Malware

Social media sites like Facebook are common vectors for threat actors to spread malware. Due to this, it is highly recommended to avoid downloading files from social media sites, particularly in cases where the source is unknown or untrusted. Even from known sources, it is recommended to carefully vet any links or files that are shared, as the source could be compromised. It is also recommended to maintain good endpoint security controls on all devices…

Read More

This situation highlights the potential impact of cyber attacks on the food supply chain, which is a critical infrastructure that requires secure and resilient systems. The disruption of food supplies can have severe consequences for public health and safety, as well as economic and social stability. The continuance of ransomware attacks against businesses that are part of critical infrastructure emphasizes the need for organizations to continue to invest in cybersecurity and risk management processes, people,…

Read More

Advise employees not to open links arriving in unexpected SMS messages. If a business sends an unexpected text, look up their number online and call them back to verify if they sent the message. Suspicious links should only be opened in a controlled, safe environment, such as a resettable virtual machine image. That way, if the link points to malicious code, it won’t execute on a device that contains sensitive information. https://www.bleepingcomputer.com/news/security/activision-confirms-data-breach-exposing-employee-and-game-info/

Read More

Phishing continues to be a focal point of initial access for threat actors. This campaign emphasizes the importance of a phishing awareness program and monitoring processes such as PowerShell and Procdump for potential misuse or abuse. LOLBIN usage can allow attackers to blend in with normal activity. Organizations are recommended to employ detections and mitigations for the post exploitation phase of an attack to try and weed out misuse of these programs. https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/hydrochasma-asia-medical-shipping-intelligence-gathering

Read More

While patches for new vulnerabilities are released nearly every day, it is up to organizations themselves to implement these patches. Organizations are recommended to implement the recommended patch from Vmware as quickly as feasible. All patches are recommended to be tested on selected machines ahead of deployment as per standard enterprise practices. The Threat Hunting and Managed Detection and Response (MDR) services offered by Binary Defense represent an effective way to incorporate a post-exploitation focus…

Read More