83 matches found
Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure
Summary Actions critical infrastructure organizations should implement to immediately protect against Russian state-sponsored and criminal cyber threats: • Patch all systems. Prioritize patching known exploited vulnerabilities. • Enforce multifactor authentication. • Secure and monitor Remote...
Cyberattacks Rage in Ukraine, Support Military Operations
Cyberattacks against Ukraine have been used strategically to support ground campaigns, with five state-sponsored advanced persistent threat APT groups behind attacks that began in February. According to research published by Microsoft on Wednesday, the APTs involved in the campaigns are...
Millions of Java Apps Remain Vulnerable to Log4Shell
Four months after the discovery of the zero-day Log4Shell critical flaw, millions of Java applications still remain vulnerable to compromise, researchers have found. Rezilion expected that due to the “massive amount of media coverage” the bug unsurprisingly received, the majority of applications...
Qualys Multi-Vector EDR Excels in 2022 MITRE ATT&CK Evaluation
MITRE evaluated Qualys Multi-Vector EDR against competing alternatives, and the results are in. This blog reviews the basics of MITRE ATT&CK evaluation, how our EDR solution performed, and how to interpret the ratings. MITRE Engenuity has released the results of round 4 of its ATT&CK Evaluations...
Russian Ransomware Gang Retool Custom Hacking Tools of Other APT Groups
A Russian-speaking ransomware outfit likely targeted an unnamed entity in the gambling and gaming sector in Europe and Central America by repurposing custom tools developed by other APT groups like Iran's MuddyWater, new research has found. The unusual attack chain involved the abuse of stolen...
Iranian linked conglomerate MuddyWater comprised of regionally focused subgroups
By Asheer Malhotra, Vitor Ventura and Arnaud Zobec. Cisco Talos has observed new cyber attacks targeting Turkey and other Asian countries we believe with high confidence are from groups operating under the MuddyWater umbrella of APT groups. U.S. Cyber Command recently connected MuddyWater to...
APT Groups Target Healthcare and Essential Services
Summary This is a joint alert from the United States Department of Homeland Security DHS Cybersecurity and Infrastructure Security Agency CISA and the United Kingdom’s National Cyber Security Centre NCSC. CISA and NCSC continue to see indications that advanced persistent threat APT groups are...
Update on WhisperGate, Destructive Malware Targeting Ukraine – Threat Intelligence & Protections Update
Update on WhisperGate, Destructive Malware Targeting Ukraine – Threat Intelligence & Protections Update By Taylor Mullins, Mo Cashman and Raj Samani · January 20, 2022 Recent news reports of a “ransomware” campaign targeting Ukraine has resulted in significant press coverage regarding not only...
Update on WhisperGate, Destructive Malware Targeting Ukraine – Threat Intelligence & Protections Update
Update on WhisperGate, Destructive Malware Targeting Ukraine – Threat Intelligence & Protections Update By Taylor Mullins, Mo Cashman and Raj Samani · January 20, 2022 Recent news reports of a “ransomware” campaign targeting Ukraine has resulted in significant press coverage regarding not only...
Zoho ManageEngine Desktop Central affected by critical vulnerability
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. Zoho has patched a critical vulnerability CVE-2021-44757 in Desktop Central and Desktop Central MSP which are unified endpoint management UEM solutions. A security vulnerability exists in the Desktop Central and Desktop...
Log4Shell Exploit Detection and Response with Qualys Multi-Vector EDR
Author: Hiep Dang & Malware Threat Research Team On Dec 9, 2021, the world first learned about the Log4Shell vulnerability aka Log4J CVE-2021-44228 found in the Log4j2 library commonly used by Java applications. Since then, everyone in the cybersecurity industry has been scrambling to understand...
Researches Detail 17 Malicious Frameworks Used to Attack Air-Gapped Networks
Four different malicious frameworks designed to attack air-gapped networks were detected in the first half of 2020 alone, bringing the total number of such toolkits to 17 and offering adversaries a pathway to cyber espionage and exfiltrate classified information. "All frameworks are designed to...
Hackers Increasingly Using RTF Template Injection Technique in Phishing Attacks
Three different state-sponsored threat actors aligned with China, India, and Russia have been observed adopting a new method called RTF aka Rich Text Format template injection as part of their phishing campaigns to deliver malware to targeted systems. "RTF template injection is a novel technique...
What Avengers Movies Can Teach Us About Cybersecurity
Marvel has been entertaining us for the last 20 years. We have seen gods, super-soldiers, magicians, and other irradiated heroes fight baddies at galactic scales. The eternal fight of good versus evil. A little bit like in cybersecurity, goods guys fighting cybercriminals. If we choose to go with...
FBI issues flash alert after APT groups exploited VPN flaws
By Waqas With this; FatPipe joins the list of VPN providers that have faced a similar situation in the past, including Fortinet, Cisco, Pulse Secure, and Citrix. This is a post from HackRead.com Read the original post: FBI issues flash alert after APT groups exploited VPN flaws...
'Lone Wolf' Hacker Group Targeting Afghanistan and India with Commodity RATs
A new malware campaign targeting Afghanistan and India is exploiting a now-patched, 20-year-old flaw affecting Microsoft Office to deploy an array of commodity remote access trojans RATs that allow the adversary to gain complete control over the compromised endpoints. Cisco Talos attributed the...
Podcast: Could the Zoho Flaw Trigger SolarWinds 2.0?
A month ago, the FBI, CISA and the U.S. Coast Guard Cyber Command CGCYBER warned that state-backed advanced persistent threat APT actors are likely among those who’d been actively exploiting a critical flaw in a Zoho-owned single sign-on and password management tool since early August. At issue w...
A week in security (Sept 13 – Sept 19)
Last week on Malwarebytes Labs Why backups aren’t a “silver bullet” against ransomware, with Matt Crape: Lock and Code S02E17 The many tentacles of Magecart Group 8 Apple releases emergency update: Patch, but don’t panic Update now! Google Chrome fixes two in-the-wild zero-days Parts of the Dark...
Winning the Cyber-Defense Race: Understand the Finish Line
If you ask organizations about their top objectives, you will likely hear they need to increase visibility, reduce toolsets and adopt automation to counteract the cybersecurity skills gap. And what most don’t realize is that these initiatives are driven by hurdles the industry has created for...
Cobalt Strike Usage Explodes Among Cybercrooks
The use of Cobalt Strike – the legitimate, commercially available tool used by network penetration testers – by cybercrooks has shot through the roof, according to Proofpoint researchers, who say that the tool has now “gone fully mainstream in the crimeware world.” The researchers have tracked a...