Current Active Threats


New White Rabbit Ransomware Linked to FIN8 Hacking Group
Date: 2022-01-20

A new ransomware family called 'White Rabbit' appeared in the wild recently, and according to recent research findings, could be a side-operation of the FIN8 hacking group. FIN8 is a financially motivated actor who has been spotted targeting financial organizations for several years, primarily by deploying POS malware that can steal credit card details” (Bleeping Computer, 2022). Researchers from TrendMicro analyzed a sample of White Rabbit obtained from an attack on a US bank back in December of 2021. The ransomware executable is a small 100 KB file that requires a password to be entered, a technique also used by other ransomware strains including Egregor, MegaCortex, and SamSam.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Ransomware: 2,300+ Local Governments, Schools, Healthcare Providers Impacted in 2021
Date: 2022-01-20

More than 2,300 local governments, schools, and healthcare organizations in the US were affected by ransomware attacks in 2021, according to a new report from security company Emsisoft. The company found that at least 77 state and municipal governments, 1,043 schools, and 1,203 healthcare providers were impacted by a ransomware incident last year. The attacks also led to 118 data breaches, exposing troves of sensitive information

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Joint Law Enforcement Action Takes Down VPN Service
Date: 2022-01-20

An international law enforcement collaboration has targeted the users and infrastructure of VPNLab.net, rendering it no longer available. The action was taken in response to the use of the VPN provider’s service to support cybercrime activities, including ransomware deployment” (Info Security Magazine, 2022). A total of 10 national law enforcement agencies coordinated the takedown, including those from Germany, the Netherlands, Canada, the Czech Republic, France, Hungary, Latvia, Ukraine, the US and the UK. The seizure led to the disruption of 15 servers hosted by VPNLab[.]net. VPNLab was a popular service used by cybercriminals to set up infrastructure and communications for ransomware campaigns. In many cases the service was being advertised on the dark web. During their investigation, law enforcement identifies over 100 businesses at risk of cyber attacks, they are working with impacted organizations to mitigate their risks.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Office 365 Phishing Attack Impersonates the US Department of Labor
Date: 2022-01-20

A new phishing campaign impersonating the United States Department of Labor asks recipients to submit bids to steal Office 365 credentials. The phishing campaign has been ongoing for at least a couple of months and utilizes over ten different phishing sites impersonating the government agency. The emails are sent from spoofed domains that look as if they came from the actual Department of Labor (DoL) site, while some are based on a set of newly created look-alike domains such as: dol-gov[.]com dol-gov[.]us bids-dolgov[.]us Most of the emails pass through abused servers owned by non-profit organizations to evade email security blocks.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

New Moonbounce UEFI Malware Used by APT41 in Targeted Attacks
Date: 2022-01-20

Security analysts have discovered and linked MoonBounce, "the most advanced" UEFI firmware implant found in the wild so far, to the Chinese-speaking APT41 hacker group (also known as Winnti). APT41 is a notorious hacking group that has been active for at least a decade and is primarily known for its stealthy cyber-espionage operations against high-profile organizations from various industry sectors.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

UEFI Malware Used by APT41 in Targeted Attacks
Date: 2022-01-20

BIOS and UEFI attacks are not new by any means, but APT41 (also known as Winnti), a Russian state-sponsored cybercriminal group, according to security experts, has created the most devastating and complex version to date. Moonbounce implants malware on the SPI Flash memory of a computer's mother or logic board, also known as flash storage. This type of memory is embedded in storage and data transfers in portable devices, including phones, tablets, media players, and industrial machines like security systems and medical products. Flash storage is volatile, which means that it can be electrically erased and reprogrammed, and data stored on them is not lost when power is turned off.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Defending Users’ NAS Devices From Evolving Threats
Date: 2022-01-20

Threats to the internet of things (IoT) continue to evolve as users and businesses grow increasingly reliant on these tools for constant connectivity, access to information and data, and workflow continuity. Cybercriminals have taken notice of this dependence and now regularly update their known tools and routines to include network-attached storage (NAS) devices to their list of targets, knowing full well that users rely on these devices for storing and backing up files in both modern homes and businesses. More importantly, cybercriminals are aware that these tools hold valuable information and have only minimal security measures.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

SolarWinds Serv-U Bug Exploited for Log4j Attacks
Date: 2022-01-20

While exploitation of this vulnerability remains highly limited, it could be adopted by other threat actors. While I would normally rank this as a low severity incident, the popularity of Serv-U should be taken into consideration, hence, I would treat this as Medium. There is still some disagreement about the exploitation Microsoft observed, we will continue to update on the situation.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

