Malware

16 Feb

Havoc Post Exploitation Framework Observed in the Wild

Attacks, Malware

Here are some recommendations on how to defend against Havoc: Keep software up to date: As with Cobalt Strike, keeping your software up to date is essential in defending against Havoc. This includes both operating systems and software applications. Use strong authentication: Implement strong authentication methods to prevent unauthorized access to your systems, and use unique and strong passwords for all accounts. Monitor network traffic: Monitor your network traffic for any unusual activity, such as…

Read More
16 Feb

Hackers Using Google Ads to Spread FatalRAT Malware Disguised as Popular Apps

Attacks, Malware

Malicious Google Ads are becoming popular among threat actors as an infection vector for malware. Due to this, it is highly recommended to use an adblocker software when performing Google searches, particularly when searching for popular applications like Chrome or Telegram. This can help prevent a user from accidentally clicking on one of these malicious advertisement websites as opposed to the software’s legitimate site. Likewise, it is important to always double-check the URL of a…

Read More
16 Feb

Russian Hacker Convicted of $90 Million Hack-to-Trade Charges

Attacks, Malware

Global joint law enforcement cooperation has been the key to taking down cyber criminals. Often operating out of several countries, threat actors are being exposed more and more due global cooperation among law enforcement. The director of the FBI stated in August 2022, that cyber threat actors have become a top priority for the FBI and other law enforcement partners. The director stated cooperation was the key to success, “We must impose consequences on cyber…

Read More
16 Feb

CISA Releases Fifteen Industrial Control Systems Advisories

Attacks, Insights, Malware

Original release date: February 16, 2023 CISA released fifteen (15) Industrial Control Systems (ICS) advisories on February 16, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-23-047-01 Siemens Solid Edge ICSA-23-047-02 Siemens SCALANCE X-200 IRT ICSA-23-047-03 Siemens Brownfield Connectivity Client ICSA-23-047-04 Siemens Brownfield Connectivity Gateway ICSA-23-047-05 Siemens SiPass integrated AC5102/ACC-G2 and…

Read More
16 Feb

Evolving cyberattacks, alert fatigue creating DFIR burnout, regulatory risk

Data Breaches, Malware, Social Engineering

The evolution of cybercrime is weighing heavily on digital forensics and incident response (DFIR) teams, leading to significant burnout and potential regulatory risk. That’s according to the 2023 State of Enterprise DFIR survey by Magnet Forensics, a developer of digital investigation solutions. The firm surveyed 492 DFIR professionals in North America and Europe, the Middle East, and Africa working in organizations in industries such as technology, manufacturing, government, telecommunications, and healthcare. Respondents described the current…

Read More
16 Feb

BEC groups are using Google Translate to target high value victims

Data Breaches, Malware, Social Engineering

Abnormal Security has identified two groups that are using executive impersonation to execute Business Email Compromise (BEC) attacks on companies worldwide.  The first group, Midnight Hedgehog, engages in payment fraud, while the second group, Mandarin Capybara, executes payroll diversion attacks. Both groups have launched BEC campaigns in at least 13 different languages, including Danish, Dutch, Estonian, French, German, Hungarian, Italian, Norwegian, Polish, Portuguese, Spanish, and Swedish, the researchers noted. While attacking targets across various regions…

Read More
16 Feb

How automation in CSPM can improve cloud security

Data Breaches, Malware, Social Engineering

With the rapid growth and increasing complexity of cloud environments, organizations are increasingly at risk from various security threats. Cloud security posture management (CSPM) is a process that helps organizations continuously monitor, identify, and remediate security risks in the cloud. The use of automation in CSPM is crucial to ensuring the security and compliance of an organization’s cloud infrastructure. A key component of CSPM is the automation of its core tasks: continuous monitoring, remediation of…

Read More
15 Feb

Security tool adoption jumps, Okta report shows

Data Breaches, Malware, Social Engineering

Identity and access management (IAM) vendor Okta today released a report detailing app use and security trends among its broad user base. Among other trends it identified, the report found that zero trust security policies have become more common, and uptake of a wide range of security tools has been sharply on the rise. Okta survyed 17,000 customers globally, and found that zero trust usage among its  clients has increased from 10% two years ago…

Read More
15 Feb

Threat Actors Spoofing Emsisoft Certificates to Breach Networks

Attacks, Malware

This form of attack is not novel by any means and has been successfully leveraged by many groups in the past. Perhaps the best form of prevention is to ensure that all security analysts are aware of this form of attack. Apart from spreading awareness, an organization could also ensure that their security controls are set to block files with invalid signatures from running. Additionally, ensure that RDP ports are only open on devices where…

Read More
15 Feb

Microsoft Patch Tuesday Addresses Multiple Zero Days

Attacks, Malware

Due to the risks involved with these vulnerabilities, these updates should be tested and pushed to production environments as soon as policies allow. These attacks require initial access to be effective, and phishing emails are the most prominent method of gaining that first foothold. Ensuring that users know the risks of phishing emails and how to detect them can help protect an organization. Remote Code Execution and Privilege Escalation vulnerabilities are inevitable with the increasing…

Read More