Current Active Threats


Chinese "Twisted Panda" Hackers Caught Spying on Russian Defense Institutes
Date: 2022-05-23

At least two research institutes located in Russia and a third likely target in Belarus have been at the receiving end of an espionage attack by a Chinese nation-state advanced persistent threat (APT). The attacks, codenamed "Twisted Panda," come in the backdrop of Russia's military invasion of Ukraine, prompting a wide range of threat actors to swiftly adapt their campaigns on the ongoing conflict to distribute malware and stage opportunistic attacks. They have materialized in the form of social engineering schemes with topical war and sanctions-themed baits orchestrated to trick potential victims into clicking malicious links or opening weaponized documents.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Russian Hackers Perform Reconnaissance Against Austria, Estonia
Date: 2022-05-23

In a new reconnaissance campaign, the Russian state-sponsored hacking group Turla was observed targeting the Austrian Economic Chamber, a NATO platform, and the Baltic Defense College. This discovery comes from cybersecurity firm Sekoia, which built upon previous findings of Google’s TAG, which has been following Russian hackers closely this year. Google warned about coordinated Russian-based threat group activity in late March 2022, while in May, they spotted two Turla domains used in ongoing campaigns. Sekoia used this information to investigate further and found that Turla targeted the federal organization in Austria and the military college in the Baltic region.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Google: Predator Spyware Infected Android Devices Using Zero-Days
Date: 2022-05-23

Google's Threat Analysis Group (TAG) says that state-backed threat actors used five zero-day vulnerabilities to install Predator spyware developed by commercial surveillance developer Cytrox. In these attacks, part of three campaigns that started between August and October 2021, the attackers used zero-day exploits targeting Chrome and the Android OS to install Predator spyware implants on fully up-to-date Android devices.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Threat Actors Target the InfoSec Community with Fake PoC Exploits
Date: 2022-05-23

Researchers from threat intelligence firm Cyble uncovered a malware campaign targeting the infoSec community. The expert discovered a post where a researcher were sharing a fake Proof of Concept (POC) exploit code for an RPC Runtime Library Remote Code Execution flaw (CVE-2022-26809 CVSS 9.8). The malware, disguised as a fake PoC code, was available on GitHub.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Cisco Urges Admins to Patch IOS XR Zero-day Exploited in Attacks
Date: 2022-05-23

Cisco has addressed a zero-day vulnerability in its IOS XR router software that allowed unauthenticated attackers to remotely access Redis instances running in NOSi Docker containers. The IOS XR Network OS is deployed on multiple Cisco router platforms, including NCS 540 & 560, NCS 5500, 8000, and ASR 9000 series routers.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Researchers Uncover Rust Supply-Chain Attack Targeting Cloud CI Pipelines
Date: 2022-05-20

A case of software supply chain attack has been observed in the Rust programming language's crate registry that leveraged typosquatting techniques to publish a rogue library containing malware. Cybersecurity firm SentinelOne dubbed the attack "CrateDepression."

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Conti Ransomware Shuts Down Operation, Rebrands Into Smaller Units
Date: 2022-05-20

Advanced Intel researcher Yelisey Boguslavskiy, announced on Twitter yesterday that the Conti ransomware gang has officially shut down its operation, stating the gang’s internal infrastructure was turned off. “While public-facing 'Conti News' data leak and the ransom negotiation sites are still online, Boguslavskiy told BleepingComputer that the Tor admin panels used by members to perform negotiations and publish "news" on their data leak site are now offline”

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Microsoft Detects Massive Surge in Linux XorDdos Malware Activity
Date: 2022-05-20

Microsoft stated in a blog post yesterday that it has seen a 254% increase in activity from a Linux trojan called XorDdos. XorDdos is a modular malware that amasses botnets by targeting a multitude of Linux system architectures (ARM, x86, and x64). First discovered in 2014 by the research group MalwareMustDie, XorDdos was named after its usage of XOR-based encryption for C2 communication and being employed to launch distributed denial-of-service (DDoS) attacks. As the tech giant revealed, the botnet’s success is likely due to its extensive use of various evasion and persistence tactics which allow it to remain stealthy and hard to remove.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Modern "Smart" Farm Machinery Vulnerable to Cyber-Attackers
Date: 2022-05-20

A new risk analysis published today warns that modern “smart” farm machinery is vulnerable to malicious hackers, leaving global supply chains exposed to risk. The analysis, published in the journal Nature Machine Intelligence, warns that hackers could exploit flaws in agricultural hardware used to plant and harvest crops. Additionally, it said automatic crop sprayers, drones and robotic harvesters could be vulnerable to hackers.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Canada Bans Huawei and ZTE from 5G Networks Over Security Concerns
Date: 2022-05-19

The Government of Canada announced its intention to ban the use of Huawei and ZTE telecommunications equipment and services across the country's 5G and 4G networks. The statement explains that after a thorough review from Canada's independent security agencies, the two Chinese tech companies have been deemed too great of a security risk to be allowed in the country's telecommunication network.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Jupiter WordPress Plugin Flaws Let Hackers Take Over Sites
Date: 2022-05-19

WordPress security analysts have discovered a set of vulnerabilities impacting the Jupiter Theme and JupiterX Core plugins for WordPress, one of which is a critical privilege escalation flaw. Jupiter is a powerful high-quality theme builder for WordPress sites used by over 90,000 popular blogs, online mags, and platforms that enjoy heavy user traffic. The vulnerability, tracked as CVE-2022-1654, and given a CVSS score of 9.9 (critical), allows any authenticated user on a site using the vulnerable plugins to gain administrative privileges.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

QNAP Alerts NAS Customers of New Deadbolt Ransomware Attacks
Date: 2022-05-19

Taiwan-based network-attached storage (NAS) maker QNAP warned customers on Thursday to secure their devices against attacks pushing DeadBolt ransomware payloads. The company asked users to update their NAS devices to the latest software version and ensure that they're not exposed to remote access over the Internet.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Web Trackers Caught Intercepting Online Forms Even Before Users Hit Submit
Date: 2022-05-19

