PATCH Archives - Page 74 of 76 - Cybersecurity News Everyday

Threat Research

Chaos is a Go-based Swiss army knife of malware – Lumen

September 28, 2022May 24, 2024 Lumen-BlackLotus

Executive Summary

The prevalence of malware written in Go programming language has increased dramatically in recent years due to its flexibility, low antivirus detection rates and difficulty to reverse-engineer. Black Lotus Labs, the threat intelligence arm of Lumen Technologies, recently uncovered a multifunctional Go-based malware that was developed for both Windows and Linux, as well as a wide array of software architectures used in devices ranging from small office/home office (SOHO) routers to enterprise servers.…

Threat Research

Revealing Emperor Dragonfly: Night Sky and Cheerscrypt – A Single Ransomware Group – Sygnia

September 26, 2022May 24, 2024 Securonix

Key Takeaways

Sygnia recently investigated a Cheerscrypt ransomware attack which utilized Night Sky ransomware TTPs. Further analysis revealed that Cheerscrypt and Night Sky are both rebrands of the same threat group, dubbed ‘Emperor Dragonfly’ by Sygnia.

‘Emperor Dragonfly’ (A.K.A. DEV-0401 / BRONZE STARLIGHT) deployed open-source tools that were written by Chinese developers for Chinese users.…

Threat Research

WARNING: NEW ATTACK CAMPAIGN UTILIZED A NEW 0-DAY RCE VULNERABILITY ON MICROSOFT EXCHANGE SERVER

September 23, 2022May 24, 2024 Securonix

Circa the beginning of August 2022, while doing security monitoring & incident response services, GTSC SOC team discovered that a critical infrastructure was being attacked, specifically to their Microsoft Exchange application. During the investigation, GTSC Blue Team experts determined that the attack utilized an unpublished Exchange security vulnerability, i.e.,…

Threat Research

Redline Stealer and Mozilla Thunderbird

September 23, 2022May 24, 2024 Securonix

Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats within minutes.

We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware.…

Threat Research

Iranian State Actors Conduct Cyber Operations Against the Government of Albania | CISA

September 15, 2022May 24, 2024 Securonix

Summary

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory to provide information on recent cyber operations against the Government of Albania in July and September. This advisory provides a timeline of activity observed, from initial access to execution of encryption and wiper attacks.…

Threat Research

Atlassian Confluence Vulnerability CVE-2022-26134 Abused For Cryptocurrency Mining, Other Malware

September 15, 2022May 24, 2024 Securonix

Users are advised to patch immediately: We found exploit samples abusing the Atlassian Confluence vulnerability (CVE-2022-26134) in the wild for malicious cryptocurrency mining.

We observed the active exploitation of CVE-2022-26134, an unauthenticated remote code execution (RCE) vulnerability with a critical rating of 9.8 in the collaboration tool Atlassian Confluence.…

Threat Research

Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations | CISA

September 8, 2022May 24, 2024 Securonix

Summary

Actions to take today to protect against ransom operations:

• Keep systems and software updated and prioritize remediating known exploited vulnerabilities.• Enforce MFA.• Make offline backups of your data.

This joint Cybersecurity Advisory (CSA) is the result of an analytic effort among the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), U.S.…

Threat Research

THREAT ANALYSIS REPORT: PlugX RAT Loader Evolution

September 1, 2022May 24, 2024 Securonix

The Cybereason Global Security Operations Center (GSOC) Team issues Threat Analysis Reports to inform on impacting threats. The Threat Analysis Reports investigate these threats and provide practical recommendations for protecting against them.

Views: 0…

Threat Research

Play Ransomware Attack Playbook Similar to that of Hive, Nokoyawa

August 29, 2022May 24, 2024 Securonix

Play is a new ransomware that takes a page out of Hive and Nokoyawa’s playbook. The many similarities among them indicate that Play, like Nokoyawa, are operated by the same people.

In July, we investigated a spate of ransomware cases in the Latin American region that targeted government entitles, which was initially attributed to a new player known as Play ransomware.…

Threat Research

BumbleBee a New Modular Backdoor Evolved From BookWorm

August 26, 2022May 24, 2024 Securonix

In March 2021, we investigated a backdoor with a unique modular architecture and called it BumbleBee due to a string embedded in the malware. However, in our recent investigations, we have discovered a controller application that expands its capabilities.

