Malware

31 Jan

Threat actors abuse Microsoft’s “verified publisher” status to exploit OAuth privileges

Data Breaches, Malware, Social Engineering

Researchers from cybersecurity firm Proofpoint claim to have discovered a new threat campaign involving malicious third-party OAuth apps that are used to infiltrate organizations’ cloud environments. According to a blog on the company’s website, threat actors satisfied Microsoft’s requirements for third-party OAuth apps by abusing the Microsoft “verified publisher” status, employing brand abuse, app impersonation and other social engineering tactics to lure users into authorizing malicious apps. The potential impacts of the campaign, which Proofpoint…

Read More
31 Jan

New UN cybercrime convention has a long way to go in a tight timeframe

Data Breaches, Malware, Social Engineering

Cybercrime is a growing scourge that transcends borders, spreading across the boundaries of virtually all the world’s nearly 200 nation-states. From ransomware attacks to rampant cryptocurrency theft, criminal exploitation of borderless digital systems threatens global economic security and the political welfare of all countries. Now, the United Nations has a major initiative to develop a new and more inclusive approach to addressing cybercrime. This revised global approach could spark new laws worldwide to battle cybercrime…

Read More
30 Jan

Sandworm Targets Ukraine’s National News Agency

Attacks, Malware

Wiper malware can be a very destructive tool for threat actors when targeting a specific group or business. Although difficult to defend against, there are ways to make organizations less susceptible to these types of attacks. Some of these methods include: • Making sure malware protection and AV is up to date• Regularly creating secure offline backups• Train employees on how to spot phishing attempts and other forms of attacks• Install updates/patch operating systems, software,…

Read More
30 Jan

New Golang-Based Malware Dubbed Titan Stealer

Attacks, Malware

“One of the primary reasons [threat actors] may be using Golang for their information stealer malware is because it allows them to easily create cross-platform malware that can run on multiple operating systems, such as Windows, Linux, and macOS. Additionally, the Go compiled binary files are small in size, making them more difficult to detect by security software,” reads Cyble’s technical analysis. The finding comes a little more than two months after SEKOIA announced Aurora…

Read More
30 Jan

How to survive below the cybersecurity poverty line

Data Breaches, Malware, Social Engineering

The security poverty line broadly defines a divide between the organizations that have the means and resources to achieve and maintain mature security postures to protect data, and those that do not. It was first coined by cybersecurity expert Wendy Nather in 2011, and the concept is just as relevant today as it was then (if not more so). It has widely become the benchmark for acceptable cybersecurity, often associated with factors such as company…

Read More
30 Jan

Economic headwinds could deepen the cybersecurity skills shortage

Data Breaches, Malware, Social Engineering

According to the most recent research report from ESG and the Information System Security Association International (ISSA), 57% of organizations claim that they’ve been impacted by the global cybersecurity skills shortage, while 44% of organizations believe the skills shortage has gotten worse over the past few years. The result? Increasing workloads on existing cybersecurity staff, job requisitions open for weeks or months, and high burnout rates and attrition for cybersecurity professionals. (ESG and ISSA will update…

Read More
27 Jan

Killnet Targets German Entities with DDoS Attacks

Attacks, Malware

DDoS attacks can have devastating consequences if performed successfully. The use of the internet will not go away, and with the world increasingly going more digital, the likelihood of DDoS attempts will continue to grow. It is important to dedicate resources towards protecting against these types of attacks with a vigilant DDoS mitigation approach. Cyberattacks Target Websites of German Airports, Admin

Read More
27 Jan

Exploit Released for Critical Windows CryptoAPI Spoofing Bug

Attacks, Malware

It is highly recommended to install security patches on all Windows systems in an environment, particularly any that are exposed to the Internet. As vulnerabilities are discovered, maintaining a consistent patching cycle for devices can help reduce attack surface and prevent an environment from being breached. Threat actors have been known to still use fixed vulnerabilities that are months old, due to inconsistent patching among many systems around the world. It is also recommended to…

Read More
27 Jan

U.S. Federal Agencies Fall Victim to Cyber Attack Utilizing Legitimate RMM Software

Attacks, Malware

The authoring organizations encourage network defenders to:• Implement best practices to block phishing emails.• Audit remote access tools on your network to identify currently used and/or authorized RMM software.• Review logs for execution of RMM software to detect abnormal use of programs running as a portable executable.• Use security software to detect instances of RMM software only being loaded in memory.• Implement application controls to manage and control execution of software, including allow listing RMM…

Read More
27 Jan

ISC Releases Security Advisories for Multiple Versions of BIND 9

Attacks, Insights, Malware

Original release date: January 27, 2023 The Internet Systems Consortium (ISC) has released security advisories that address vulnerabilities affecting multiple versions of the ISC’s Berkeley Internet Name Domain (BIND) 9. A remote attacker could exploit these vulnerabilities to potentially cause denial-of-service conditions and system failures. CISA encourages users and administrators to review the following ISC advisories CVE-2022-3094, CVE-2022-3488, CVE-2022-3736, and CVE-2022-3924 and apply the necessary mitigations. This product is provided subject to this Notification and…

Read More