A new research published by academics from KU Leuven, Radboud University, and the University of Lausanne has revealed that users' email addresses are exfiltrated to tracking, marketing, and analytics domains before such is submitted and without prior consent. The study involved crawling 2.8 million pages from the top 100 websites, and found that as many as 1,844 websites allowed trackers to capture email addresses before form submission in the European Union, a number that jumped to 2,950 when the same set of websites were visited from the U.S.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

China-linked Space Pirates APT Targets the Russian Aerospace Industry
Date: 2022-05-19

A previously unknown Chinese cyberespionage group, tracked as ‘Space Pirates’, targets enterprises in the Russian aerospace industry with spear-phishing attacks. The group has been active since at least 2017, researchers believe it is linked with other China-linked APT groups, including APT41 (Winnti), Mustang Panda, and APT27.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Ransomware Gangs Rely More on Weaponizing Vulnerabilities
Date: 2022-05-19

Group IB released a report this week outline various tactics ransomware groups are using to breach victim networks. According to their research, external remote access services continue to be the main attack vector used by ransomware gangs to gain initial access. However, they note that there has been an uptick in the use of exploitable vulnerabilities.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

VMware Patches Critical Auth Bypass Flaw in Multiple Products
Date: 2022-05-18

VMware warned customers today to immediately patch a critical authentication bypass vulnerability "affecting local domain users" in multiple products that can be exploited to obtain admin privileges. The flaw (tracked as CVE-2022-22972) was reported by Bruno López of Innotec Security, who found that it impacts Workspace ONE Access, VMware Identity Manager (vIDM), and vRealize Automation.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Microsoft Warns of "Cryware" Info-Stealing Malware Targeting Crypto Wallets
Date: 2022-05-18

Microsoft is warning of an emerging threat targeting internet-connected cryptocurrency wallets, signaling a departure in the use of digital coins in cyberattacks. The tech giant dubbed the new threat "cryware," with the attacks resulting in the irreversible theft of virtual currencies by means of fraudulent transfers to an adversary-controlled wallet.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

[WS] Wizard Spider Group In-Depth Analysis
Date: 2022-05-18

On May 16, 2022, the threat intelligence team at PRODAFT (PTI) released a report detailing the inner workings of the Wizard Spider group. Wizard Spider is a financially motivated cybercrime group that is believed to operate out of Russia. The group was first identified in 2017 and is known for the creation and deployment of TrickBot, a modular malware that was officially discounted earlier this year. Wizard Spider possesses a diverse arsenal of tools and has conducted ransomware campaigns against a variety of organizations, ranging from major corporations to hospitals. The group has been tied to various malware variants including Ryuk, Conti, Bazar, Cobalt Strike, etc.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Researchers Spotted a New Variant of the UpdateAgent macOS Malware Dropper
Date: 2022-05-18

Researchers from the Jamf Threat Labs team have uncovered a new variant of the UpdateAgent macOS malware dropper. The new version is written in Swift and relies on the AWS infrastructure to host its malicious payloads. The malware dropper has a variety of capabilities including system fingerprinting, endpoint registration, and persistence tools. For second stage payloads, researchers found evidence of different types of malware, spyware and adware.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Microsoft Warns of Brute-force Attacks Targeting MSSQL Servers
Date: 2022-05-18

Microsoft warned of brute-forcing attacks targeting Internet-exposed and poorly secured Microsoft SQL Server (MSSQL) database servers using weak passwords. While this isn't necessarily the first time MSSQL servers have been targeted in such attacks, Microsoft says that the threat actors behind this recently observed campaign are using the legitimate sqlps.exe tool as a LOLBin (short for living-off-the-land binary)

The threat actors are using the sqlps[.]exe utility to achieve fileless persistence. The executable is a PowerShell wrapper used for running SQL-built commands. The executable is also used to create a new sysadmin account which allows them to take control of the SQL server. From there they can perform other actions and deploy additional payloads like ransomware or cryptominers.


Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

A Custom Powershell RAT Uses to Target German Users Using Ukraine Crisis as Bait
Date: 2022-05-17

Researchers at Malwarebytes uncovered a campaign that targets German users with a custom PowerShell RAT. The threat actors attempt to trick victims into opening weaponized documents by using the current situation in Ukraine as bait. The attackers registered a decoy site that was an expired German domain name at collaboration-bw[.]de. The site was hosting a bait document, named “2022-Q2-Bedrohungslage-Ukraine,” used to deliver the custom malware. The document appears to contain information about the current crisis in Ukraine.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Hackers Target Tatsu WordPress Plugin in Millions of Attacks
Date: 2022-05-17

Hackers are massively exploiting a remote code execution vulnerability, CVE-2021-25094, in the Tatsu Builder plugin for WordPress, which is installed on about 100,000 websites. Tatsu Builder is a popular plugin that offers powerful template editing features integrated right into the web browser. Large attack waves started on May 10, 2022 and peaked four days later. Exploitation is currently ongoing.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

US Warning: North Korea's Tech Workers Posing as Freelance Developers
Date: 2022-05-17

Skilled software and mobile app developers from North Korea are posing as US-based remote workers to land contract work as developers in US and European tech and crypto firms. The warning comes in a new joint advisory from The US Department of State, the US Department of the Treasury, and the Federal Bureau of Investigation (FBI) outlining the role North Korean IT workers play in raising revenue for North Korea, which contributes to its weapons of mass destruction (WMD) and ballistic missile programs, in violation of U.S. and UN sanctions.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

CISA Warns Admins to Patch Actively Exploited VMware, Zyxel Bugs
Date: 2022-05-17

