CyberSecurity Updates

02 Feb

APT groups use ransomware TTPs as cover for intelligence gathering and sabotage

Data Breaches, Malware, Social Engineering

State-sponsored threat groups increasingly use ransomware-like attacks as cover to hide more insidious activities. Russian advanced persistent threat (APT) group Sandworm used ransomware programs to destroy data multiple times over the past six months while North Korea’s Lazarus group used infrastructure previously associated with a ransomware group for intelligence gathering campaigns. At the same time, some Chinese APTs that were traditionally targeting entities in Asia shifted their focus to European companies, while Iran-based groups that…

Read More
01 Feb

New “MITRE ATT&CK-like” framework outlines software supply chain attack TTPs

Data Breaches, Malware, Social Engineering

A new open framework has been launched to outline a comprehensive and actionable way for businesses and security teams to understand attacker behaviors and techniques specifically impacting the software supply chain. The Open Software Supply Chain Attack Reference (OSC&R) initiative, led by OX Security, evaluates software supply chain security threats, covering a wide range of attack vectors including vulnerabilities in third-party libraries and components, supply chain attacks on build and deployment systems, and compromised or…

Read More
01 Feb

New Chromebook Exploit Allows Users to Unenroll Managed Devices

Attacks, Malware

As Sh1mmer requires a USB in order to function, it is unlikely that an attacker is going to add this exploit to their toolkit. However, it is possible that an attacker may socially engineer a user into performing this exploit on their own device. From an organizational standpoint, however, the biggest risk comes from users unenrolling their devices on their own to bypass security restrictions, which would then leave their device vulnerable to further compromise.…

Read More
01 Feb

Potential KeePass Flaw Discovered Allowing Plaintext Vault Export

Attacks, Malware

This “vulnerability” is controversial from the perspective of KeePass and other information security practitioners. Both parties point out that a user’s failure to secure write access to the KeePass configuration file isn’t an inherent vulnerability with KeePass itself. Furthermore, if a threat actor is able to access a properly protected configuration file, the potential to steal the contents of the victims KeePass vault is nearly endless. For example, a threat actor could replace the KeePass…

Read More
01 Feb

Hackers Use New IceBreaker Malware to Breach Gaming Companies

Attacks, Malware

At this time, not much is known about the IceBreaker group, but Security Joes decided to publish a report on their findings and share all captured IoCs (indicators of compromise) to help defenders detect and tackle this threat. The researchers have published a technical report describing the threat actor’s modus operandi and how their backdoor works. YARA rules have also been published to help organizations detect the malware. Additionally, Security Joes recommends companies suspecting a…

Read More
01 Feb

ESET APT Activity Report T3 2022

Information

An overview of the activities of selected APT groups investigated and analyzed by ESET Research in T3 2022 ESET APT Activity Report T3 2022 summarizes the activities of selected advanced persistent threat (APT) groups that were observed, investigated, and analyzed by ESET researchers from September until the end of December 2022. In the monitored timespan, Russia-aligned APT groups continued to be particularly involved in operations targeting Ukraine, deploying destructive wipers and ransomware. Among many other…

Read More
01 Feb

VMware Releases Security Update for VMware vRealize Operations

Attacks, Insights, Malware

Original release date: February 1, 2023 VMware released a security update that addresses a cross-site request forgery bypass vulnerability affecting VMware vRealize Operations. A malicious user could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2023-0002 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Read More
01 Feb

JD Sports data breach affects 10 million customers

Attacks, Data Breaches

British sports clothing retailer JD Sports has reported a data breach that has affected more than 10 million customers. The retailer said on January 30 that the data breach occurred after a malicious party gained unauthorized access to a system containing customer data relating to orders placed between November 2018 and October 2020. This included orders from other JD Sports group companies including JD, Blacks, Size?, Scotts, Millets and MilletSport. JD Sports told the London…

Read More
01 Feb

Dutch, European Hospitals ‘Hit by Pro-Russian Hackers’

Information, News

Dutch cyber authorities said Wednesday that several hospital websites in the Netherlands and Europe were likely targeted by a pro-Kremlin hacking group because of their countries’ support for Ukraine. The UMCG hospital in the northern Dutch city of Groningen, one of the largest in the country, saw its website crash in a cyberattack on Saturday. “European hospitals including in the Netherlands have most likely been hit by the pro-Russian hacking group Killnet,” said the Dutch…

Read More
01 Feb

Misconfiguration and vulnerabilities biggest risks in cloud security: Report

Data Breaches, Malware, Social Engineering

The two biggest cloud security risks continue to be misconfigurations and vulnerabilities, which are being introduced in greater numbers through software supply chains, according to a report by Sysdig.  While zero trust is a top priority, data showed that least privilege access rights, an underpinning of zero trust architecture, are not properly enforced. Almost 90% of granted permissions are not used, which leaves many opportunities for attackers who steal credentials, the report noted.  The data…

Read More