CyberSecurity Updates

12 Dec

Python, JavaScript Developers Targeted With Fake Packages Delivering Ransomware

Information, Malware, News

Phylum security researchers warn of a new software supply chain attack relying on typosquatting to target Python and JavaScript developers. On Friday, the researchers warned that a threat actor was typosquatting popular PyPI packages to direct developers to malicious dependencies containing code to download payloads written in Golang (Go). The purpose of the attack is to infect victims with ransomware variants designed to update the desktop background with a message impersonating the CIA and instructing…

Read More
12 Dec

14 lessons CISOs learned in 2022

Data Breaches, Malware, Social Engineering

We’re about to finish yet another erratic year, in which Elon Musk bought Twitter, Russia invaded Ukraine, and many workers returned to their offices. We also saw, for the first time, a security chief sentenced to prison for concealing a data breach. These events and many more have changed the business landscape and forced CISOs to steer a course through uncertain waters. “With the shifts in the cybersecurity landscape, 2022 has been a milestone year…

Read More
10 Dec

Video: Deep Dive on PIPEDREAM/Incontroller ICS Attack Framework

Information, News

In this session from SecurityWeek’s 2022 ICS Cybersecurity Conference, Mark Plemmons, Sr. Director for Threat Intelligence at Dragos, dives deep into the technical details and real-world impact on the modular ICS attack framework known as PIPEDREAM/Incontroller that can be used to disrupt and/or destruct devices in industrial environments. In April 2022, a joint advisory from the Department of Energy, CISA, NSA and the FBI warned that unidentified APT actors have created this suite of specialized…

Read More
10 Dec

Xenomorph: What to know about this Android banking trojan

Information

Xenomorph pilfers victims’ login credentials for banking, payment, social media, cryptocurrency and other apps with valuable data More than 50,000 Android devices were compromised with an Android banking trojan called Xenomorph earlier this year. First reported by ThreatFabric, Xenomorph posed as a system-optimizing app called “Fast Cleaner”. Disguising malicious software as device optimizers, battery- or performance-enhancing and other utility tools is a rather common tactic for dangerous Android malware. Xenomorph is after people’s login credentials for banking, payment,…

Read More
10 Dec

Diamond industry under attack – Week in security with Tony Anscombe

Information

ESET researchers uncover a new wiper and its execution tool, both attributed to the Iran-aligned Agrius APT group This week, ESET researchers published their findings about a new wiper, Agrius, and its execution tool, Sandals, both attributed to the Iran-aligned Agrius APT group. The researchers discovered the malicious tool while analyzing a supply-chain attack that abused an Israeli software developer. The attack probably targeted the company’s software updating mechanisms in order to deploy the wiper…

Read More
10 Dec

S3 Ep112: Data breaches can haunt you more than once! [Audio + Text]

Information, Malware

by Paul Ducklin DATA BREACHES – THE STING IN THE TAIL Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL of our RSS feed into your favourite podcatcher. READ…

Read More
09 Dec

Hacked Corporate Email Accounts Used to Send MSP Remote Access Tool

Attacks, Malware

MuddyWater has been seen using sophisticated techniques to compromise organizations in the past. However, in this campaign, they are using a freely available tool and relatively unsophisticated tactics. This campaign demonstrates the rise of phishing and the use of legitimate remote access tools to compromise organizations, which is relying primarily on the human behind the screen being vulnerable. To protect against attacks such as this, organizations should actively employ an email monitoring solution as well…

Read More
09 Dec

Cisco Discloses High-Severity IP Phone Bug with Exploit Code

Attacks, Malware

While a security update to address CVE-2022-20968 is not yet available, Cisco provides mitigation advice for administrators who want to secure vulnerable devices in their environment from potential attacks. This requires disabling the Cisco Discovery Protocol on affected IP Phone 7800 and 8800 Series devices that also support Link Layer Discovery Protocol (LLDP) for neighbor discovery. “Devices will then use LLDP for the discovery of configuration data such as voice VLAN, power negotiation, and so…

Read More
09 Dec

HR and Payroll Company Discloses Data Breach

Attacks, Malware

The company has offered identity protection services to anyone impacted in the breach. Sequoia declined to comment on the amount of victims it has offered identity protection services too. Anyone that has been notified that they may have been a victim of this breach should sign up for the free monitoring service being offered by Sequoia and go through credit reports to make sure nothing was created in between the time of breach and notification.…

Read More
09 Dec

Cisco Releases Security Advisory for IP Phone 7800 and 8800 Series

Attacks, Insights, Malware

Original release date: December 9, 2022 Cisco released a security advisory for a vulnerability affecting IP Phone 7800 and 8800 Series. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. For more information, see the Cisco Security Advisories page. CISA encourages users and administrators to review Cisco IP Phone 7800 and 8800 Series Cisco Discovery Protocol Stack Overflow Vulnerability and apply the necessary updates. This product is provided subject to this Notification and…

Read More