CISA has added two more vulnerabilities to its list of actively exploited bugs, a code injection bug in the Spring Cloud Gateway library and a command injection flaw in Zyxel firmware for business firewalls and VPN devices. The Spring Framework vulnerability (CVE-2022-22947) is a maximum severity weakness that attackers can abuse to gain remote code execution on unpatched hosts. The vulnerability is being used by a recently discovered botnet called Sysrv, which is installing cryptomining malware on vulnerable Windows and Linux servers.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Ukraine CERT-UA Warns of New Attacks Launched by Russia-linked Armageddon APT
Date: 2022-05-16

Ukraine CERT has released details on a new phishing attack carried out by the Russian linked Armageddon group. The threat actors are using a HTM-file to decode and create an archive named “Henson[.]rar” which contains a malicious LNK file titled “”Kherson[.]lnk.” ”Upon clicking on the link file, the HTA-file “precarious[.]xml” is loaded and executed leading to the creation and execution of files “desktop[.]txt” and “user[.]txt”. In the last stage of the attack chain, the GammaLoad[.]PS1_v2 malware is downloaded and executed on the victim’s computer.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Hackers are Exploiting Critical Bug in Zyxel Firewalls and VPNs
Date: 2022-05-16

Hackers have started to exploit a recently patched critical vulnerability tracked as CVE-2022-30525, that affects Zyxel firewall and VPN devices for businesses. Successful exploitation allows a remote attacker to inject arbitrary commands remotely without authentication, which can enable setting up a reverse shell.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

SonicWall ‘Strongly Urges’ Admins to Patch SSLVPN SMA1000 Bugs
Date: 2022-05-16

SonicWall "strongly urges" customers to patch several high-risk security flaws impacting its Secure Mobile Access (SMA) 1000 Series line of products that can let attackers bypass authorization and, potentially, compromise unpatched appliances. SonicWall SMA 1000 SSLVPN solutions are used by enterprises to simplify end-to-end secure remote access to corporate resources across on-prem, cloud, and hybrid data center environments.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Engineering Firm Parker Discloses Data Breach After Ransomware Attack
Date: 2022-05-16

The Parker-Hannifin Corporation announced a data breach exposing employees' personal information after the Conti ransomware gang began publishing allegedly stolen data last month. Parker is an Ohio-based corporation specializing in advanced motion and control technologies, with a strong focus in aerospace hydraulic equipment. It has a revenue of $15.6 billion and employs over 58,000 people.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Microsoft: Sysrv Botnet Targets Windows, Linux Servers With New Exploits
Date: 2022-05-16

Microsoft says the Sysrv botnet is now exploiting vulnerabilities in the Spring Framework and WordPress to ensnare and deploy cryptomining malware on vulnerable Windows and Linux servers. Redmond discovered a new variant (tracked as Sysrv-K) that has been upgraded with more capabilities, including scanning for unpatched WordPress and Spring deployments.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

New Saitama Backdoor Targeted Official From Jordan's Foreign Ministry
Date: 2022-05-13

A spear-phishing campaign targeting Jordan's foreign ministry has been observed dropping a new stealthy backdoor dubbed Saitama. Researchers from Malwarebytes and Fortinet FortiGuard Labs attributed the campaign to an Iranian cyber espionage threat actor tracked under the moniker APT34, citing resemblances to past campaigns staged by the group.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Google Chrome Updates Failing on Android Devices in Russia
Date: 2022-05-13

A growing number of Android Google Chrome users in Russia are reporting errors when attempting to install the latest update for the web browser. The number of complaints is increasing every day but so far, the cause of the problem remains unknown and is still unsolved.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Zyxel Fixes Firewall Flaws That Could Lead To Hacked Networks
Date: 2022-05-13

Zyxel has fixed critical firewall vulnerabilities that could have allowed threat actors to gain full access to devices and the internal corporate networks they are designed to protect. The company pushed out the security updates in a silent update two weeks ago but more details emerged recently.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

A 10-point Plan to Improve the Security of Open Source Software
Date: 2022-05-13

The Linux Foundation and the Open Source Software Security Foundation, with input provided by executives from 37 companies and many U.S. government leaders, delivered a 10-point plan to broadly address open source and software supply chain security, by securing open source security production, improving vulnerability discovery and remediation, and shortening the patching response time of the ecosystem.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Ukrainian Gets Four Years for Brute Forcing Thousands of Credentials
Date: 2022-05-13

A Ukrainian man has been handed a four-year jail term for stealing thousands of server logins and putting them up for sale on the dark web. Glib Oleksandr Ivanov-Tolpintsev, 28, from Chernivtsi, was arrested in October 2020 by Polish police and subsequently extradited to the US, where he pleaded guilty in February this year.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Personal Details of 21M SuperVPN, GeckoVPN Users Leaked on Telegram
Date: 2022-05-12

On May 7th, researchers became aware of an online database containing personal details and login credentials for 21 million users of various VPN providers. The leaked database contains 10GBs of sensitive information from SuperVPN, GeckoVPN, and ChatVPN. The details from the database were actually stolen over a year ago and were put up for sale on Dark Web marketplaces. Now, the information is publicly available on Telegram for free.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Costa Rica Declares National Emergency Following Conti Cyber-Attack
Date: 2022-05-12

Costa Rica has declared a national emergency following sustained cyber-attacks on government systems by the Russia-based Conti ransomware gang. The decree, signed by newly-elected President Rodrigo Chaves, is believed to be the first-ever response of this type by a government to a cyber-attack. Chaves described the attack, which took place on April 18, as an act of “cyber terrorism” .

