Continuous Monitoring and Protection
Users looking to protect themselves from these types of attacks should do the following: • Always hover all URLs before clicking• Always double-check sender addresses• Log into the Facebook account directly to check the status of the account instead of clicking on the URL in the email https://www.avanan.com/blog/facebook-termination-notices-leads-to-phishing
Read MoreThis tunnel technique is a unique tactic used by the threat actor. The idea is to leverage the tunnel to remotely access the compromised computer via a Flask-based app, which contains a trojan dubbed xrat (but codenamed poweRAT by Phylum). The malicious program allows threat actors to execute arbitrary Python code, download and run remote files on the host, exfiltrate files and entire directories, run shell commands, and more. The Flask application supports a “live”…
Read MoreThreat actors can leverage stolen medical records to impersonate legitimate patients to commit various forms of fraud, including submitting fraudulent claims to health insurers without authorization. This could not only affect healthcare coverage, but also compromise safety if ther i’s misinformation on file that is needed for medical treatment. Anyone who may have been a victim of a medical data breach should get confirmation from their provider to find out exactly what information was stolen.…
Read MoreSecurity researchers at Microsoft are flagging ransomware attacks on Apple’s flagship macOS operating system, warning that financially motivated cybercriminals are abusing legitimate macOS functionalities to exploit vulnerabilities, evade defenses, or coerce users to infect their devices. In a blog post documenting its research into four known macOS ransomware families, Microsoft’s Security Threat Intelligence team published IOCs and technical details to show how ransomware actors target users on macOS-powered devices. “While these malware families are old,…
Read MoreTikTok, the viral app resident on millions of devices, was recently banned from executive branch devices in the United States, as set out in in the recent Omnibus Bill signed by President Joe Biden. The Omnibus Bill, as detailed in CSO Online’s overview, highlighted that the “legislation required the Office of Management and Budget in consultation with the administrator of general services, the director of CISA, the director of national intelligence, and the secretary of…
Read MoreLittle in the modern IT world lends itself to manual or siloed management, and this is doubly true in the security realm. The scale of modern enterprise computing and modern application stack architecture requires security tools that can bring visibility into the security posture of modern IT components and integrate tightly to bring real-time threat detection, possibly even automating aspects of threat mitigation. This need has given rise to extended detection and response (XDR) tools.…
Read MoreWhile no official statement has been released as to how the malware variants are spreading, it can be assumed that these are likely spreading through phishing campaigns and malicious websites. From an enterprise level, the best course of action to take to prevent against this malware would be to educate end users on the best practices to take when browsing the internet, to verify application legitimacy, and to read application reviews prior to installation. Applications…
Read MoreMegaCortex was first discovered in 2019 and was observed targeting corporate network with attacks that included adjustable ransom demands based on the companies that were attacked and the amount of data stolen. In October 2021, officials arrested 12 individuals related to thousands of MegaCortex and LockerGoga ransomware attacks. Along with the arrests, authorities discovered the private keys used in attacks, which lead to Bitdefender releasing the decryptor for the LockerGoga ransomware. Bitdefender did not release…
Read MoreSince discovering the attack on December 2 and confirming the resulting outage was caused by a ransomware attack, Rackspace has been offering affected customers free licenses to migrate their email from its Hosted Exchange platform to Microsoft 365. The cloud computing provider also provided affected customers with download links to recovered historic mailbox data (containing email messages before December 2) through its customer portal via an automated queue. Rackspace added that its Hosted Exchange environment…
Read MoreMore than a dozen new Mac malware families were discovered in 2022, including information stealers, cryptocurrency miners, loaders, and backdoors, and many of them have been linked to China. Mac security expert Patrick Wardle has compiled a list of the macOS malware that came to light over the course of last year. The number of new malware appears to be increasing as only eight new families were spotted in 2021. The first malware to emerge…
Read More