Malware

With macro execution now disabled by default in Office apps, this is just one of the many new phishing techniques that will likely rise to take its place. As with any phishing technique, the best way to prevent it is to make end users aware of this new threat through user education. However, there are some other possible detections to alert to this activity. One possible detection is to monitor for VSTO file creations near…

These attacks show that the threat actors are interested in empowering old malware with new tactics, bringing it to new life. Google advertising attacks have become common, and users need to be cautious of the links that they are clicking, not only in email but in the browser as well. Source: https://www.bleepingcomputer.com/news/security/google-ads-push-virtualized-malware-made-for-antivirus-evasion/

Analysts Notes: All users are recommended to be extremely suspicious of any link contained in the email. It is recommended to manually check URLs for legitimacy prior to clicking on them and to contact the sender of the email directly to verify they meant to use a specific site to send documents. Source: https://www.infosecurity-magazine.com/news/threat-actors-clickfunnels-bypass

Since Redis was designed to be accessed from within trusted environments by trusted clients, it is generally not recommended to expose any servers to the Internet. Since Redis does not use authentication by default, exposing a server to the Internet would allow anyone to freely access it and use it for any purpose they desire. Since version 3.2.0, Redis will, by default, enter a protected mode if it is configured as bound to all interfaces…

To protect against ransomware attacks, organizations should: • Regularly back up data, air gap, and password protect backup copies offline.• Ensure copies of critical data are not accessible for modification or deletion• Implement network segmentation.• Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location• Install updates/patch operating systems, software, and firmware as soon as possible• Implement monitoring of security events…

Exploiting these bugs would require a threat actor to obtain admin-level access on the local device. However, given that many deployments are likely not to change the default device passwords, threat actors may not have much difficulty obtaining those admin credentials. Researchers at Trellix have advised those using the Cisco products to check for any abnormal containers installed on relevant Cisco devices, and recommended that organizations that don’t run containers disable the IOx container framework…