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

HP Fixes Bug Letting Attackers Overwrite Firmware in Over 200 Models
Date: 2022-05-12

HP has released BIOS updates today to fix two high-severity vulnerabilities affecting a wide range of PC and notebook products, which allow code to run with Kernel privileges. Kernel-level privileges are the highest rights in Windows, allowing threat actors to execute any command at the Kernel level, including manipulating drivers and accessing the BIOS.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Iranian Hackers Leveraging BitLocker and DiskCryptor in Ransomware Attacks.
Date: 2022-05-12

A ransomware group with an Iranian operational connection has been linked to a string of file-encrypting malware attacks targeting organizations in Israel, the U.S., Europe, and Australia. Cybersecurity firm Secureworks attributed the intrusions to a threat actor it tracks under the moniker Cobalt Mirage, which it said is linked to an Iranian hacking crew dubbed Cobalt Illusion (aka APT35, Charming Kitten, Newscaster, or Phosphorus)

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Massive Hacking Campaign Compromised Thousands of WordPress Websites - New resource in watched category
Date: 2022-05-12

Cybersecurity researchers from Sucuri uncovered a massive campaign that compromised thousands of WordPress websites by injecting malicious JavaScript code that redirects visitors to scam content. According to Sucuri, at least 322 websites were compromised as a result of this new wave of attacks. The infections automatically redirect site visitors to third-party websites containing malicious content (i.e. phishing pages, malware downloads), scam pages, or commercial websites to generate illegitimate traffic.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

CISA Alert: Protecting Against Cyber Threats to Managed Service Providers and their Customers
Date: 2022-05-12

The cybersecurity authorities of the United Kingdom (NCSC-UK), Australia (ACSC), Canada (CCCS), New Zealand (NCSC-NZ), and the United States (CISA), (NSA), (FBI) are aware of recent reports that observe an increase in malicious cyber activity targeting managed service providers (MSPs) and expect this trend to continue.[1] This joint Cybersecurity Advisory (CSA) provides actions MSPs and their customers can take to reduce their risk of falling victim to a cyber intrusion. This advisory describes cybersecurity best practices for information and communications technology (ICT) services and functions, focusing on guidance that enables transparent discussions between MSPs and their customers on securing sensitive data. Organizations should implement these guidelines as appropriate to their unique environments, in accordance with their specific security needs, and in compliance with applicable regulations. MSP customers should verify that the contractual arrangements with their provider include cybersecurity measures in line with their particular security requirements.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Researchers Warn of Nerbian RAT Targeting Entities in Italy, Spain, and the U.K - New resource in watched category
Date: 2022-05-11

A previously undocumented remote access trojan (RAT) written in the Go programming language has been spotted disproportionately targeting entities in Italy, Spain, and the U.K. Called Nerbian RAT by enterprise security firm Proofpoint, the novel malware leverages COVID-19-themed lures to propagate as part of a low volume email-borne phishing campaign that started on April 26, 2022.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

New IceApple Exploit Toolset Deployed on Microsoft Exchange Servers - New resource in watched category
Date: 2022-05-11

Security researchers have found a new post-exploitation framework that they dubbed IceApple, deployed mainly on Microsoft Exchange servers across a wide geography. IceApple is a highly sophisticated .NET-based framework that comes with at least 18 modules, each for a specific task, that help the attacker discover relevant machines on the network, steal credentials, delete files and directories, or exfiltrate valuable data. These modules run in memory, emphasizing the adversary’s priority of maintaining a low forensic footprint on the infected host.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Bitter APT Hackers Add Bangladesh to Their List of Targets in South Asia - New resource in watched category
Date: 2022-05-11

An espionage-focused threat actor known for targeting China, Pakistan, and Saudi Arabia has expanded to set its sights on Bangladeshi government organizations as part of an ongoing campaign that commenced in August 2021. Cybersecurity firm Cisco Talos attributed the activity with moderate confidence to a hacking group dubbed the Bitter APT based on overlaps in the command-and-control (C2) infrastructure with that of prior campaigns mounted by the same actor.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Threat Actors are Actively Exploiting CVE-2022-1388 RCE in F5 BIG-IP updated: CISA Tells Federal Agencies to Fix Actively Exploited F5 BIG-IP Bug
Date: 2022-05-11

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a new security vulnerability to its list of actively exploited bugs, the critical severity CVE-2022-1388 affecting BIG-IP network devices. F5 customers using BIG-IP solutions include governments, Fortune 500 firms, banks, service providers, and consumer brands (including Microsoft, Oracle, and Facebook), with the company claiming that "48 of Fortune 50 companies are F5 customers

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Hackers are Using Tech Services Companies as a 'Launchpad' for Attacks on Customers - New resource in watched category
Date: 2022-05-11

International cybersecurity agencies are urging IT service providers and their customers to take actions to protect themselves from the threat of supply chain attacks. The cybersecurity agencies warn that Russia's invasion of Ukraine has increased the risk of cyberattacks against organizations around the world. But they also suggest a number of actions that IT and cloud service providers, along with their customers, can take to protect networks from supply chain attacks, where attackers gain access to a company that provides software or services to many other companies. "As this advisory makes clear, malicious cyber actors continue to target managed service providers, which is why it's critical that MSPs and their customers take recommended actions to protect their networks," said Jen Easterly, director of US's Cybersecurity and Infrastructure Security Agency (CISA).

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Microsoft Patch Tuesday
Date: 2022-05-10

This month, Microsoft released patches for 75 vulnerabilities. Of these 74, 7 are critical (2 elevation of privilege and 5 remote code execution), 66 are important, and 1 is rated as low. There is one zero-day vulnerability (CVE-2022-26925) that has been publicly disclosed and exploited in the wild. Two other vulnerabilities (CVE-2022-22713 and CVE-2022-29972) have been publicly disclosed but not yet observed exploited in the wild.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

New REvil Samples Indicate Ransomware Gang is Back After Months of Inactivity
Date: 2022-05-10

The notorious ransomware operation known as REvil (aka Sodin or Sodinokibi) has resumed after six months of inactivity, an analysis of new ransomware samples has revealed. "Analysis of these samples indicates that the developer has access to REvil's source code, reinforcing the likelihood that the threat group has reemerged," researchers from Secureworks Counter Threat Unit (CTU) said in a report published Monday.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Hacktivists Hacked Russian TV Schedules During Victory Day and Displayed Anti-war Messages
Date: 2022-05-10