RRD Suffers Data Theft in a Conti Ransomware Attack
Date: 2022-01-20

R.R. Donnelley is a Fortune 500 integrated communications corporation based in the United States that offers marketing and business communications, commercial printing, and other associated services. The company’s corporate offices are in Chicago, Illinois, in the United States. R.R. Donnelley was the world’s largest commercial printer in 2007.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Red Cross Suffers Massive Cyber Attack
Date: 2022-01-20

The international humanitarian organization Red Cross announced yesterday that it had been the victim of a massive cyberattack that resulted in the theft of confidential information for over 515,000 “very vulnerable people” participating in the “Restoring Family Links” program.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Former DHS Official Charged with Stealing Govt Employees' PII
Date: 2022-01-19

A former Department of Homeland Security acting inspector general pleaded guilty today to stealing confidential and proprietary software and sensitive databases from the US government containing employees' personal identifying information (PII). 61-year-old Charles Kumar Edwards coordinated the scheme while working for DHS-OIG (Department of Homeland Security, Office of Inspector General) as an employee and acting IG between February 2008 and December 2013.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

FCC Wants New Data Breach Reporting Rules for Telecom Carriers
Date: 2022-01-14

The Federal Communications Commission (FCC) has proposed more rigorous data breach reporting requirements for telecom carriers in response to breaches that recently hit the telecommunications industry. On Wednesday, Chairwoman Jessica Rosenworcel shared the proposal in the form of a Notice of Proposed Rulemaking (NPRM), the first step in changing the FCC's rules for alerting federal agencies and customers of data breaches.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

A 'Massive' Hacking Attack Has Hit Government Websites in Ukraine
Date: 2022-01-14

A 'massive' cyberattack has taken down several government websites in Ukraine, including the Ukrainian Foreign Ministry and the Ministry of Education and Science. The cyberattack occurred overnight on Thursday and Friday morning, and it took down more than a dozen official websites, disrupting government work and raising questions about whether Russia was signaling that a new offensive against Ukraine was getting underway. A statement by Ukranian police says cyber attackers left "provocative messages" on the main pages of government websites, which have been taken offline – but no personal data has been altered or stolen.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Cisco Releases Patch for Critical Bug Affecting Unified CCMP and Unified CCDM
Date: 2022-01-14

Cisco Systems has rolled out security updates for a critical security vulnerability affecting Unified Contact Center Management Portal (Unified CCMP) and Unified Contact Center Domain Manager (Unified CCDM) that could be exploited by a remote attacker to take control of an affected system. Tracked as CVE-2022-20658, the vulnerability has been rated 9.6 in severity on the CVSS scoring system, and concerns a privilege escalation flaw arising out of a lack of server-side validation of user permissions that could be weaponized to create rogue Administrator accounts by submitting a crafted HTTP request.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Free Unofficial Patch for Windows ‘RemotePotato0’ Now Available
Date: 2022-01-14

The privilege escalation flaw was discovered by an expert from Sentinel LABS, by his name Antonio Cocomazzi together with Andrea Pierini, an independent researcher. They named it RemotePotato0 and disclosed it during the month of April last year. An unofficial patch was released for a privilege escalation vulnerability that has an impact on all versions of Windows after Microsoft tagged its status as “won’t fix”. The flaw is located in the Windows RPC Protocol and was dubbed RemotePotato0 by security researchers. If successfully exploited, threat actors could perform an NTLM relay attack that will give them domain admin privileges.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

US Links MuddyWater Hacking Group to Iranian Intelligence Agency
Date: 2022-01-14

US Cyber Command (USCYBERCOM) has officially linked the Iranian-backed MuddyWatter hacking group to Iran's Ministry of Intelligence and Security (MOIS). MOIS is the Iran government's leading intelligence agency, tasked with coordinating the country's intelligence and counterintelligence, as well as covert actions supporting the Islamic regime's goals beyond Iran's borders.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

KCodes NetUSB Flaw Impacts Millions of SOHO Routers
Date: 2022-01-14

Cybersecurity researchers from SentinelOne have discovered a critical vulnerability (CVE-2021-45608) in KCodes NetUSB component that is present in millions of end-user routers from different vendors, including Netgear, TP-Link, Tenda, EDiMAX, D-Link, and Western Digital.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Jail’s Inability to Deal With Cyberattack Could Violate the Constitutional Rights of Inmates
Date: 2022-01-14

