CyberSecurity Updates

24 May

Introducing Nimfilt: A reverse-engineering tool for Nim-compiled binaries

Information

ESET Research Available as both an IDA plugin and a Python script, Nimfilt helps to reverse engineer binaries compiled with the Nim programming language compiler by demangling package and function names, and applying structs to strings 23 May 2024  •  , 6 min. read The Nim programming language has become increasingly attractive to malware developers due to its robust compiler and its ability to work easily with other languages. Nim’s compiler can compile Nim to…

Read More
24 May

Cisco Releases May 2024 Cisco ASA, FMC, and FTD Software Security Publication

Attacks, Insights, Malware

Cisco released a bundled publication for security advisories that address vulnerabilities in Cisco Adaptive Security Appliance (ASA), Firepower Management Center (FMC), and Firepower Threat Defense (FTD) software. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. Users and administrators are encouraged to review the following publication and apply necessary updates: Cisco Event Response: May 2024 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication

Read More
23 May

Stark Industries Solutions: An Iron Hammer in the Cloud

Information, Insights

The homepage of Stark Industries Solutions. Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government and commercial targets in Ukraine and Europe. An investigation into Stark Industries reveals it is being used as a global proxy network that conceals the true source of cyberattacks and disinformation campaigns against enemies of…

Read More
22 May

Untangling the hiring dilemma: How security solutions free up HR processes

Information

Business Security The prerequisites for becoming a security elite create a skills ceiling that is tough to break through – especially when it comes to hiring skilled EDR or XDR operators. How can businesses crack this conundrum? Márk Szabó 21 May 2024  •  , 4 min. read Human resource professionals know that the market price for a skilled operator can go beyond what a company would want to allocate for such a hire. Simply, HR…

Read More
22 May

Check Your Wallet? How Mobile Driver’s Licenses are Changing Online Transactions

Insights

Can you recall the last time you opened a bank account? It’s likely you walked into a local bank branch and spoke to a representative who asked for your driver’s license and social security card to verify your identity. Now imagine you want to create a bank account online. The process is likely similar—type in your social security number, take a picture of your driver’s license, and submit both to the bank via their webpage.…

Read More
21 May

Why Your Wi-Fi Router Doubles as an Apple AirTag

Information, Insights

Image: Shutterstock. Apple and the satellite-based broadband service Starlink each recently took steps to address new research into the potential security and privacy implications of how their services geo-locate devices. Researchers from the University of Maryland say they relied on publicly available data from Apple to track the location of billions of devices globally — including non-Apple devices like Starlink systems — and found they could use this data to monitor the destruction of Gaza,…

Read More
21 May

Rockwell Automation Encourages Customers to Assess and Secure Public-Internet-Exposed Assets

Attacks, Insights, Malware

Rockwell Automation has released guidance encouraging users to remove connectivity on all Industrial Control Systems (ICS) devices connected to the public-facing internet to reduce exposure to unauthorized or malicious cyber activity.  Users and administrators are encouraged review the following Rockwell Automation notice for more information:  SD1672: Rockwell Automation Reiterates Customer Guidance to Disconnect Devices from the Internet to Protect from Cyber Threats 

Read More
18 May

The who, where, and how of APT attacks – Week in security with Tony Anscombe

Information

Video This week, ESET experts released several research publications that shine the spotlight on a number of notable campaigns and broader developments on the threat landscape 17 May 2024 This week, ESET experts released several research publications that shone the spotlight on a number of notable attacks and broader developments on the threat landscape. First, their new APT Activity Report reviewed the key aspects of sophisticated attacks as investigated by ESET researchers from October 2023…

Read More
17 May

To the Moon and back(doors): Lunar landing in diplomatic missions

Information

ESET researchers discovered two previously unknown backdoors – which we named LunarWeb and LunarMail – compromising a European ministry of foreign affairs (MFA) and its diplomatic missions abroad. We believe that the Lunar toolset has been used since at least 2020 and, given the similarities between the tools’ tactics, techniques, and procedures (TTPs) and past activities, we attribute these compromises to the infamous Russia-aligned cyberespionage group Turla, with medium confidence. We recently presented our insights…

Read More
16 May

Ebury is alive but unseen: 400k Linux servers compromised for cryptocurrency theft and financial gain

Information

ESET Research One of the most advanced server-side malware campaigns is still growing, with hundreds of thousands of compromised servers, and it has diversified to include credit card and cryptocurrency theft Marc-Etienne M.Léveillé 14 May 2024  •  , 3 min. read Ten years ago we raised awareness of Ebury by publishing a white paper we called Operation Windigo, which documented a campaign that leveraged Linux malware for financial gain. Today we publish a follow-up paper…

Read More