Since Russia’s invasion of Ukraine, Hacktivists and white hat hackers have continued to support Ukraine by launching cyberattacks on Russian websites and infrastructure. In a recent attack, they defaced Russian TV with anti-war messages and took down the RuTube video streaming site. The attack took place during Russia’s Victory Day, Russians attempting to view the parade were displayed Pro-Ukraine messages due to a cyber attack that impacted the Russian TV listings systems. According to the BBC, the coordinated attack affected major Russian networks, including Channel One, Rossiya-1, MTS, Rostelecom, and NTV-Plus.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Lincoln College to Close After 157 Years Due to Ransomware Attack
Date: 2022-05-10

Lincoln College, a liberal-arts school from rural Illinois, says it will close its doors later this month, 157 years since its founding and following a brutal hit on its finances from the COVID-19 pandemic and a recent ransomware attack. This decision was made even harder with the college having survived multiple disasters, including a major fire in 1912, the Spanish flu, the Great Depression, the World Wars, and the 2008 global financial crisis.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Critical Infrastructure Firms See Cyber-Attacks Surge
Date: 2022-05-10

More than 70% of UK critical national infrastructure (CNI) providers have seen an increase in cyber-attacks since the start of the war in Ukraine, according to new research from Bridewell

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Threat Actors are Actively Exploiting CVE-2022-1388 RCE in F5 BIG-IP
Date: 2022-05-10

Threat actors started massively exploiting the critical remote code execution vulnerability, tracked as CVE-2022-1388, affecting F5 BIG-IP. F5 and CISA released a security advisory last week warning customers to install the latest updates for a variety of products.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

US Government Offers $15m Reward for Info on Conti Actors
Date: 2022-05-09

The US authorities have offered a multimillion-dollar reward for information leading to the identification, arrest and/or conviction of individuals involved in attacks using the Conti ransomware variant. Offered under the Department of State’s Transnational Organized Crime Rewards Program (TOCRP), the money is split into two pots: up to $10m for information on the identity or location of individuals “who hold a key leadership position” in Conti; and up to $5m for info leading to the arrest or conviction of anyone conspiring to use the malware in attacks

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Cyber Attack Halts Production at Ag Equipment Maker AGCO Fendt
Date: 2022-05-09

A cyber attack has disrupted the operations of AGCO/Fendt, a major manufacturer of agricultural equipment, the company has acknowledged. AGCO/Fendt, headquartered in Duluth, Georgia, said in a statement to the Security Ledger that it was the subject of a cybersecurity incident that “has impacted some of our production facilities. We are working to address the issues. Our first priority is to restore those critical activities needed to keep farmers farming.” The company first acknowledged the attack on Thursday, May 5.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Ukrainian CERT Warns Citizens of a New Wave of Attacks Distributing Jester Malware
Date: 2022-05-09

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of phishing attacks that deploy an information-stealing malware called Jester Stealer on compromised systems. The mass email campaign carries the subject line "chemical attack" and contains a link to a macro-enabled Microsoft Excel file, opening which leads to computers getting infected with Jester Stealer.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Check Your Gems: Rubygems Fixes Unauthorized Package Takeover Bug
Date: 2022-05-09

The RubyGems package repository has fixed a critical vulnerability that would allow anyone to unpublish ("yank") certain Ruby packages from the repository and republish their tainted or malicious versions with the same file names and version numbers.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Costa Rica Declares National Emergency After Conti Ransomware Attacks
Date: 2022-05-09

On Sunday, May 8th, newly elected Costa Rican President Rodrigo Chaves declared a national emergency following cyber-attacks from the Conti Ransomware group on multiple government bodies.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

GitHub Announces Mandatory 2FA for Code Contributors
Date: 2022-05-06

Code hosting platform GitHub on Wednesday said it would make it mandatory for software developers to use at least one form of two-factor authentication (2FA) by the end of 2023. The Microsoft-owned platform has been supporting 2FA for years and is allowing users to use physical and virtual security keys, Time-based One-Time Password (TOTP) authenticator apps, and SMS as a second form of authentication.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Ukraine’s IT Army is Disrupting Russia's Alcohol Distribution
Date: 2022-05-06

Hacktivists operating on the side of Ukraine have focused their DDoS attacks on a portal that is considered crucial for the distribution of alcoholic beverages in Russia. DDoS (distributed denial of service) attacks are collective efforts to overwhelm servers with large volumes of garbage traffic and bogus requests, rendering them unable to serve legitimate visitors.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Security Researchers: Here’s How the Lazarus Hackers Start Their Attacks
Date: 2022-05-06

The Lazarus hacking group is one of the top cybersecurity threats from North Korea, recently catching the attention of the US government for massive cryptocurrency heists. Now researchers at NCCGroup have pieced together a few of the tools and techniques Lazarus hackers have been using recently, including social engineering on LinkedIn, messaging US defense contractor targets on WhatsApp, and installing the malicious downloader LCPDot.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Microsoft, Apple and Google Team Up on Passwordless Standard
Date: 2022-05-06

Some of the world’s biggest tech companies are throwing considerable weight behind a common passwordless sign-in standard that could finally signal the end of static credentials for many users. Apple, Microsoft and Google announced plans to support the FIDO Alliance and World Wide Web Consortium (W3C) standard, making it easier for websites and apps to deliver end-to-end passwordless authentication via fingerprint/face scan or device PIN.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

New Raspberry Robin Worm Uses Windows Installer to Drop Malware
Date: 2022-05-06

Red Canary researchers have discovered a new wormable Windows malware that spreads through USB drives. They have dubbed the malware Raspberry Robin and first observed the activity back in September 2021. Using detection tools on customer networks, Red Canary saw the malware spreading in the technology and manufacturing sectors.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Cisco Issues Patches for 3 New Flaws Affecting Enterprise NFVIS Software
Date: 2022-05-05