A prison in New Mexico had an unplanned lockdown due to a ransomware attack. As reported by Source NM, the Metropolitan Detention Center in Bernalillo County, New Mexico, went into lockdown on January 5, 2022, after cyberattackers infiltrated Bernalillo County systems and deployed malware. Inmates were made to stay in their cells as the ransomware outbreak reportedly not only knocked out the establishment's internet but also locked staff out of data management servers and security camera networks.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Microsoft RDP Bug Enables Data Theft, Smart-Card Hijacking
Date: 2022-01-14

Microsoft Windows systems going back to at least Windows Server 2012 R2 are affected by a vulnerability in the Remote Desktop Services protocol that gives attackers, connected to a remote system via RDP, a way to gain file system access on the machines of other connected users. Threat actors that exploit the flaw can view and modify clipboard data or impersonate the identities of other users logged in to the machine in order to escalate privileges or to move laterally on the network, researchers from CyberArk discovered recently. They reported the issue to Microsoft, which issued a patch for the flaw (CVE-2022-21893) in its security update for January this Tuesday.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

First Patch Tuesday of 2022 Brings Fix for a Critical 'Wormable' Windows Vulnerability
Date: 2022-01-12

Of the 96 vulnerabilities, nine are rated Critical and 89 are rated Important in severity, with six zero-day publicly known at the time of the release. This is in addition to 29 issues patched in Microsoft Edge on January 6, 2022. None of the disclosed bugs are listed as under attack. The patches cover a swath of the computing giant's portfolio, including Microsoft Windows and Windows Components, Exchange Server, Microsoft Office and Office Components, SharePoint Server, .NET Framework, Microsoft Dynamics, Open-Source Software, Windows Hyper-V, Windows Defender, and Windows Remote Desktop Protocol (RDP)

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

KCodes NetUSB Kernel Remote Code Execution Flaw Impacts Millions of Devices
Date: 2022-01-11

A high-impact vulnerability allowing remote code execution to take place has impacted millions of end-user router devices. On Tuesday, SentinelOne published an analysis of the bug, tracked as CVE-2021-45388 and deemed critical by the research team. The vulnerability impacts the KCodes NetUSB kernel module. KCodes solutions are licensed by numerous hardware vendors to provide USB over IP functionality in products including routers, printers, and flash storage devices.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Extortion DDoS Attacks Grow Stronger And More Common
Date: 2022-01-11

In the fourth quarter of last year, about a quarter of Cloudflare's customers that were the target of a DDoS attack said that they received a ransom note from the perpetrator. A large portion of these attacks occurred in December 2021, when almost a third of Cloudflare customers reported receiving a ransom letter. By comparison with the previous month, the number of reported DDoS ransom attacks was double, Cloudflare says in a blog post today.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Four Million Outdated log4j Downloads Were Served from Apache Maven Central
Date: 2022-01-11

There have been millions of downloads of outdated, vulnerable Log4j versions despite the emergence of a serious security hole in December 2021, according to figures compiled by the firm that runs Apache Maven's Central Repository. That company, Sonatype, said it had seen four million downloads of exploitable Log4j versions from the repository alone between 10 December and the present day, out of a total of more than 10 million downloads over those past four weeks.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Extortion DDoS Attacks Grow Stronger and More Common
Date: 2022-01-11

AvosLocker is the latest ransomware gang that has added support for encrypting Linux systems to its recent malware variants, specifically targeting VMware ESXi virtual machines.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure
Date: 2022-01-11

CISA, the FBI, and NSA encourage the cybersecurity community—especially critical infrastructure network defenders—to adopt a heightened state of awareness and to conduct proactive threat hunting, as outlined in the Detection section. Additionally, CISA, the FBI, and NSA strongly urge network defenders to implement the recommendations listed below and detailed in the Mitigations section. These mitigations will help organizations improve their functional resilience by reducing the risk of compromise or severe business degradation.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

If Hackers Are Exploiting the log4j Flaw, CISA Says We Might Not Know Yet
Date: 2022-01-11

Federal officials cautioned Monday that, while the widespread Log4j vulnerability hasn’t led to any major known intrusions in the U.S., there could be a “lag” between when the flaw became known, and when attackers exploit it. Cybersecurity and Infrastructure Security Agency Director Jen Easterly said that there were months between the discovery of the vulnerability that led to the 2017 Equifax breach, which exposed the personal information of nearly 150 million Americans, and word of the breach itself, invoking one of the most notable hacks in history.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

