CyberSecurity Updates

01 Nov

Month in security with Tony Anscombe – October 2024 edition

Information

Video Election interference, American Water and the Internet Archive breaches, new cybersecurity laws, and more – October saw no shortage of impactful cybersecurity news stories 31 Oct 2024 With so much happening in the world of cybersecurity, staying on top of threats, breaches, scams, and industry insights can feel like a full-time job. So, let us do the legwork for you. Each month, ESET’s Chief Security Evangelist Tony Anscombe will bring you a roundup of…

Read More
31 Oct

Don’t become a statistic: Tips to help keep your personal data off the dark web

Information

Cybercrime You may not always stop your personal information from ending up in the internet’s dark recesses, but you can take steps to protect yourself from criminals looking to exploit it Phil Muncaster 29 Oct 2024  •  , 6 min. read How did 44% members of the European Parliament (MEPs) and 68% of British MPs let their personal details end up circulating on the dark web? The answer is simpler and possibly more alarming than…

Read More
31 Oct

Foreign Threat Actor Conducting Large-Scale Spear-Phishing Campaign with RDP Attachments

Attacks, Insights, Malware

CISA has received multiple reports of a large-scale spear-phishing campaign targeting organizations in several sectors, including government and information technology (IT). The foreign threat actor, often posing as a trusted entity, is sending spear-phishing emails containing malicious remote desktop protocol (RDP) files to targeted organizations to connect to and access files stored on the target’s network. Once access has been gained, the threat actor may pursue additional activity, such as deploying malicious code to achieve…

Read More
30 Oct

CloudScout: Evasive Panda scouting cloud services

Information

In this blogpost, we provide a technical analysis of CloudScout, a post-compromise toolset used by Evasive Panda to target a government entity and a religious organization in Taiwan from 2022 to 2023. The CloudScout toolset is capable of retrieving data from various cloud services by leveraging stolen web session cookies. Through a plugin, CloudScout works seamlessly with MgBot, Evasive Panda’s signature malware framework. Key points of this blogpost: The CloudScout toolset was detected in Taiwan,…

Read More
30 Oct

Tony Fadell: Innovating to save our planet | Starmus highlights

Information

We Live Science As methane emissions come under heightened global scrutiny, learn how a state-of-the-art satellite can pinpoint their sources and deliver the insights needed for targeted mitigation efforts 28 Oct 2024 While carbon dioxide typically takes center stage in discussions about climate change, methane emissions have historically flown somewhat under the radar. So what’s the real story with methane and how exactly do the emissions of this powerful greenhouse gas accelerate climate change? Increased…

Read More
30 Oct

Change Healthcare Breach Hits 100M Americans

Data Breaches, Information, Insights

Change Healthcare says it has notified approximately 100 million Americans that their personal, financial and healthcare records may have been stolen in a February 2024 ransomware attack that caused the largest ever known data breach of protected health information. Image: Tamer Tuncay, Shutterstock.com. A ransomware attack at Change Healthcare in the third week of February quickly spawned disruptions across the U.S. healthcare system that reverberated for months, thanks to the company’s central role in processing…

Read More
30 Oct

Fortinet Updates Guidance and Indicators of Compromise following FortiManager Vulnerability Exploitation

Attacks, Insights, Malware

Fortinet has updated their security advisory addressing a critical FortiManager vulnerability (CVE-2024-47575) to include additional workarounds and indicators of compromise (IOCs). A remote, unauthenticated cyber threat actor could exploit this vulnerability to gain access to sensitive files or take control of an affected system. At this time, all patches have been released. CISA previously added this vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation, as confirmed by Fortinet. CISA strongly encourages users…

Read More
29 Oct

JCDC’s Industry-Government Collaboration Speeds Mitigation of CrowdStrike IT Outage

Attacks, Insights, Malware

CISA, through the Joint Cyber Defense Collaborative (JCDC), enabled swift, coordinated response and information sharing in the wake of a significant IT outage caused by a CrowdStrike software update. This outage, which impacted government, critical infrastructure, and industry across the globe, led to disruptions in essential services, including air travel, healthcare, and financial operations. Leveraging its unique ability to bring together public and private sector partners, JCDC facilitated virtual engagements with over 1,000 federal agency…

Read More
25 Oct

Embargo ransomware: Rock’n’Rust

Information

ESET researchers have discovered new Rust-based tooling leading to the deployment of Embargo ransomware. Embargo is a relatively new player in the ransomware scene, first observed by ESET in June 2024. The new toolkit consists of a loader and an EDR killer, named MDeployer and MS4Killer respectively by ESET. MS4Killer is particularly noteworthy as it is custom compiled for each victim’s environment, targeting only selected security solutions. Both tools are written in Rust, the Embargo…

Read More
25 Oct

ESET Research Podcast: CosmicBeetle

Information

ESET Research Learn how a rather clumsy cybercrime group wielding buggy malicious tools managed to compromise a number of SMBs in various parts of the world ESET Research 24 Oct 2024  •  , 1 min. read Some cybercriminal groups are sophisticated, create advanced schemes, cooperate with other attackers and do everything to stay under the radar. Then there are threat actors like CosmicBeetle – they lack the necessary skills set, write crude malware, yet still…

Read More