Malware

17 Feb

Hackers use Fake Certificate to Hide Attack

Attacks, Malware

Servers running the affected versions of these Fortinet products should be updated to a version that is not susceptible to these attacks. Whenever a product releases a security patch, it is important to test and implement the update as soon as possible to prevent attackers from being able to exploit vulnerabilities. A full list of affected product versions can be found in the source article. https://www.infosecurity-magazine.com/news/hackers-fake-emsisoft-certificate/

Read More
17 Feb

CISA Warns of Windows and iOS Bugs Exploited as Zero-days

Attacks, Malware

While CISA’s directive only applies to United States federal agencies, it is encouraged and best practice that organizations also follow this timeline to patch their vulnerabilities. In cybersecurity, a timely patching schedule is an important factor of securing an environment, as many threat actors will attempt to exploit recently released 0-days before organizations have a chance to patch them. On top of a timely patching schedule, it is also important to employ a defense-in-depth strategy.…

Read More
17 Feb

New Mirai botnet variant V3G4 targets Linux servers, IoT devices

Data Breaches, Malware, Social Engineering

A new variant of Mirai — the botnet malware used to launch massive DDoS attacks —has been targeting 13 vulnerabilities in IoT devices connected to Linux servers, according to researchers at Palo Alto Network’s Unit 42 cybersecurity team.  Once the vulnerable devices are compromised by the variant, dubbed V3G4, they can fully controlled by attackers and become part of a botnet, capable of being used to conduct further campaigns, including DDoS attacks.  “The vulnerabilities have…

Read More
16 Feb

Malware authors leverage more attack techniques that enable lateral movement

Data Breaches, Malware, Social Engineering

A new study of over a half-million malware samples collected from various sources in 2022 revealed that attackers put a high value on lateral movement, incorporating more techniques that would allow them to spread through corporate networks. Several of the most prevalent tactics, as defined by the MITRE ATT&CK framework, that were identified in the dataset aid lateral movement, including three new ones that rose into the top 10. “An increase in the prevalence of…

Read More
16 Feb

Havoc Post Exploitation Framework Observed in the Wild

Attacks, Malware

Here are some recommendations on how to defend against Havoc: Keep software up to date: As with Cobalt Strike, keeping your software up to date is essential in defending against Havoc. This includes both operating systems and software applications. Use strong authentication: Implement strong authentication methods to prevent unauthorized access to your systems, and use unique and strong passwords for all accounts. Monitor network traffic: Monitor your network traffic for any unusual activity, such as…

Read More
16 Feb

Hackers Using Google Ads to Spread FatalRAT Malware Disguised as Popular Apps

Attacks, Malware

Malicious Google Ads are becoming popular among threat actors as an infection vector for malware. Due to this, it is highly recommended to use an adblocker software when performing Google searches, particularly when searching for popular applications like Chrome or Telegram. This can help prevent a user from accidentally clicking on one of these malicious advertisement websites as opposed to the software’s legitimate site. Likewise, it is important to always double-check the URL of a…

Read More
16 Feb

Russian Hacker Convicted of $90 Million Hack-to-Trade Charges

Attacks, Malware

Global joint law enforcement cooperation has been the key to taking down cyber criminals. Often operating out of several countries, threat actors are being exposed more and more due global cooperation among law enforcement. The director of the FBI stated in August 2022, that cyber threat actors have become a top priority for the FBI and other law enforcement partners. The director stated cooperation was the key to success, “We must impose consequences on cyber…

Read More
16 Feb

CISA Releases Fifteen Industrial Control Systems Advisories

Attacks, Insights, Malware

Original release date: February 16, 2023 CISA released fifteen (15) Industrial Control Systems (ICS) advisories on February 16, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-23-047-01 Siemens Solid Edge ICSA-23-047-02 Siemens SCALANCE X-200 IRT ICSA-23-047-03 Siemens Brownfield Connectivity Client ICSA-23-047-04 Siemens Brownfield Connectivity Gateway ICSA-23-047-05 Siemens SiPass integrated AC5102/ACC-G2 and…

Read More
16 Feb

Evolving cyberattacks, alert fatigue creating DFIR burnout, regulatory risk

Data Breaches, Malware, Social Engineering

The evolution of cybercrime is weighing heavily on digital forensics and incident response (DFIR) teams, leading to significant burnout and potential regulatory risk. That’s according to the 2023 State of Enterprise DFIR survey by Magnet Forensics, a developer of digital investigation solutions. The firm surveyed 492 DFIR professionals in North America and Europe, the Middle East, and Africa working in organizations in industries such as technology, manufacturing, government, telecommunications, and healthcare. Respondents described the current…

Read More
16 Feb

BEC groups are using Google Translate to target high value victims

Data Breaches, Malware, Social Engineering

Abnormal Security has identified two groups that are using executive impersonation to execute Business Email Compromise (BEC) attacks on companies worldwide.  The first group, Midnight Hedgehog, engages in payment fraud, while the second group, Mandarin Capybara, executes payroll diversion attacks. Both groups have launched BEC campaigns in at least 13 different languages, including Danish, Dutch, Estonian, French, German, Hungarian, Italian, Norwegian, Polish, Portuguese, Spanish, and Swedish, the researchers noted. While attacking targets across various regions…

Read More