US NCSC and DoS Share Best Practices Against Surveillance Tools
Date: 2022-01-10

The US National Counterintelligence and Security Center (NCSC) and the Department of State have published joint guidance that provides best practices on defending against attacks carried out by threat actors using commercial surveillance tools. In the last few years, we have reported several cases of companies selling commercial surveillance tools to governments and other entities that have used them for malicious purposes

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

SonicWall Email Security and Firewall Products Impacted by the Y2K22 Vulnerability
Date: 2022-01-10

Last week, Internet appliances provider SonicWall revealed that the Y2K22 weakness has affected several of its email security and firewall products, leading to message log updates and junk box malfunctions starting January 1st, 2022. Although SonicWall didn’t give any details on what is causing the Y2K22 vulnerability in its security solutions, the tech company is not the only one dealing with this problem.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Researchers Find Bugs in Over A Dozen Widely Used URL Parser Libraries
Date: 2022-01-10

In a deep-dive analysis jointly conducted by cybersecurity firms Claroty and Synk, eight security vulnerabilities were identified in as many third-party libraries written in C, JavaScript, PHP, Python, and Ruby languages and used by several web applications. With URLs being a fundamental mechanism by which resources — located either locally or on the web — can be requested and retrieved, differences in how the parsing libraries interpret a URL request could pose significant risk for users.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Chinese Scientist Pleads Guilty to Stealing US Agricultural Tech
Date: 2022-01-07

A Chinese national has pleaded guilty to the theft of agricultural secrets from the US, intended to reach the hands of scientists across the pond. Xiang Haitao, formerly living in Chesterfield, Missouri, assumed a post at Monsanto and its subsidiary, The Climate Corporation, between 2008 and 2017, the US Department of Justice (DoJ) said on Thursday. Monsanto and The Climate Corporation developed an online platform for farmers to manage field and yield information in a bid to improve land productivity. One aspect of this technology was an algorithm called the Nutrient Optimizer, which US prosecutors say was considered "a valuable trade secret and their intellectual property

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Night Sky, A New Ransomware Operation in the Threat Landscape
Date: 2022-01-07

Researchers from MalwareHunterteam first spotted a new ransomware family dubbed Night Sky that implements a double extortion model in attacks aimed at businesses. Once encrypted a file, the ransomware appends the ‘.nightsky‘ extension to encrypted file names. The ransomware gang started its operations on December 27, 2021, and has already hacked the corporate networks of two organizations from Bangladesh and Japan respectively. The gang has also set up a leak site on the Tor network where it will publish files stolen to the victims that will not pay the ransom.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

New Mexico's Bernalillo County Investigates Ransomware Attack
Date: 2022-01-07

Bernalillo County is the most populous in New Mexico and includes the cities of Albuquerque, Los Ranchos, and Tijeras. Officials report the disruption likely occurred between midnight and 5:30 a.m. on Jan. 5. They have taken affected systems offline and severed network connections, as well as notified county system vendors, which are working to solve the issue and restore system functionality.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

QNAP Warns of Ransomware Targeting Internet-Exposed NAS Devices
Date: 2022-01-07

QNAP has warned customers today to secure Internet-exposed network-attached storage (NAS) devices immediately from ongoing ransomware and brute-force attacks. If your organization's NAS is exposed to the Internet it is likely to be targeted if the following text is displayed on the software’s dashboard, “The System Administration service can be directly accessible from an external IP address via the following protocols: HTTP

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

NHS Warns of Hackers Exploiting Log4shell in VMware Horizon
Date: 2022-01-07

VMware Horizon supports local, hybrid (local but managed in the cloud) and multi-cloud deployment strategies. End users can access custom virtual desktops or remote RDSH applications from company laptops, home PCs, Mac computers, thin clients, or mobile devices.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Have I Been Pwned Warns of Datpiff Data Breach Impacting Millions
Date: 2022-01-07

DatPiff is a popular mixtape hosting service used by over 15 million users, allowing unregistered users to download or upload samples for free. The cracked passwords for almost 7.5 million members are being sold online, and users can check if they are part of the data breach through the Have I Been Pwned notification service.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Phishing Campaign Leverages Covid-Induced Adjustments to Banking Practices
Date: 2022-01-07

This is another example of attackers leveraging covid and a well-designed phishing page to launch a dangerous campaign. Covid-themed phishing emails have convinced users to relinquish valuable credentials throughout the last year. Phish impersonating major banking firms have been around for some time, but they constantly evolve. The pandemic is continuing to affect the lives of everyone in the world, and threat actors are attempting to hook their targets by relying on changes in banking practices related to the pandemic.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