Cisco Systems on Wednesday shipped security patches to contain three flaws impacting its Enterprise NFV Infrastructure Software (NFVIS) that could permit an attacker to fully compromise and take control over the hosts.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Decade-Old Bugs Discovered in Avast, AVG Antivirus Software
Date: 2022-05-05

Researchers have disclosed two high-severity vulnerabilities in Avast and AVG antivirus products which have gone undetected for ten years.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

New NetDooka Malware Spreads via Poisoned Search Results
Date: 2022-05-05

A new malware framework known as NetDooka has been discovered being distributed through the PrivateLoader pay-per-install (PPI) malware distribution service, allowing threat actors full access to an infected device. This previously undocumented malware framework features a loader, a dropper, a protection driver, and a powerful RAT component that relies on a custom network communication protocol.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

New NetDooka Malware Spreads via Poisoned Search Results
Date: 2022-05-05

A new malware framework known as NetDooka has been discovered being distributed through the PrivateLoader pay-per-install (PPI) malware distribution service, allowing threat actors full access to an infected device. This previously undocumented malware framework features a loader, a dropper, a protection driver, and a powerful RAT component that relies on a custom network communication protocol.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

FBI says Business Email Compromise is a $43 Billion Scam
Date: 2022-05-05

The Federal Bureau of Investigation (FBI) said today that the amount of money lost to business email compromise (BEC) scams continues to grow each year, with a 65% increase in the identified global exposed losses between July 2019 and December 2021. From June 2016 until July 2019, IC3 received victim complaints regarding 241,206 domestic and international incidents, with a total exposed dollar loss of $43,312,749,946

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

F5 Warns its Customers of Tens of Flaws in its Products
Date: 2022-05-05

F5 and US-CERT released security notifications this morning, warning of a handful of vulnerabilities in various products. In total the company addressed 43 vulnerabilities, the most severe being tracked as CVE-2022-1388. It received a CVSS scored of 9.8 and allows an unauthenticated attacker to exploit BIG-IP systems through the management port. Using the system they can execute arbitrary system commands, create or deleted files, or disable services.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

State-Backed Chinese Hackers Target Russia
Date: 2022-05-04

Financially motivated and state-sponsored actors around the globe continue to use the war in Ukraine as a lure for phishing campaigns, with Chinese groups targeting Russia of late, according to Google. The tech giant’s Threat Analysis Group (TAG) claimed in its new quarterly bulletin that the usual governments of China, Iran, North Korea and Russia were responsible for many of the attacks recorded over the period.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Unpatched DNS Bug Affects Millions of Routers and IoT Devices
Date: 2022-05-04

An Unpatched DNS bug in a popular C standard library is putting millions of IoT devices at risk of DNS poisoning attacks. Using the vulnerability, a threat actor may be able to spoof or redirect a victim to a malicious website under their control.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Chinese Hackers Caught Stealing Intellectual Property from Multinational Companies
Date: 2022-05-04

An elusive and sophisticated cyberespionage campaign orchestrated by the China-backed Winnti group has managed to fly under the radar since at least 2019. Dubbed "Operation CuckooBees" by Israeli cybersecurity company Cybereason, the massive intellectual property theft operation enabled the threat actor to exfiltrate hundreds of gigabytes of information. Targets included technology and manufacturing companies primarily located in East Asia, Western Europe, and North America.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Conti, Revil, Lockbit Ransomware Bugs Exploited to Block Encryption
Date: 2022-05-04

Hackers commonly exploit vulnerabilities in corporate networks to gain access, but a researcher has turned the table by finding exploits in the most common ransomware and malware being distributed today. Malware from notorious ransomware operations like Conti, the revived REvil, the newcomer Black Basta, the highly active LockBit, or AvosLocker, all came with security issues that could be exploited to stop the final and most damaging step of the attack, file encryption.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Pro-Ukraine Hackers Use Docker Images to DDoS Russian Sites
Date: 2022-05-04

Docker images with a download count of over 150,000 have been used to run distributed denial-of-service (DDoS) attacks against a dozen Russian and Belarusian websites managed by the government, military, and news organizations. Behind the incidents are believed to be pro-Ukrainian actors such as hacktivists, likely backed by the country's IT Army.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Aruba and Avaya Network Switches Are Vulnerable to RCE Attacks
Date: 2022-05-03

Security researchers have discovered five vulnerabilities in network equipment from Aruba (owned by HP) and Avaya (owned by ExtremeNetworks), that could allow malicious actors to execute code remotely on the devices. The damage caused by a successful attack ranges from data breach and complete device takeover to lateral movement and overriding network segmentation defenses.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Green - Chinese Cyber-espionage Group Moshen Dragon Targets Asian Telcos
Date: 2022-05-03

Researchers have identified a new cluster of malicious cyber activity tracked as Moshen Dragon, targeting telecommunication service providers in Central Asia. While this new threat group has some overlaps with "RedFoxtrot" and "Nomad Panda," including the use of ShadowPad and PlugX malware variants, there are enough differences in their activity to follow them separately.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

AvosLocker Ransomware Variant Using New Trick to Disable Antivirus Protection
Date: 2022-05-03

Cybersecurity researchers have disclosed a new variant of the AvosLocker ransomware that disables antivirus solutions to evade detection after breaching target networks by taking advantage of unpatched security flaws.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

SOLARDEFLECTION C2 Infrastructure Used by NOBELIUM in Company Brand Misuse
Date: 2022-05-03

Recorded Future’s Insikt Group continues to monitor Russian state-sponsored cyber espionage operations targeting government and private sector organizations across multiple geographic regions. From mid-2021 onwards, Recorded Future’s midpoint collection revealed a steady rise in the use of NOBELIUM infrastructure tracked by Insikt Group as SOLARDEFLECTION, which encompasses command and control (C2) infrastructure. In this report, we highlight trends observed by Insikt Group while monitoring SOLARDEFLECTION infrastructure and the recurring use of typosquat domains by its operators.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

UNC3524 APT Uses IP Cameras to Deploy Backdoors and Target Exchange
Date: 2022-05-03

