Malware

10 Feb

Attackers Breach Reddit to Steal Source Code and Internal Data

Attacks, Malware

All organizations should provide phishing awareness and defense training to all of their employees/users. A simple defense technique would be adopting a zero-trust attitude toward outside communication. For email, the zero-trust model means not allowing the delivery of messages unless they originate from a sender who can be authenticated and who has been granted explicit permission to deliver messages to that inbox. https://www.bleepingcomputer.com/news/security/hackers-breach-reddit-to-steal-source-code-and-internal-data/

Read More
10 Feb

North Korean Ransomware Attacks on Healthcare Fund Government Operations

Attacks, Malware

In this campaign, the North Korean ransomware operators made use of numerous vulnerabilities, tools, and TTPs to accomplish their goals. To protect best against a campaign such as this, it is recommended to provide user education into common phishing tactics, such as trojanized software on typo-squatted domains. Additionally, it is recommended to ensure that all software/hardware is up to date, as the operators made use of numerous vulnerabilities that relied on outdated applications. Further, it…

Read More
10 Feb

CISA Adds Three Known Exploited Vulnerabilities to Catalog

Attacks, Insights, Malware

Original release date: February 10, 2023 CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view the newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column, which will sort by descending dates. Binding Operational Directive (BOD) 22-01:…

Read More
10 Feb

Top cybersecurity M&A deals for 2023

Data Breaches, Malware, Social Engineering

Uncertainty and instability marked the end of 2022 for many in the tech sector, a trend that bled into the beginning of 2023. Following on the heels of a drought in IT talent came mass layoffs at many of the world’s biggest tech companies as predictions of recession loomed and war in Ukraine dragged on with no end in sight. Global concern over cybersecurity has never been higher, with attacks coming fast and furious and…

Read More
09 Feb

Weee! Grocery Chain Suffers Apparent Data Breach

Attacks, Malware

Individuals who may have been affected by this breach should change login information immediately. Customers who may have been affected should also be aware that phishing attempts, whether by email or text, are likely to increase so any suspicious emails from unknown senders should be dealt with cautiously. https://www.bleepingcomputer.com/news/security/weee-grocery-service-confirms-data-breach-11-million-affected

Read More
09 Feb

Gootkit Malware Adopts New Tactics to Attack Healthcare and Finance Firms

Attacks, Malware

Infections via malicious Google ads has become increasingly utilized by threat actors in recent months, indicating the popularity of such a tactic gaining traction. It is recommended to install an ad blocker on web browsers, as this can help prevent these malicious Google ads from being served. This can help prevent an unsuspecting user from accidentally visiting the malicious website instead of the legitimate one. In cases where a masquerading malware such as Gootkit is…

Read More
09 Feb

MTU Cork Struck with Ransomware Attack

Attacks, Malware

Ransomware continues to be a dominant force in the cybercrime industry. While mitigating this threat is difficult, it is far from impossible, especially with mature incident response, threat detection, and disaster recovery programs in place. Implementing detections for Data Encrypted for Impact (MITRE ATT&CK Technique T1486) and other common ransomware techniques will help incident response teams react as soon as possible, potentially stopping the attacker in their tracks. Backups of critical systems, if kept disconnected…

Read More
09 Feb

#StopRansomware – Ransomware Attacks on Critical Infrastructure Fund DPRK Espionage Activities

Attacks, Insights, Malware

Original release date: February 9, 2023 CISA, the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), the Department of Health and Human Services (HHS), and Republic of Korea’s Defense Security Agency and National Intelligence Service have released a joint Cybersecurity Advisory (CSA), Ransomware Attacks on Critical Infrastructure Fund DPRK Espionage Activities, to provide information on ransomware activity used by North Korean state-sponsored cyber to target various critical infrastructure sectors, especially Healthcare and Public…

Read More
09 Feb

VMware ESXi server ransomware evolves, after recovery script released

Data Breaches, Malware, Social Engineering

After the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday released a recovery script for organizations affected by a massive ransomware attack targeting VMWare ESXi servers worldwide, reports surfaced that the malware evolved in a way that made earlier recovery procedures ineffective. The attacks, aimed at VMware’s ESXi bare metal hypervisor, were first made public February 3 by the French Computer Emergency Response Team (CERT-FR), and target ESXi instances running older versions…

Read More
09 Feb

UK/US cybercrime crackdown sees 7 ransomware criminals sanctioned

Data Breaches, Malware, Social Engineering

A UK/US campaign to tackle international cybercrime has seen Seven Russian cybercriminals linked to a notorious ransomware group exposed and sanctioned. The sanctions were announced today by the UK’s Foreign, Commonwealth and Development Office (FCDO) alongside the US Department of the Treasury’s Office of Foreign Assets Control (OFAC). This follows a lengthy investigation by the National Crime Agency (NCA) into the crime group behind Trickbot malware, as well as the Conti and RYUK ransomware strains,…

Read More