CyberSecurity Updates

04 Mar

What does $5,000 buy you on a hacking forum? – Week in security with Tony Anscombe

Information

A bootkit that ESET researchers have discovered in the wild is the BlackLotus UEFI bootkit that is being peddled on hacking forums For a mere $5,000, you can buy a UEFI bootkit called BlackLotus that can run even on fully up-to-date Windows 11 systems with UEFI Secure Boot enabled. This week, ESET researchers published their analysis of BlackLotus that caused them to conclude that the bootkit they had discovered in the wild is indeed the…

Read More
04 Mar

Feds warn about right Royal ransomware rampage that runs the gamut of TTPs

Information

by Paul Ducklin The US Cybersecurity and Infrastructure Security Agency (CISA), which dubs itself “America’s Cyber Defense Agency”, has just put out a public service annoucement under its #StopRansomware banner. This report is numbered AA23-061a, and if you’ve slipped into the habit of assuming that ransomware is yesterday’s threat, or that other specific cyberattacks should be at the top of your list in 2023, then it is well worth reading. The risks you introduce by…

Read More
04 Mar

CISA released three Industrial…

Attacks, Insights, Malware

CISA released three Industrial Control Systems (ICS) advisories on February 28, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.      CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations:   ICSA-23-059-01 Hitachi Energy Gateway Station ICSA-23-059-02 Hitachi Energy Gateway Station ICSA-22-139-01 Mitsubishi Electric MELSEC iQ-F Series (Update B) Please share your thoughts. We recently updated our anonymous Product Feedback Survey and we’d…

Read More
04 Mar

Today, CISA released a…

Attacks, Insights, Malware

Today, CISA released a Cybersecurity Advisory, CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks. This advisory describes a red team assessment of a large critical infrastructure organization with a mature cyber posture. CISA is releasing this Cybersecurity Advisory (CSA) detailing the red team’s tactics, techniques, and procedures (TTPs) and key findings to provide network defenders proactive steps to reduce the threat of similar activity from malicious cyber actors.     As…

Read More
04 Mar

Today, CISA released Decider, a…

Attacks, Insights, Malware

Today, CISA released Decider, a free tool to help the cybersecurity community map threat actor behavior to the MITRE ATT&CK framework. Created in partnership with the Homeland Security Systems Engineering and Development Institute™ (HSSEDI) and MITRE, Decider helps make mapping quick and accurate through guided questions, a powerful search and filter function, and a cart functionality that lets users export results to commonly used formats. Network defenders, analysts, and researchers can see CISA’s video, fact…

Read More
03 Mar

Chick-fil-A Confirms Accounts Hacked in Months-Long “Automated” Attack

Attacks, Malware

In response to the attack, Chick-fil-A forced customers to reset passwords, froze funds loaded into accounts, and removed any stored payment information from accounts. Chick-fil-A also states that they restored Chick-fil-A One account balances and added rewards to impacted accounts as a way of apologizing. As the accounts were breached using credentials exposed in other data breaches, impacted users must change their passwords at all sites they frequent, especially if they use the same Chick-fil-A…

Read More
03 Mar

Hatch Bank Suffers Data Breach After Third Party Vulnerability Exploited

Attacks, Malware

Hatch Bank has offered to provide free access to credit monitoring services for 12 months to any affected individuals. This attack is just one example of an incident involving a third-party service. Whenever an organization is looking to do business with a third-party company, they should go through their own security audit of the company before signing a contract. This can include paying for a penetration test or requesting recent penetration test results, as well…

Read More
03 Mar

Chinese Threat Actor Deploying New Custom “MQsTTang” Backdoor to Evade Detection

Attacks, Malware

The Message Queuing Telemetry Transport (MQTT) protocol is a protocol that is known as the standard for IoT messaging and occurs over port 1883. As IoT devices become more and more prevalent in an environment, this typically opens a greater number of potential vulnerabilities to be exploited as IoT devices are often more insecure. From an organizational standpoint, the best way to protect against this campaign would be to limit IoT devices in the environment…

Read More
03 Mar

HPE to acquire Axis Security to deliver a unified SASE offering

Data Breaches, Malware, Social Engineering

Hewlett Packard Enterprise has agreed to buy cloud security services provider Axis Security, its third acquistion since January, to deliver a unified secure access service edge (SASE) offering. The acquisition is aimed at incorporating the Axis security service edge (SSE) platform into HPE’s edge-to-cloud network security capabilities with to deliver integrated networking and security solutions as-a-service. SSE is considered a subset of the broader SASE framework. “As we transition from a post-pandemic world, and a…

Read More
03 Mar

Thousands of Websites Hijacked Using Compromised FTP Credentials

Information, News

Cloud security startup Wiz warns of a widespread redirection campaign in which thousands of websites targeting East Asian audiences have been compromised using legitimate FTP credentials. In many cases, the attackers managed to obtain highly secure auto-generated FTP credentials, and used them to hijack the victim websites to redirect visitors to adult-themed content. Likely ongoing since September 2022, the campaign has resulted in the compromise of at least 10,000 websites, many owned by small companies…

Read More