CyberSecurity Updates

29 Oct

Updates to Apple’s zero-day update story – iPhone and iPad users read this!

Information

by Paul Ducklin Regular readers will know two things about our attitude to Apple’s security patches: We like to get them as soon as we can. Whether it’s a full version upgrade that also includes a bunch of security fixes, or a point release (one where the leftmost verion number doesn’t change) with the primary purpose of patching bugs rather than adding new features, we’d rather err on the side of applying known security fixes…

Read More
28 Oct

Apple Fixes Recently Disclosed Zero-day on Older iPhones, iPads

Attacks, Malware

Even though this zero-day was most likely only used in targeted attacks, it’s strongly suggested to patch even older devices as soon as possible to block potential attack attempts. The impacted devices include iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation). Apple disclosed the security flaw “may have been actively exploited” in the wild but…

Read More
28 Oct

Raspberry Robin Operators Selling Access To Companies

Attacks, Malware

This switch in tactics by the Clop threat group is not uncommon amongst these groups. Rapidly changing tactics and leveraging dark web Malware-as-a-Service (MaaS) offerings allows threat groups to infect companies at a faster rate since they do not have to wait on a successful phishing campaign. Illicit access is frequently brokered in the underground economy. To mitigate the risks of attacks similar to Raspberry Robin, a good rule amongst organizations is to never use…

Read More
28 Oct

CraneFly Hacking Group using Microsoft IIS Web Server Logs to Control Malware

Attacks, Malware

As time progresses, threat actors continue to discover novel ways to evade detection. Now that this technique has been discovered, it seems to be quite simple to detect; modify any preexisting IIS monitoring detections to search for keywords such as “wrde”, “exo”, and “cllo”. In this case, it may be better to search IIS log files being written to temp folders, since it would be relatively easy for malware operators to change these keywords. This…

Read More
28 Oct

Phishing attacks increase by over 31% in third quarter: Report

Data Breaches, Malware, Social Engineering

Email security and threat detection company Vade has found that phishing emails in the third quarter this year increased by more than 31% quarter on quarter, with the number of emails containing malware in the first three quarters surpassing the 2021 level by 55.8 million. Malware emails in the third quarter of 2022 alone increased by 217% compared to same period in 2021. Malware email volume peaked in July, reaching 19.2 million, before month-over-month declines…

Read More
28 Oct

Indianapolis Low-Income Housing Agency Hit by Ransomware

Information, News

The federal agency that provides low-income housing in Indianapolis is facing a ransomware attack that’s delayed its ability to send out rent payments to landlords, a top agency official says. All employees of the Indianapolis Housing Agency lost access to their email during the attack, which began weeks ago. That includes its executive director, Marcia Lewis, who lost access to her email for days but regained access to it Tuesday, The Indianapolis Star reported, citing…

Read More
28 Oct

Hacker steals US$1mn worth of crypto and NFTs 24 hours

Attacks, Data Breaches

A hacker known as Monkey Drainer has stolen US$1mn worth of Ethereum and NFTs in a hacking spree across just 24 hours. The hack was reported by Twitter user ZackXBT who describes themselves as a “crypto sleuth” and a “rug pull survivor turned 2D detective”. A rug pull is a scam which sees malicious actors pose as a legitimate cryptocurrency project to attract investors, only to ‘pull out’ of the project before it is completed,…

Read More
28 Oct

Twilio Says Employees Targeted in Separate Smishing, Vishing Attacks

Information, News

Enterprise communications firm Twilio has concluded its investigation into the recent data breach and revealed on Thursday that its employees were targeted in smishing and vishing attacks on two separate occasions. On August 7, Twilio revealed that it had detected unauthorized access to information related to customer accounts a few days earlier. A probe revealed that the breach was a result of an SMS phishing (smishing) attack targeting the company’s employees. At around the same…

Read More
28 Oct

Joint CISA FBI MS-ISAC Guide on Responding to DDoS Attacks and DDoS Guidance for Federal Agencies

Attacks, Insights, Malware

Original release date: October 28, 2022 CISA, the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have released Understanding and Responding to Distributed Denial-of-Service Attacks to provide organizations proactive steps to reduce the likelihood and impact of distributed denial-of-service (DDoS) attacks. The guidance is for both network defenders and leaders to help them understand and respond to DDoS attacks, which can cost an organization time, money, and reputational damage.…

Read More
28 Oct

VMware Releases Security Updates

Attacks, Insights, Malware

Original release date: October 28, 2022 VMware has released security updates to address multiple vulnerabilities in VMware Cloud Foundation. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2022-002 and apply the necessary updates and workarounds. This product is provided subject to this Notification and this Privacy & Use policy.

Read More