CyberSecurity Updates

13 Dec

New Python-Based Backdoor Targeting VMware ESXi Servers

Information, Malware, News

Security researchers with Juniper Networks’ Threat Labs warn of a new Python-based backdoor targeting VMware ESXi virtualization servers. The targeted servers were impacted by known security defects (such as CVE-2019-5544 and CVE-2020-3992) that were likely used for initial compromise, but what caught the researchers’ attention was the simplicity, persistence, and capabilities of the deployed backdoor. As part of the attack, the threat actor modified a total of four files on the target, which the system…

Read More
13 Dec

Are robots too insecure for lethal use by law enforcement?

Data Breaches, Malware, Social Engineering

In late November, the San Francisco Board of Supervisors voted 8-3 to give the police the option to launch potentially lethal, remote-controlled robots in emergencies, creating an international outcry over law enforcement use of “killer robots.” The San Francisco Police Department (SFPD), which was behind the proposal, said they would deploy robots equipped with explosive charges “to contact, incapacitate, or disorient violent, armed, or dangerous suspects” only when lives are at stake. Missing from the…

Read More
12 Dec

Fortinet Releases Security Updates for FortiOS

Attacks, Insights, Malware

Original release date: December 12, 2022 Fortinet has released security updates to address a heap-based buffer overflow vulnerability (CVE-2022-42475) in FortiOS. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability has been exploited in the wild.  CISA encourages users and administrators to review Fortinet security advisory FG-IR-22-368, apply the necessary updates, and validate systems against the IOCs listed in the advisory.  This product is provided subject to this Notification…

Read More
12 Dec

Clop Ransomware Uses TrueBot Malware for Access to Networks

Attacks, Malware

Organizations should also initiate proactive measures to ensure they are protected from ransomware. To protect against ransomware attacks, organizations should:• Regularly back up data, air gap, and password protect backup copies offline.• Ensure copies of critical data are not accessible for modification or deletion from the system where the data resides.• Implement network segmentation.• Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate,…

Read More
12 Dec

IcedID Malware Distributed from Fake Zoom Installation Website

Attacks, Malware

As of December 12th, the malicious website was still active and serving malware installation files. Binary Defense analysts noted that the malware installation program, named “ZoomInstallerFull.exe” drops a legitimate, signed copy of the real Zoom software installer as a Microsoft Installer package file named “ikm.msi” and installs it. It also drops a malicious DLL file named “ikm.aaa” and runs it via rundll32.exe. The DLL file was identified as IcedID. The Command and Control (C2) server…

Read More
12 Dec

Australia’s Largest Telecom Company Leaks Unlisted Customer Data

Attacks, Malware

Telstra will likely restructure their security strategy. They should consider adopting a defense-in-depth strategy in the future. Customers of Telstra should be aware of the increased likelihood that they will be targeted in phishing attacks. Messages from unknown senders should be approached with caution and attachments should not be interacted with unless they can be verified. https://www.bankinfosecurity.com/australian-telecom-firm-leaks-data-130000-customers-a-20681?&web_view=true

Read More
12 Dec

Python, JavaScript Developers Targeted With Fake Packages Delivering Ransomware

Information, Malware, News

Phylum security researchers warn of a new software supply chain attack relying on typosquatting to target Python and JavaScript developers. On Friday, the researchers warned that a threat actor was typosquatting popular PyPI packages to direct developers to malicious dependencies containing code to download payloads written in Golang (Go). The purpose of the attack is to infect victims with ransomware variants designed to update the desktop background with a message impersonating the CIA and instructing…

Read More
12 Dec

14 lessons CISOs learned in 2022

Data Breaches, Malware, Social Engineering

We’re about to finish yet another erratic year, in which Elon Musk bought Twitter, Russia invaded Ukraine, and many workers returned to their offices. We also saw, for the first time, a security chief sentenced to prison for concealing a data breach. These events and many more have changed the business landscape and forced CISOs to steer a course through uncertain waters. “With the shifts in the cybersecurity landscape, 2022 has been a milestone year…

Read More
10 Dec

Video: Deep Dive on PIPEDREAM/Incontroller ICS Attack Framework

Information, News

In this session from SecurityWeek’s 2022 ICS Cybersecurity Conference, Mark Plemmons, Sr. Director for Threat Intelligence at Dragos, dives deep into the technical details and real-world impact on the modular ICS attack framework known as PIPEDREAM/Incontroller that can be used to disrupt and/or destruct devices in industrial environments. In April 2022, a joint advisory from the Department of Energy, CISA, NSA and the FBI warned that unidentified APT actors have created this suite of specialized…

Read More
10 Dec

Xenomorph: What to know about this Android banking trojan

Information

Xenomorph pilfers victims’ login credentials for banking, payment, social media, cryptocurrency and other apps with valuable data More than 50,000 Android devices were compromised with an Android banking trojan called Xenomorph earlier this year. First reported by ThreatFabric, Xenomorph posed as a system-optimizing app called “Fast Cleaner”. Disguising malicious software as device optimizers, battery- or performance-enhancing and other utility tools is a rather common tactic for dangerous Android malware. Xenomorph is after people’s login credentials for banking, payment,…

Read More