New Mac Malware Samples Underscore Growing Threat
Date: 2022-01-07

For the sixth year in a row, security researcher Patrick Wardle has released a list of all the new Mac malware threats that emerged over the course of a year. For each malware sample, Wardle identified the malware's infection vector, installation and persistence mechanisms, and other features, such as the purpose of the malware. A sample of each new Mac malware sample that surfaced last year is available on his website

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

FTC Warns Companies to Secure Consumer Data from Log4J Attacks
Date: 2022-01-05

The US Federal Trade Commission (FTC) has warned today that it will go after any US company that fails to protect its customers' data against ongoing Log4J attacks."The FTC intends to use its full legal authority to pursue companies that fail to take reasonable steps to protect consumer data from exposure as a result of Log4j, or similar known vulnerabilities in the future," the US government agency said

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Microsoft Code-sign Check Bypassed to Drop Zloader Malware
Date: 2022-01-05

A new Zloader campaign exploits Microsoft's digital signature verification to deploy malware payloads and steal user credentials from thousands of victims from 111 countries. The campaign orchestrated by a threat group known as MalSmoke appears to have started in November 2021, and it's still going strong, according to Check Point researchers who have spotted it

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Researchers Used Electromagnetic Signals to Classify Malware Infecting IoT Devices
Date: 2022-01-05

A team of academics (Duy-Phuc Pham, Damien Marion, Matthieu Mastio and Annelie Heuser) from the Research Institute of Computer Science and Random Systems (IRISA) have devised a new approach that analyzes electromagnetic field emanations from the Internet of Things (IoT) devices to detect highly evasive malware. The team of experts presented their technique at the Annual Computer Security Applications Conference (ACSAC) that took place in December

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

This iOS 15 Bug Could Crash Your iPhone Permanently
Date: 2022-01-05

A security researcher has publicly disclosed a bug present in iOS 15.2 (and going back to iOS 14.7 and possibly earlier) relating to HomeKit that could be used to permanently crash an iPhone. Trevor Spiniolas found that by changing the name of a HomeKit device to a large string (Spiniolas used 500,000 characters for the testing), this would crash the associated iPhone

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Elephant Beetle’ Spends Months in Victim Networks to Divert Transactions
Date: 2022-01-05

A financially-motivated actor dubbed 'Elephant Beetle' is stealing millions of dollars from organizations worldwide using an arsenal of over 80 unique tools and scripts. The group is very sophisticated and patient, spending months studying the victim's environment and financial transaction processes, and only then moves to exploit flaws in the operation

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Monopoly market potentially exit scamming
Date: 2022-01-05

The decentralised darknet market, Monopoly, appears to be exit scamming. Monopoly has been open for two years and had gained a reputation for being stable. This was in large part due to its unique method of vendor verification which was believed to keep vendor scamming to a minimum.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Log4j Highlights Need for Better Handle on Software Dependencies
Date: 2022-01-04

Security experts learned a lot from the fallout of Log4Shell. Most importantly, the incident highlighted the need for organizations to “understand and manage” what code is running within their software environments. Software dependencies exist in just about every enterprise product, when flaws emerge in these dependencies, organizations are left scrambling for fixes. Third party dependencies are essential in creating modern day programs as programmers do not have to reinvent the wheel every time a new product or application is developed. By mixing and matching existing libraries and packages, software developers can build new applications more efficiently.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

UK Defence Academy Attack Forced IT Rebuild – Report
Date: 2022-01-04

A possible nation-state attack on the UK’s primary defense training facility last year forced the academy to rebuild its IT infrastructure, according to a former senior officer. “Air marshal Edward Stringer served as director-general of joint force development and of the UK Defence Academy before recently retiring. The academy trains nearly 30,000 UK armed forces personnel annually, alongside civil servants and military staff from other nations. However, it was caught out by a cyber-attack last March, which had “significant” operational consequences, Stringer told Sky News

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Broward Health Suffered a Data Breach that Impacted +1.3 Million People
Date: 2022-01-04

The Broward Health public health system has suffered a data breach that impacted 1,357,879 individuals. Broward Health, formally the North Broward Hospital District, is one of the 10 largest public health systems in the U.S. Located in Broward County, Florida, Broward Health currently operates more than 30 healthcare facilities

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Why the UK’s Energy Sector is Fragile and Ripe to Cyber Attacks
Date: 2022-01-04

