Malware

Recent legal developments bode well for security researchers, but challenges remain

Despite the hoodie-wearing bad guy image, most hackers are bona fide security researchers protecting users by probing and testing the security configurations of digital networks and assets. Yet the law has often failed to distinguish between malicious hackers and good-faith security researchers. This failure to distinguish between the two hacker camps has, however, improved over the past two years, according to Harley Geiger, an attorney with Venable LLP, who serves as counsel in the Privacy…

Read More

Attackers move away from Office macros to LNK files for malware delivery

For years attackers have used Office documents with malicious macros as one of the primary methods of infecting computers with malware. Microsoft finally took steps to disable such scripts by default in documents downloaded from the internet, forcing many groups to change tactics and increasingly choose LNK (shortcut) files as a delivery mechanism. This trend has led to the creation of paid tools and services dedicated to building malicious LNK files. Some of these builders…

Read More

LastPass Parent Company GoTo Suffers Data Breach, Customers’ Backups Compromised

The company did not disclose how many users were impacted, but said it’s directly contacting the victims to provide additional information and recommend certain “actionable steps” to secure their accounts. GoTo has also taken the step of resetting the passwords of affected users and requiring them to reauthorize MFA settings. It further said it’s migrating their accounts to an enhanced identity management platform that claims to offer more robust security. Individuals who have been compromised…

Read More

New Stealthy Python RAT Malware Targets Windows in Attacks

As with many campaigns, this malware is spread through phishing techniques. This demonstrates the benefit of employing an email monitoring solution in an enterprise environment. Additionally, it demonstrates the need for constant – and recurring – user education on common phishing tactics and how to detect and protect against them. Apart from these general statements that can apply to most new campaigns, this RAT also demonstrates a few different techniques that are possible to monitor.…

Read More

Vulnerable LearnPress Plugin for WordPress Impacts 75k Sites

LearnPass site administrators should update the plugin to version 4.2 or above as soon as possible. It is critical for maintainers of WordPress websites to continuously update both WordPress core and all installed plugins. Binary Defense highly recommends WordPress users enable auto-updates wherever possible. https://www.bleepingcomputer.com/news/security/75k-wordpress-sites-impacted-by-critical-online-course-plugin-flaws/

Read More

Emotet Evolving with New Attack and Evasion Techniques

Keeping Endpoint Detection and Response (EDR) systems up-to-date and properly tuned can help companies identify process injection attacks. To help prevent the macro bypass, companies should limit write access to the default Templates directories for Microsoft Office. The SMB spreader can be detected by collecting a baseline of standard SMB netflow traffic and alerting against deviations from that, though this requires a well-staffed security team. https://thehackernews.com/2023/01/emotet-malware-makes-comeback-with-new.html

Read More

CISA, NSA, and MS-ISAC Release Advisory on the Malicious Use of RMM Software

Original release date: January 25, 2023 Today, the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released joint Cybersecurity Advisory (CSA) Protecting Against Malicious Use of Remote Monitoring and Management Software. The advisory describes a phishing scam in which cyber threat actors maliciously use legitimate remote monitoring and management (RMM) software to steal money from victim bank accounts. CISA encourages network defenders to…

Read More

VMware Releases Security Updates for VMware vRealize Log Insight

Original release date: January 25, 2023 VMware released security updates to address multiple vulnerabilities in VMware vRealize Log Insight. A remote attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2023-0001 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Read More

Chinese threat actor DragonSpark targets East Asian businesses

Organizations in Taiwan, Hong Kong, Singapore, and China have been recently facing attacks from Chinese threat actor DragonSpark. The threat actor was observed using the open-source tool SparkRAT for its attacks, according to a report by SentinelOne.  SparkRAT is multi-platform, feature-rich, and frequently updated with new features, making the remote access Trojan (RAT) attractive to threat actors. DragonSpark was observed using Golang malware that interprets embedded GoLang source code at runtime as a technique for hindering static analysis…

Read More

Veterans bring high-value, real-life experience as potential cybersecurity employees

Johanna Wood was an armored crewman with Lord Strathcona’s Horse, a Canadian Army regiment. At first glance, Wood’s military role may seem incompatible with civilian work; there’s not a lot of call for tank operators in private companies. But Wood believes her experience working in tanks gives her a significant edge as she enters the cybersecurity profession. “I was trained in reconnaissance, so I’m already trained to look for threats, I’m already trained to look…

Read More