Malware

25 Jan

CISA, NSA, and MS-ISAC Release Advisory on the Malicious Use of RMM Software

Attacks, Insights, Malware

Original release date: January 25, 2023 Today, the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released joint Cybersecurity Advisory (CSA) Protecting Against Malicious Use of Remote Monitoring and Management Software. The advisory describes a phishing scam in which cyber threat actors maliciously use legitimate remote monitoring and management (RMM) software to steal money from victim bank accounts. CISA encourages network defenders to…

Read More
25 Jan

VMware Releases Security Updates for VMware vRealize Log Insight

Attacks, Insights, Malware

Original release date: January 25, 2023 VMware released security updates to address multiple vulnerabilities in VMware vRealize Log Insight. A remote attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2023-0001 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Read More
25 Jan

Chinese threat actor DragonSpark targets East Asian businesses

Data Breaches, Malware, Social Engineering

Organizations in Taiwan, Hong Kong, Singapore, and China have been recently facing attacks from Chinese threat actor DragonSpark. The threat actor was observed using the open-source tool SparkRAT for its attacks, according to a report by SentinelOne.  SparkRAT is multi-platform, feature-rich, and frequently updated with new features, making the remote access Trojan (RAT) attractive to threat actors. DragonSpark was observed using Golang malware that interprets embedded GoLang source code at runtime as a technique for hindering static analysis…

Read More
25 Jan

Veterans bring high-value, real-life experience as potential cybersecurity employees

Data Breaches, Malware, Social Engineering

Johanna Wood was an armored crewman with Lord Strathcona’s Horse, a Canadian Army regiment. At first glance, Wood’s military role may seem incompatible with civilian work; there’s not a lot of call for tank operators in private companies. But Wood believes her experience working in tanks gives her a significant edge as she enters the cybersecurity profession. “I was trained in reconnaissance, so I’m already trained to look for threats, I’m already trained to look…

Read More
24 Jan

CYGNVS exits stealth, trumpeting its cyberattack recovery platform

Data Breaches, Malware, Social Engineering

Cyber recovery startup CYGNVS announced its emergence from stealth today, having raised $55 million in series A funding and created a highly functional “cyber crisis” platform which promises to help organizations recover from major breaches. The company’s product is in its name – CYGNVS says it’s an acronym for Cyber GuidaNce Virtual Space. It’s effectively an all-in-one disaster recovery system for cyberattacks. It provides out-of-band communications between key team members, since corporate networks may become…

Read More
24 Jan

Apple Patches Critical Security Vulnerabilities Actively Exploited In The Wild

Attacks, Malware

The latest versions of the Safari browser, macOS, iOS, and watchOS address several recently discovered vulnerabilities. Not only does Binary Defense recommend that users upgrade their Apple devices to the latest software versions, but the Cybersecurity and Infrastructure Security Agency (CISA) has issued a notice for Federal Civilian Executive Branch (FCEB) agencies to patch their devices to secure them “against active threats.” https://www.bleepingcomputer.com/news/apple/apple-fixes-actively-exploited-ios-zero-day-on-older-iphones-ipads/ https://support.apple.com/en-us/HT213597

Read More
24 Jan

Chinese Cybercrime Group Using Golang Code Interpreter to Evade Detection

Attacks, Malware

DragonSpark does not appear to have any notable ties to other Chinese based threat actors. Based on the attacks that the group is carrying out, especially in regards to the locations of the victims as well as the choice of tools primarily developed by Chinese authors, researchers are fairly certain that the group has ties to China. It highly recommended that companies that either have ties to Eastern Asia or do a lot of business…

Read More
24 Jan

P-to-P fraud most concerning cyber threat in 2023: CSI

Data Breaches, Malware, Social Engineering

US financial institutions see peer-to-peer fraud and other digital fraud as the biggest cybersecurity concern in 2023. It was cited by 29% of respondents in a survey by Computer Systems Inc. (CSI), followed by data breaches (23%), ransomware (20%) and a breach at a third party (15%).  Industry respondents also expressed concerns over identity theft at 4%, unavailable or unaffordable cyber insurance at 4%, geopolitical risks at 3%, DDoS attacks at 2% and website defacement at…

Read More
24 Jan

CISA Releases Protecting Our Future: Partnering to Safeguard K–12 organizations from Cybersecurity Threats

Attacks, Insights, Malware

Original release date: January 24, 2023 Today, CISA released Protecting Our Future: Partnering to Safeguard K–12 organizations from Cybersecurity Threats. The report provides recommendations and resources to help K-12 schools and school districts address systemic cybersecurity risk. It also provides insight into the current threat landscape specific to the K-12 community and offers simple steps school leaders can take to strengthen their cybersecurity efforts. The report’s findings state that K-12 organizations need resources, simplicity and…

Read More
24 Jan

ServiceNow to detect open source security vulnerabilities with Snyk integration

Data Breaches, Malware, Social Engineering

ServiceNow Vulnerability Response users will now have access to Snyk Open Source, a software composition analysis (SCA) platform designed to help developers find, prioritize, and fix security vulnerabilities and license issues in open source dependencies. Snyk Open Source is backed by the Israeli-US company’s own security intelligence that relies on a combination of public sources, data from the developer community, proprietary expert research, machine learning, and human-in-the-loop AI.  ServiceNow Vulnerability Response is part of ServiceNow Security Operations…

Read More