CyberSecurity Updates

25 Jul

Building cyber-resilience: Lessons learned from the CrowdStrike incident

Information

Digital Security Organizations, including those that weren’t struck by the CrowdStrike incident, should resist the temptation to attribute the IT meltdown to exceptional circumstances Tony Anscombe 23 Jul 2024  •  , 3 min. read As the dust settles on the cyber-incident caused by CrowdStrike releasing a corrupted update, many businesses will, or should, conduct a thorough post-mortem on how the incident affected their business and what could be done differently going forward. For most critical…

Read More
25 Jul

FBI, CISA, and Partners Release Advisory Highlighting North Korean Cyber Espionage Activity

Attacks, Insights, Malware

Today, CISA—in partnership with the Federal Bureau of Investigation (FBI)—released a joint Cybersecurity Advisory, North Korea State-Sponsored Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs. The advisory was coauthored with the following organizations: U.S. Cyber National Mission Force (CNMF); U.S. Department of Defense Cyber Crime Center (DC3); U.S. National Security Agency (NSA); Republic of Korea’s National Intelligence Service (NIS); Republic of Korea’s National Police Agency (NPA); and United Kingdom’s National Cyber…

Read More
24 Jul

Cursed tapes: Exploiting the EvilVideo vulnerability on Telegram for Android

Information

ESET Research ESET researchers discovered a zero-day Telegram for Android exploit that allows sending malicious files disguised as videos Lukas Stefanko 22 Jul 2024  •  , 6 min. read ESET researchers discovered a zero-day exploit that targets Telegram for Android, which appeared for sale for an unspecified price in an underground forum post from June 6th, 2024. Using the exploit to abuse a vulnerability that we named EvilVideo, attackers could share malicious Android payloads via…

Read More
23 Jul

Phish-Friendly Domain Registry “.top” Put on Notice

Information, Insights

The Chinese company in charge of handing out domain names ending in “.top” has been given until mid-August 2024 to show that it has put in place systems for managing phishing reports and suspending abusive domains, or else forfeit its license to sell domains. The warning comes amid the release of new findings that .top was the most common suffix in phishing websites over the past year, second only to domains ending in “.com.” Image:…

Read More
22 Jul

How adware exposed victims to kernel-level threats – Week in Security with Tony Anscombe

Information

Video A purported ad blocker marketed as a security solution leverages a Microsoft-signed driver that inadvertently exposes victims to dangerous threats 21 Jul 2024 This week, ESET researchers have released their findings about HotPage, a browser injector that leverages a driver developed by a Chinese company and signed by Microsoft. The malware masquerades as an “Internet café security solution” with ad-blocking capabilities. In reality, however, it displays game-related ads and can modify or replace the…

Read More
20 Jul

HotPage: Story of a signed, vulnerable, ad-injecting driver

Information

Malware research involves studying threat actor TTPs, mapping infrastructure, analyzing novel techniques… And while most of these investigations build on existing research, sometimes they start from a hunch, something that looks too simple. At the end of 2023, we stumbled upon an installer named HotPage.exe that deploys a driver capable of injecting code into remote processes, and two libraries capable of intercepting and tampering with browsers’ network traffic. The malware can modify or replace the…

Read More
20 Jul

The complexities of cybersecurity update processes

Information

Digital Security If a software update process fails, it can lead to catastrophic consequences, as seen today with widespread blue screens of death blamed on a bad update by CrowdStrike Tony Anscombe 19 Jul 2024  •  , 2 min. read Cybersecurity is often about speed; a threat actor creates a malicious attack technique or code, cybersecurity companies react to the new threat and if necessary, adjust and adopt methods to detect the threat. That adoption…

Read More
20 Jul

Beyond the blue screen of death: Why software updates matter

Information

Digital Security The widespread IT outages triggered by a faulty CrowdStrike update have put software updates in the spotlight. Here’s why you shouldn’t dread them. 19 Jul 2024  •  , 3 min. read In the realm of computing, few things are as unsettling as encountering a blue screen of death (BSOD) on your Windows system. The ominous screen with its cryptic error messages invokes a mix of alarm and frustration even among many seasoned technology…

Read More
19 Jul

Global Microsoft Meltdown Tied to Bad Crowdstrike Update

Information, Insights

A faulty software update from cybersecurity vendor Crowdstrike crippled countless Microsoft Windows computers across the globe today, disrupting everything from airline travel and financial institutions to hospitals and businesses online. Crowdstrike said a fix has been deployed, but experts say the recovery from this outage could take some time, as Crowdstrike’s solution needs to be applied manually on a per-machine basis. A photo taken at San Jose International Airport today shows the dreaded Microsoft “Blue…

Read More
19 Jul

Widespread IT Outage Due to CrowdStrike Update

Attacks, Insights, Malware

Note: CISA will update this Alert with more information as it becomes available. Update 7:30 p.m., EDT, July 19, 2024:  The CrowdStrike guidance is updated with additional guidance regarding impacts to specific environments, e.g., Azure, AWS.  For additional information: Update from the United Kingdom’s National Cyber Security Centre (NCSC-UK) Update from the Australian Cyber Security Centre (ACSC) Update from the Canadian Centre for Cyber Security (CCCS) Threat actors continue to use the widespread IT outage for phishing…

Read More