Mandiant researchers discovered a new APT group, tracked as UNC3524, that heavily targets the emails of employees that focus on corporate development, mergers and acquisitions, and large corporate transactions. Once gained initial access to the target systems, UNC3524 deployed a previously unknown backdoor tracked by Mandiant researchers as QUIETEXIT. The QUIETEXIT backdoor borrows the code from the open-source Dropbear SSH client-server software. The threat actors deployed QUIETEXIT on network appliances within the target network, including load balancers and wireless access point controllers.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Chinese "Override Panda" Hackers Resurface With New Espionage Attacks
Date: 2022-05-02

A Chinese state-sponsored espionage group known as Override Panda has resurfaced in recent weeks with a new phishing attack with the goal of stealing sensitive information. "The Chinese APT used a spear-phishing email to deliver a beacon of a Red Team framework known as 'Viper,'" Cluster25 said in a report published last week. "The target of this attack is currently unknown but with high probability, given the previous history of the attack perpetrated by the group, it might be a government institution from a South Asian country."

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Here's a New Tool That Scans Open-Source Repositories for Malicious Packages
Date: 2022-05-02

The Open Source Security Foundation (OpenSSF) has announced the initial prototype release of a new tool that's capable of carrying out dynamic analysis of all packages uploaded to popular open source repositories. Called the Package Analysis project, the initiative aims to secure open-source packages by detecting and alerting users to any malicious behavior with the goal of bolstering the security of the software supply chain and increasing trust in open-source software.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Russian Hackers Compromise Embassy Emails to Target Governments
Date: 2022-05-02

Security analysts have uncovered a recent phishing campaign from Russian hackers known as APT29 (Cozy Bear or Nobelium) targeting diplomats and government entities in Europe, the Americas, and Asia. The APT29 is a state-sponsored actor that focuses on cyberespionage and has been active since at least 2014. Its targeting scope is determined by current Russian geopolitical strategic interests.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

REvil Ransomware Returns: New Malware Sample Confirms Gang is Back
Date: 2022-05-02

“The notorious REvil ransomware operation has returned amidst rising tensions between Russia and the USA, with new infrastructure and a modified encryptor allowing for more targeted attacks”. The REvil ransomware group was shut down by law enforcement back in October of 2021. Various members of the group was arrested and their Tor servers were seized. There has been rumors that the groups Tor servers were back online, and this week we are seeing reports that their previous websites are now redirecting visitors to a new unnamed ransomware operation.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Hackers Fool Major Tech Companies Into Handing Over Data of Women and Minors to Abuse
Date: 2022-04-29

Some major tech companies have unwittingly opened harassment and exploitation opportunities to the women and children who they have pledged to protect. This happened because they provided information in response to emergency data requests from legitimate law enforcement accounts that hackers had compromised. This finding came from four federal law enforcement agencies and a couple of industry investigators.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Ongoing DDoS Attacks From Compromised Sites Hit Ukraine
Date: 2022-04-29

Ukraine ‘s computer emergency response team (CERT-UA) announced that it is investigating, along with the National Bank of Ukraine (CSIRT-NBU), ongoing DDoS (distributed denial of service) attacks targeting pro-Ukraine sites and the government web portal.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Microsoft Fixes ExtraReplica Azure Bugs That Exposed User Databases
Date: 2022-04-29

Microsoft has addressed a chain of critical vulnerabilities found in the Azure Database for PostgreSQL Flexible Server that could let malicious users escalate privileges and gain access to other customers' databases after bypassing authentication.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

EmoCheck Now Detects New 64-bit Versions of Emotet Malware
Date: 2022-04-29

The Japan CERT has released a new version of their EmoCheck utility to detect new 64-bit versions of the Emotet malware that began infecting users this month. Emotet is one of the most actively distributed malware spread through emails using phishing emails with malicious attachments, including Word/Excel documents, Windows shortcuts, ISO files, and password-protected zip files. The phishing emails use creative lures to trick users into opening the attachments, including reply-chain emails, shipping notices, tax documents, accounting reports, or even holiday party invites.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

FIN7 BadUSB
Date: 2022-04-28

The criminal group FIN7 has been mailing malware-ridden USBs to various entities in the transport, insurance, and defense industries under the guise that they originated from a trusted source, such as Amazon and the US Department of Health and Human Services. Those from the former were supposedly gift vouchers, while the latter claimed to include new COVID guidelines. FIN7’s badUSB attacks serve as a reminder of two key vulnerabilities present among all organizations.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Cybercriminals Using New Malware Loader 'Bumblebee' in the Wild
Date: 2022-04-28

Cybercriminal actors previously observed delivering BazaLoader and IcedID as part of their malware campaigns are said to have transitioned to a new loader called Bumblebee that's under active development.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

New Black Basta Ransomware Springs Into Action With a Dozen Breaches
Date: 2022-04-28

A new ransomware gang known as Black Basta has quickly catapulted into operation this month, breaching at least twelve companies in just a few weeks. The first known Black Basta attacks occurred in the second week of April, as the operation quickly began attacking companies worldwide. While ransom demands likely vary between victims, BleepingComputer is aware of one victim who received over a $2 million demand from the Black Basta gang to decrypt files and not leak data.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Experts Detail 3 Hacking Teams Working Under the Umbrella of TA410 Group
Date: 2022-04-28

A cyberespionage threat actor known for targeting a variety of critical infrastructure sectors in Africa, the Middle East, and the U.S. has been observed using an upgraded version of a remote access trojan with information-stealing capabilities.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

CloudFlare Blocked a Record HTTPs DDoS Attack Peaking at 15 Million RPS
Date: 2022-04-28

Cloudflare announced to have mitigated a distributed denial-of-service (DDoS) attack that peaked at 15.3 million request-per-second (RPS), which is one of the largest HTTPS DDoS attacks blocked by the company.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Microsoft: Russia Has Launched Hundreds of Cyberattacks Against Ukraine
Date: 2022-04-28

