CyberSecurity Updates

16 Feb

S3 Ep122: Stop calling every breach “sophisticated”! [Audio + Text]

Information

by Paul Ducklin CAN WE STOP WITH THE “SOPHISTICATED” ALREADY? The birth of ENIAC. A “sophisticated attack” (someone got phished). A cryptographic hack enabled by a security warning. Valentine’s Day Patch Tuesday. Apple closes spyware-sized 0-day hole. Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple…

Read More
16 Feb

Malware authors leverage more attack techniques that enable lateral movement

Data Breaches, Malware, Social Engineering

A new study of over a half-million malware samples collected from various sources in 2022 revealed that attackers put a high value on lateral movement, incorporating more techniques that would allow them to spread through corporate networks. Several of the most prevalent tactics, as defined by the MITRE ATT&CK framework, that were identified in the dataset aid lateral movement, including three new ones that rose into the top 10. “An increase in the prevalence of…

Read More
16 Feb

Havoc Post Exploitation Framework Observed in the Wild

Attacks, Malware

Here are some recommendations on how to defend against Havoc: Keep software up to date: As with Cobalt Strike, keeping your software up to date is essential in defending against Havoc. This includes both operating systems and software applications. Use strong authentication: Implement strong authentication methods to prevent unauthorized access to your systems, and use unique and strong passwords for all accounts. Monitor network traffic: Monitor your network traffic for any unusual activity, such as…

Read More
16 Feb

Hackers Using Google Ads to Spread FatalRAT Malware Disguised as Popular Apps

Attacks, Malware

Malicious Google Ads are becoming popular among threat actors as an infection vector for malware. Due to this, it is highly recommended to use an adblocker software when performing Google searches, particularly when searching for popular applications like Chrome or Telegram. This can help prevent a user from accidentally clicking on one of these malicious advertisement websites as opposed to the software’s legitimate site. Likewise, it is important to always double-check the URL of a…

Read More
16 Feb

Russian Hacker Convicted of $90 Million Hack-to-Trade Charges

Attacks, Malware

Global joint law enforcement cooperation has been the key to taking down cyber criminals. Often operating out of several countries, threat actors are being exposed more and more due global cooperation among law enforcement. The director of the FBI stated in August 2022, that cyber threat actors have become a top priority for the FBI and other law enforcement partners. The director stated cooperation was the key to success, “We must impose consequences on cyber…

Read More
16 Feb

CISA Releases Fifteen Industrial Control Systems Advisories

Attacks, Insights, Malware

Original release date: February 16, 2023 CISA released fifteen (15) Industrial Control Systems (ICS) advisories on February 16, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-23-047-01 Siemens Solid Edge ICSA-23-047-02 Siemens SCALANCE X-200 IRT ICSA-23-047-03 Siemens Brownfield Connectivity Client ICSA-23-047-04 Siemens Brownfield Connectivity Gateway ICSA-23-047-05 Siemens SiPass integrated AC5102/ACC-G2 and…

Read More
16 Feb

Published XIoT Vulnerabilities Trend Down, but Vigilance Must Remain High: Report

Information, News

Published XIoT vulnerabilities are trending down and have been since 2021. At the same time, the percentage of vulnerabilities published by the device manufacturer rather than third-party researchers is trending up. The clear implication is device manufacturers are taking greater responsibility for the security of their own devices. The reason is probably twofold: government pressure and commercial reality. The introduction of SBOM’s has focused manufacturers’ attention on the software make-up of their devices, while the…

Read More
16 Feb

Evolving cyberattacks, alert fatigue creating DFIR burnout, regulatory risk

Data Breaches, Malware, Social Engineering

The evolution of cybercrime is weighing heavily on digital forensics and incident response (DFIR) teams, leading to significant burnout and potential regulatory risk. That’s according to the 2023 State of Enterprise DFIR survey by Magnet Forensics, a developer of digital investigation solutions. The firm surveyed 492 DFIR professionals in North America and Europe, the Middle East, and Africa working in organizations in industries such as technology, manufacturing, government, telecommunications, and healthcare. Respondents described the current…

Read More
16 Feb

BEC groups are using Google Translate to target high value victims

Data Breaches, Malware, Social Engineering

Abnormal Security has identified two groups that are using executive impersonation to execute Business Email Compromise (BEC) attacks on companies worldwide.  The first group, Midnight Hedgehog, engages in payment fraud, while the second group, Mandarin Capybara, executes payroll diversion attacks. Both groups have launched BEC campaigns in at least 13 different languages, including Danish, Dutch, Estonian, French, German, Hungarian, Italian, Norwegian, Polish, Portuguese, Spanish, and Swedish, the researchers noted. While attacking targets across various regions…

Read More
16 Feb

How automation in CSPM can improve cloud security

Data Breaches, Malware, Social Engineering

With the rapid growth and increasing complexity of cloud environments, organizations are increasingly at risk from various security threats. Cloud security posture management (CSPM) is a process that helps organizations continuously monitor, identify, and remediate security risks in the cloud. The use of automation in CSPM is crucial to ensuring the security and compliance of an organization’s cloud infrastructure. A key component of CSPM is the automation of its core tasks: continuous monitoring, remediation of…

Read More