Updated on Sept. 6, 2022, at 11:55 p.m.…

Threat Research

Deep Dive into a Corporate Espionage Operation

August 25, 2022May 24, 2024 Securonix

Corporate espionage, also known as industrial espionage, is espionage conducted for commercial or financial purposes. One of the common misconceptions is that espionage is affecting only large corporations or government entities, but it is more common than expected. In this article, we provide an analysis of one such exfiltration and explain why these attacks are on the rise. …

Threat Research

Attackers Using FRP (Fast Reverse Proxy) to Attack Korean Companies – ASEC BLOG

August 23, 2022May 24, 2024 Securonix

Recently, there have been frequent incidents where attackers infiltrated and took control of the internal network of Korean companies, starting with vulnerable servers externally exposed.

This is a case of infiltration into an IIS web server or an MS Exchange server and is the same as previously known types.…

Threat Research

New Golang Ransomware Agenda Customizes Attacks

August 19, 2022May 24, 2024 Securonix

A new piece of ransomware written in the Go language has been targeting healthcare and education enterprises in Asia and Africa. This ransomware is called Agenda and is customized per victim.

We recently discovered a new piece of targeted ransomware that was created in the Go programming language and that explicitly targeted one of our customers.…

Threat Research

Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite | CISA

August 17, 2022May 24, 2024 Securonix

Summary

Actions for ZCS administrators to take today to mitigate malicious cyber activity:

• Patch all systems and prioritize patching known exploited vulnerabilities.

• Deploy detection signatures and hunt for indicators of compromise (IOCs).

• If ZCS was compromised, remediate malicious activity.

Updated November 10, 2022: This product was written by the Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC) with contributions by the Federal Bureau of Investigation (FBI).…

Threat Research

BitRAT and XMRig CoinMiner Being Distributed via Windows License Verification Tool – ASEC BLOG

August 16, 2022May 24, 2024 Securonix

The ASEC analysis team has recently discovered the distribution of BitRAT and XMRig CoinMiner disguised as a Windows license verification tool. As introduced in previous posts, BitRAT has a history of being distributed on webhards as MS Windows license verification tools and MS Office installation programs.…

Threat Research

Life After Death—SmokeLoader Continues to Haunt Using Old Vulnerabilities

August 1, 2022 Securonix

Vulnerability management and remediation are some of the most difficult problems to tackle within an organization. Multiple solutions, watchlists, and warnings are designed to ensure that companies and end users patch their software against known security vulnerabilities.

Unfortunately, even with tools available and teams forewarned with up-to-date information, this often does not happen in a timely manner or even at all.…

Threat Research

LogoKit update – The phishing kit leveraging Open Redirect Vulnerabilities

August 1, 2022 Securonix

Resecurity, Inc. (USA), a Los Angeles-based cybersecurity company providing managed threat detection and response for Fortune 500’s, identified threat actors leveraging Open Redirect Vulnerabilities popular in online services and apps to bypass spam filters to ultimately deliver phishing content.

Using highly trusted service domains like Snapchat and other online-services, they create special URLs which lead to malicious resources with phishing kits.…

Threat Research

Attackers leveraging Dark Utilities “C2aaS” platform in malware campaigns

July 27, 2022 Securonix

By Edmund Brumaghin, Azim Khodjibaev and Matt Thaxton, with contributions from Arnaud Zobec.

Executive SummaryDark Utilities, released in early 2022, is a platform that provides full-featured C2 capabilities to adversaries. It is marketed as a means to enable remote access, command execution, distributed denial-of-service (DDoS) attacks and cryptocurrency mining operations on infected systems.…

Threat Research

SolidBit Ransomware Enters the RaaS Scene and Takes Aim at Gamers and Social Media Users With New Variant

July 25, 2022 Securonix

This blog entry offers a technical analysis of a new SolidBit variant that is posing as different applications to lure gamers and social media users. The SolidBit ransomware group appears to be planning to expand its operations through these fraudulent apps and its recruitment of ransomware-as-a-service affiliates.…