Microsoft warns it saw six Russia-aligned, state-sponsored hacking groups launch over 237 cyberattacks against Ukraine starting in the weeks before Russia's February 24 invasion. Microsoft has released an in-depth report detailing how Russian cyberattacks against Ukraine were "strongly correlated" or "directly timed" with its military operations in the country.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

2021 Top Routinely Exploited Vulnerabilities
Date: 2022-04-27

CISA, the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), the Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS), the New Zealand National Cyber Security Centre (NZ NCSC), and the United Kingdom’s National Cyber Security Centre (NCSC-UK) have released a joint Cybersecurity Advisory that provides details on the top 15 Common Vulnerabilities and Exposures (CVEs) routinely exploited by malicious cyber actors in 2021, as well as other CVEs frequently exploited. CISA encourages users and administrators to review joint Cybersecurity Advisory: 2021 Top Routinely Exploited Vulnerabilities and apply the recommended mitigations to reduce the risk of compromise by malicious cyber actors.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

US Offers $10m for Russian NotPetya Sandworm Team
Date: 2022-04-27

The US authorities are offering a multimillion-dollar reward for anyone with information that could identify or locate six members of a notorious Russian state hacking group responsible for NotPetya.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Chinese State-Backed Hackers Now Target Russian State Officers
Date: 2022-04-27

Security researchers analyzing a phishing campaign targeting Russian officials found evidence that points to the China-based threat actor tracked as Mustang Panda (also known as HoneyMyte and Bronze President). The threat group was previously seen orchestrating intelligence collection campaigns against European targets, employing phishing lures inspired by the Russian invasion of Ukraine.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Rig Exploit Kit Drops Redline Malware via Internet Explorer Bug
Date: 2022-04-27

Threat analysts have uncovered yet a new campaign that uses the RIG Exploit Kit to deliver the RedLine stealer malware. Exploit kits (EKs) have dropped drastically in popularity as they targeted vulnerabilities in web browsers introduced by plug-in software such as the now-defunct Flash Player and Microsoft Sillverlight.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Russian Govt Impersonators Target Telcos in Phishing Attacks
Date: 2022-04-27

A previously unknown and financially motivated hacking group is impersonating a Russian agency in a phishing campaign targeting entities in Eastern European countries. The phishing emails pretend to come from the Russian Government’s Federal Bailiffs Service and are written in the Russian language, with the recipients being telecommunication service providers and industrial firms in Lithuania, Estonia, and Russia.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

North Korean Hackers Targeting Journalists With Novel Malware
Date: 2022-04-26

North Korean state-sponsored hackers known as APT37 have been discovered targeting journalists specializing in the DPRK with a novel malware strain. The malware is distributed through a phishing attack first discovered by NK News, an American news site dedicated to covering news and providing research and analysis about North Korea, using intelligence from within the country.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Iranian Hackers Exploiting VMware RCE Bug to Deploy 'Core Impact' Backdoor
Date: 2022-04-26

An Iranian-linked threat actor known as Rocket Kitten has been observed actively exploiting a recently patched VMware vulnerability to gain initial access and deploy the Core Impact penetration testing tool on vulnerable systems.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Researchers Takeover Unpatched 3rd-Party Antivirus Sandboxes via VirusTotal
Date: 2022-04-26

Security researchers have disclosed a security issue that could have allowed attackers to weaponize the VirusTotal platform as a conduit to achieve remote code execution (RCE) on unpatched third-party sandboxing machines employed antivirus engines.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Security Teams Should Be Addressing Quantum Cyber-Threats Now
Date: 2022-04-26

Addressing quantum cyber-threats should already be a high priority for cybersecurity professionals, according to Duncan Jones, head of cybersecurity at Quantinuum, speaking during the ISC2 Secure Webinar ‘The Threat and Promise of Quantum Cybersecurity. Jones began by emphasizing the significant differences between quantum and classical computing, both in operations and possibilities. One of the most significant of these is that while classical computers only have binary choices, 0 or 1, quantum computers are made up of ‘qubits,’ which “can have values that are combinations of 0 and 1.” This mixture is known as a ‘superposition.’ This enables calculations to be made in parallel. In addition, qubits can be connected, which provides the opportunity to model aspects of nature in their entirety. This aspect offers enormous potential in fields like drug discovery, where testing could be simulated rather than requiring lengthy and expensive trials.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

98% of orgs with Office 365 harbor malicious emails inside their mailboxes. Threats like ransomware, spear phishing, and account takeover put your organization and employees at significant risk. Find out what’s hiding in your inbox.


Via security assessment, we can quickly identify security gaps, patches and software updates that are out of date, then advise steps to fix.


Via short questionnaire, we'll help you determine whether weakness exist in the way you protect your confidential data. In a few minutes, we'll produce a comprehensive profile of strengths and vulnerabilities of your IT security. Let us show you where protections should be placed before those vulnerabilities are exploited.


LA-Cyber can directly submit suspicious URLs and files through the ISAO’s Cyber Forum for rapid analysis to determine if they are known or zero-day cybersecurity threats.



Suggested Pages

Readiness Pro: Privacy/Security Assessment & Policy Development Tool

Network Perimeter Security - Firewalls

Email Security

Security Awareness Training

Network Security, Monitoring & Patching

Cloud Based Backup & Recovery

Backup Tape Vaulting & Rotation Services

Air Gapping as a Service

Data Archiving

Data Destruction Services

Security Operations Center (SOC)

Data Storage and Media Updating

Server & Data Center Relocation Services

Breach Investigation & Notification Services

Forensic & Legal Investigations

Contact LACyber

LACyber's main office is located at 155 Great Arrow, Buffalo New York. Our main office phone number is (716) 871-7040.

Location:

155 Great Arrow, Buffalo, NY 14207

Call:

+1 716 871-7040

Captcha: Enter the word "Security"
Loading
Your message has been sent. Thank you!