CyberSecurity Updates

31 Aug

Energy Department Offering $9M in Cybersecurity Competition for Small Electric Utilities

Information, News

The US Department of Energy on Wednesday announced a competition that can help smaller electric utilities obtain funding and technical assistance for improving their cybersecurity posture.  The competition, named the Advanced Cybersecurity Technology (ACT) 1 Prize Competition, is part of the Biden administration’s Rural and Municipal Utility Cybersecurity (RMUC) Program, which has set aside $250 million over a five-year period for enhancing cybersecurity at cooperative, municipal and small investor-owned electric utilities.  For the ACT 1…

Read More
31 Aug

CISA Warns of Hurricane-Related Scams

Attacks, Insights, Malware

CISA urges users to remain on alert for malicious cyber activity following natural disasters, such as hurricanes, as attackers target disaster victims and concerned citizens by leveraging social engineering tactics, techniques, and procedures (TTPs). Social engineering TTPs include phishing, in which threat actors pose as trustworthy persons/organizations—such as disaster-relief charities—to solicit personal information via email or malicious websites. CISA recommends exercising caution in handling emails with disaster-related subject lines, attachments, or hyperlinks. In addition, be…

Read More
31 Aug

CISA and International Partners Release Malware Analysis Report on Infamous Chisel Mobile Malware

Attacks, Insights, Malware

Today, the United Kingdom’s National Cyber Security Centre (NCSC-UK), the United States’ Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI), New Zealand’s National Cyber Security Centre (NCSC-NZ), the Canadian Centre for Cyber Security (CCCS), and the Australian Signals Directorate (ASD) published a joint Malware Analysis Report (MAR), on Infamous Chisel, a new mobile malware targeting Android devices that has capabilities to enable unauthorized access to compromised devices,…

Read More
30 Aug

‘Earth Estries’ Cyberespionage Group Targets Government, Tech Sectors

Information, News

A cyberespionage group possibly linked to China has targeted government-related organizations and technology companies in various parts of the world. Trend Micro, which tracks it as Earth Estries, says the group has been around since at least 2020.  While the cybersecurity firm has not directly attributed Earth Estries to any particular country, it did point out that there are some overlaps in tactics, techniques and procedures (TTPs) with an APT named FamousSparrow. FamousSparrow, which in…

Read More
30 Aug

CISA and FBI Publish Joint Advisory on QakBot Infrastructure

Attacks, Insights, Malware

Today, the Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory (CSA), Identification and Disruption of QakBot Infrastructure, to help organizations detect and protect against newly identified QakBot-related activity and malware. QakBot—also known as Qbot, Quackbot, Pinkslipbot, and TA570—is responsible for thousands of malware infections globally.  Originally used as a banking trojan to steal banking credentials for account compromise, QakBot—in most cases—was delivered via phishing campaigns containing…

Read More
29 Aug

Mom’s Meals issues “Notice of Data Event”: What to know and what to do

Information

by Paul Ducklin US food delivery compeny PurFoods, which trades as Mom’s Meals, has just admitted to a cyberintrusion that took place from 2023-01-16 to 2023-02-22. The company stated officially that: [The] cyberattack […] included the encryption of certain files in our network. Because the investigation identified the presence of tools that could be used for data exfiltration (the unauthorized transfer of data), we can’t rule out the possibility that data was taken from one…

Read More
29 Aug

U.S. Hacks QakBot, Quietly Removes Botnet Infections

Information, Insights

The U.S. government today announced a coordinated crackdown against QakBot, a complex malware family used by multiple cybercrime groups to lay the groundwork for ransomware infections. The international law enforcement operation involved seizing control over the botnet’s online infrastructure, and quietly removing the Qakbot malware from tens of thousands of infected Microsoft Windows computers. Dutch authorities inside a data center with servers tied to the botnet. Image: Dutch National Police. In an international operation announced…

Read More
29 Aug

New ‘MMRat’ Android Trojan Targeting Users in Southeast Asia

Information, News

A newly identified Android trojan targeting users in Southeast Asia is allowing attackers to control devices remotely and perform bank fraud, Trend Micro reports. Dubbed MMRat and active since June, the malware can capture user input and take screenshots, and uses a customized command-and-control (C&C) protocol based on Protobuf, which improves its performance when transferring large amounts of data. The malware has been distributed via websites masquerading as official application stores, and which were tailored…

Read More