in the current threat landscape, many actors make use of PowerShell and malicious IIS extensions to perform their attacks. Having these exclusions in place allows for a large gap in visibility where the threat actors can go unnoticed. On top of removing these exclusions and following the other recommendations from Microsoft, it is also recommended to frequently…

Read More
24 Feb

Edgio adds advanced DDoS protection with other WAAP enhancements

Data Breaches, Malware, Social Engineering

Content delivery network (CDN) service provider Edgio has added a new Distributed Denial of Service (DDoS) scrubbing ability along with improved Web Application and API Interface (WAAP) to its network security offering. Designed to reduce severe damages from sophisticated DDoS attacks, Edgio’s scrubbing solution impersonates the customer’s network by routing the customer’s IP traffic through its scrubbing point-of-presence (PoP) and only sending the “clean” traffic back to the customer’s infrastructure, according to Richard Yew, senior…

Read More
24 Feb

S3 Ep123: Crypto company compromise kerfuffle [Audio + Text]

Information, Malware

by Paul Ducklin LEARNING FROM OTHERS The first search warrant for computer storage. GoDaddy breach. Twitter surprise. Coinbase kerfuffle. The hidden cost of success. Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or…

Read More
23 Feb

Companies urged to patch critical vulnerability in Fortinet FortiNAC

Data Breaches, Malware, Social Engineering

Proof-of-concept exploit code is now available for a critical vulnerability in Fortinet FortiNAC appliances and attackers have already started using it in the wild. Users are advised to patch their systems as soon as possible. FortiNAC is a zero-trust network access solution that can be deployed both as a hardware device or as a virtual machine appliance. It is used for network segmentation, visibility, and control of devices and users connected to the network. As…

Read More
23 Feb

At least one open source vulnerability found in 84% of code bases: Report

Data Breaches, Malware, Social Engineering

At a time when almost all software contains open source code, at least one known open source vulnerability was detected in 84% of all commercial and proprietary code bases examined by researchers at application security company Synopsys. In addition, 48% of all code bases analyzed by Synopsys researchers contained high-risk vulnerabilities, which are those that have been actively exploited, already have documented proof-of-concept exploits, or are classified as remote code execution vulnerabilities.  The vulnerability data…

Read More
23 Feb

Russian Authorities Claim Ukraine Hackers Are Behind Fake Missile Strike Alerts

Attacks, Malware

Although no one has claimed responsibility for the attack, if one actually took place, it is likely it was carried out by a pro-Ukrainian hacktivist group. Hacktivist groups have carried out multiple attacks on behalf of both Ukraine and Russia over the course of the conflict. Even though President Putin continues to erroneously blame the West and Ukraine for Russia’s invasion, multiple reports identified Russian backed cyber-attacks on Ukrainian organizations in the months leading up…

Read More