Malware

27 Jan

Hackers abuse legitimate remote monitoring and management tools in attacks

Data Breaches, Malware, Social Engineering

Security researchers warn that an increasing number of attackers are using legitimate remote monitoring and management (RMM) tools in their attacks to achieve remote access and control over systems. These tools are commonly used by managed service providers (MSPs) and IT help desks so their presence on an organization’s network and systems might not raise suspicion. Researchers from Cisco Talos reported this week that one particular commercial RMM tool called Syncro was observed in a…

Read More
27 Jan

FBI takes down Hive ransomware group in an undercover operation

Data Breaches, Malware, Social Engineering

The US Department of Justice (DOJ) along with international partners have taken down the Hive ransomware group. The operation that began in July 2022 resulted in the FBI penetrating Hive’s computer networks, capturing its decryption keys, and offering them to victims worldwide, preventing victims from having to pay the $130 million in ransom demanded, DOJ said in a release on Thursday.  “Last night, the Justice Department dismantled an international ransomware network responsible for extorting and…

Read More
26 Jan

JCDC Announces 2023 Planning Agenda

Attacks, Insights, Malware

Original release date: January 26, 2023 Today, the Joint Cyber Defense Collaborative (JCDC) announced its 2023 Planning Agenda. This release marks a major milestone in the continued evolution and maturation of the collaborative’s planning efforts. JCDC’s Planning Agenda brings together government and private sector partners to develop and execute cyber defense plans that achieve specific risk reduction goals focused on systemic risk, collective cyber response, and high-risk communities. Through this effort, CISA and partners across…

Read More
26 Jan

9 API security tools on the frontlines of cybersecurity

Data Breaches, Malware, Social Engineering

Application programming interfaces (APIs) have become a critical part of networking, programs, applications, devices, and nearly everything else in the computing landscape. This is especially true for cloud and mobile computing, neither of which could probably exist in its current form without APIs holding everything together or managing much of backend functionality. Because of their reliability and simplicity, APIs have become ubiquitous across the computing landscape. Most organizations probably don’t even know how many APIs…

Read More
26 Jan

Recent legal developments bode well for security researchers, but challenges remain

Data Breaches, Malware, Social Engineering

Despite the hoodie-wearing bad guy image, most hackers are bona fide security researchers protecting users by probing and testing the security configurations of digital networks and assets. Yet the law has often failed to distinguish between malicious hackers and good-faith security researchers. This failure to distinguish between the two hacker camps has, however, improved over the past two years, according to Harley Geiger, an attorney with Venable LLP, who serves as counsel in the Privacy…

Read More
25 Jan

Attackers move away from Office macros to LNK files for malware delivery

Data Breaches, Malware, Social Engineering

For years attackers have used Office documents with malicious macros as one of the primary methods of infecting computers with malware. Microsoft finally took steps to disable such scripts by default in documents downloaded from the internet, forcing many groups to change tactics and increasingly choose LNK (shortcut) files as a delivery mechanism. This trend has led to the creation of paid tools and services dedicated to building malicious LNK files. Some of these builders…

Read More
25 Jan

LastPass Parent Company GoTo Suffers Data Breach, Customers’ Backups Compromised

Attacks, Malware

The company did not disclose how many users were impacted, but said it’s directly contacting the victims to provide additional information and recommend certain “actionable steps” to secure their accounts. GoTo has also taken the step of resetting the passwords of affected users and requiring them to reauthorize MFA settings. It further said it’s migrating their accounts to an enhanced identity management platform that claims to offer more robust security. Individuals who have been compromised…

Read More
25 Jan

New Stealthy Python RAT Malware Targets Windows in Attacks

Attacks, Malware

As with many campaigns, this malware is spread through phishing techniques. This demonstrates the benefit of employing an email monitoring solution in an enterprise environment. Additionally, it demonstrates the need for constant – and recurring – user education on common phishing tactics and how to detect and protect against them. Apart from these general statements that can apply to most new campaigns, this RAT also demonstrates a few different techniques that are possible to monitor.…

Read More
25 Jan

Vulnerable LearnPress Plugin for WordPress Impacts 75k Sites

Attacks, Malware

LearnPass site administrators should update the plugin to version 4.2 or above as soon as possible. It is critical for maintainers of WordPress websites to continuously update both WordPress core and all installed plugins. Binary Defense highly recommends WordPress users enable auto-updates wherever possible. https://www.bleepingcomputer.com/news/security/75k-wordpress-sites-impacted-by-critical-online-course-plugin-flaws/

Read More
25 Jan

Emotet Evolving with New Attack and Evasion Techniques

Attacks, Malware

Keeping Endpoint Detection and Response (EDR) systems up-to-date and properly tuned can help companies identify process injection attacks. To help prevent the macro bypass, companies should limit write access to the default Templates directories for Microsoft Office. The SMB spreader can be detected by collecting a baseline of standard SMB netflow traffic and alerting against deviations from that, though this requires a well-staffed security team. https://thehackernews.com/2023/01/emotet-malware-makes-comeback-with-new.html

Read More