Malware

12 Jan

IcedID Malware Strikes Again: Active Directory Domain Compromised in Under 24 Hours

Attacks, Malware

Since the initial infection vector relates to a phishing email containing a malicious ZIP file, it is recommended to implement and maintain proper email security controls. Email security controls, such as AV scanning and sandboxing, can help prevent phishing emails from reaching end users, thus potentially preventing the malware from infecting a workstation, to begin with. It is also recommended to maintain appropriate endpoint security controls. Most of the behaviors exhibited by this attack post-compromise…

Read More
12 Jan

House Lawmakers Introduce Bill to Create National Digital Reserve Corps

Attacks, Malware

This legislation aligns with the current administration’s whole government approach to improving the nation’s cyber security posture. The government and the private sector have looked for creative ways to fill critical information technology and cyber security roles. At a time when the U.S. military is struggling to reach its recruitment goals, incentivizing reservist roles may be the best option for the government. Source: https://www.fedscoop.com/house-lawmakers-introduce-bill-to-create-national-digital-reserve-corps/

Read More
12 Jan

Drupal Releases Security Update to Address Vulnerability in Private Taxonomy Terms

Attacks, Insights, Malware

Original release date: January 12, 2023 Drupal has released a security update to address a vulnerability affecting private vocabulary modules for Drupal 8.x. An unauthorized user could exploit this vulnerability to bypass access permissions to create, modify, and delete private vocabulary terms. CISA encourages users and administrators to review Drupal’s security advisory SA-CONTRIB-2023-001 and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Read More
12 Jan

CloudSek launches free security tool that helps users win bug bounty

Data Breaches, Malware, Social Engineering

Cybersecurity firm CloudSek has launched BeVigil, a tool that can tell users how safe the apps installed on their phone are, and helps users and developers win bug bounty by helping them identify and report bugs in the code. BeVigil scans all the apps installed on a user’s phone and rates them as dangerous, risky, or safe. Running as a web application for the past one year, BeVigil has already scanned over a million apps…

Read More
12 Jan

Cybersecurity spending and economic headwinds in 2023

Data Breaches, Malware, Social Engineering

Now that everyone, their brother, sister, and dog have chimed in on cybersecurity predictions for 2023, here are a few observations based on some recent ESG research. First the numbers: 53% of organizations will increase IT spending in 2023, 30% say IT spending will remain flat in 2023, and 18% forecast a decrease in IT spending. As for cybersecurity, 65% of organizations plan to increase cybersecurity spending in 2023. These numbers mean that some organizations…

Read More
12 Jan

CISA Releases Twelve Industrial Control Systems Advisories

Attacks, Insights, Malware

Original release date: January 12, 2023 CISA released twelve Industrial Control Systems (ICS) advisories on January 12, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.  CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-23-012-01 Sewio RTLS Studio ICSA-23-012-02 RONDS Equipment Predictive Maintenance Solution ICSA-23-012-03 InHand Networks InRouter ICSA-23-012-04 Panasonic Sanyo CCTV Network Camera ICSA-23-012-05 SAUTER Controls Nova 200 – 220…

Read More
11 Jan

Cybercriminals bypass Windows security with driver-vulnerability exploit

Data Breaches, Malware, Social Engineering

The Scattered Spider cybercrime group has recently been observed attempting to deploy a malicious kernel driver using a tactic called bring your own vulnerable driver (BYOVD) — a warning to security professionals that the technique, which exploits longstanding deficiencies in Windows kernel protections, is still being employed by cybercriminals, according to cybersecurity company CrowdStrike. In this latest BYOVD attack, which was observed and stopped by CrowdStrike’s Falcon security system, Scattered Spider attempted to deploy a…

Read More
11 Jan

NCSC-UK Releases Guidance on Using MSP for Administering Cloud Services

Attacks, Insights, Malware

Original release date: January 11, 2023 The United Kingdom’s National Cyber Security Centre (NCSC-UK) has released a blog post, Using MSPs to administer your cloud services, that provides organizations security considerations for using a third party, such as a managed service provider (MSP), to administer cloud services. Contracting with an MSP for cloud service management has become an increasingly appealing option for organizations. The post discusses the trade-offs involved as well as specific security checks…

Read More
11 Jan

StrongPity APT Group Distributing Fake Shagle App

Attacks, Malware

Binary Defense strongly recommends that Android users source their apps from a trusted source such as the Google Play store. Extreme caution should be used when installing an APK from any other source. https://www.bleepingcomputer.com/news/security/hackers-target-android-users-with-fake-shagle-video-chat-app/

Read More
11 Jan

Over 1,300 Fake AnyDesk Sites Push Vidar Info-Stealing Malware

Attacks, Malware

Users are advised to bookmark official sites used for downloading software, avoid clicking on promoted results (ads) in Google Search, and find the official URL of a software project from their official website, documentation, or your OS’s package manager. https://www.bleepingcomputer.com/news/security/over-1-300-fake-anydesk-sites-push-vidar-info-stealing-malware/

Read More