For the first time in a generation, the UK is in the middle of an unprecedented supply chain crisis, and in recent weeks, we have seen very clearly the immediate and far-reaching impacts of it. Whether it’s the shortage of truck drivers prompting panic-buying at fuel stations that required military intervention, or the ramp up of materials and goods stockpiling UK businesses are doing to cope with shortages during the festive season, never has the UK’s supply chain system been stretched so thin. There are real fears this could rip through an economy that has only just started recovering from COVID-19

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Purple Fox Malware Distributed via Malicious Telegram Installers
Date: 2022-01-04

A malicious Telegram for Desktop installer distributes the Purple Fox malware to install further malicious payloads on infected devices. The installer is a compiled AutoIt script named "Telegram Desktop.exe" that drops two files, an actual Telegram installer, and a malicious downloader. While the legitimate Telegram installer dropped alongside the downloader isn't executed, the AutoIT program does run the downloader.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Don't Copy-paste Commands from Webpages — You Can Get Hacked
Date: 2022-01-03

Programmers, sysadmins, security researchers, and tech hobbyists copying-pasting commands from web pages into a console or terminal are warned they risk having their system compromised. A technologist demonstrates a simple trick that'll make you think twice before copying and pasting text from web pages” (Bleeping Computer, 2022). Recently, Gabriel Friedlander, founder of security awareness training platform Wizer demonstrated an obvious yet surprising hack that'll make you cautious of copying-pasting commands from web pages. It isn't unusual for novice and skilled developers alike to copy commonly used commands from a webpage (StackOverflow) and paste them into their applications, a Windows command prompt or a Linux terminal.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Microsoft Rolled Out Emergency Fix for Y2k22 Bug in Exchange Servers
Date: 2022-01-03

Microsoft has rolled out an emergency fix that addresses the Y2k22 bug that is breaking email delivery on on-premise Microsoft Exchange servers since January 1st, 2022. We have addressed the issue causing messages to be stuck in transport queues of on-premises Exchange Server 2016 and Exchange Server 2019. The problem relates to a date check failure with the change of the new year and it is not a failure of the AV engine itself. This is not an issue with malware scanning or the malware engine, and it is not a security-related issue.” reads the post published by Microsoft. “The version checking performed against the signature file is causing the malware engine to crash, resulting in messages being stuck in transport queues

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

UK Security Agency Shares 225M Passwords With 'Have I Been Pwned'
Date: 2022-01-03

The UK's National Crime Agency (NCA) and National Cyber Crime Unit (NCCU) have contributed 225 million new compromised emails and associated passwords with Have I Been Pwned (HIBP), a free service that tracks stolen credentials so people can know if theirs have been breached. During recent NCA operations, the NCCU's Mitigation@Scale team identified more than 585.5 million potentially compromised credentials (emails and associated passwords), which were in a compromised cloud storage facility. In a statement on HIBP, the NCA says analysis revealed the credentials represented an accumulation of known and unknown datasets

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Aquatic Panda Infiltrated Academic Institution Through Log4j Vulnerability, Says CrowdStrike
Date: 2022-01-03

Cybersecurity company CrowdStrike has discovered an attempt by a China-based group to infiltrate an academic institution through the Log4j vulnerability. CrowdStrike called the group "Aquatic Panda" and said it is an "intrusion adversary with a dual mission of intelligence collection and industrial espionage" that has operated since at least May 2020

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

North Korea-linked Threat Actors Stole $1.7 Billion from Cryptocurrency Exchanges
Date: 2022-01-03

North Korea-linked APT groups are suspected to be behind some of the largest cyberattacks against cryptocurrency exchanges. According to South Korean media outlet Chosun, North Korean threat actors have stolen around $1.7 billion (2 trillion won) worth of cryptocurrency from multiple exchanges during the past five years

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

3 Reasons Why You Should Fuzz Your Christmas Tree
Date: 2021-12-23

Christmas trees are often decorated with smart lights that are connected to Wi-Fi. Vulnerabilities in such hardware can be an entry point for attackers who want to hack Christmas. How easily such vulnerabilities can be exploited became clear in a 2018 study, in which security researchers managed to completely shut down Christmas decorations remotely. In other instances, IoT devices were hacked over the cloud and even set on fire.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Logistics Giant Warns of Scams Following Ransomware Attack
Date: 2021-12-23

Hellmann is one of the largest international logistics providers. Founded in 1871, it handles 16 million shipments per year by air, sea, road, and rail, and is active in 173 countries. The logistics giant s has issued a warning that data was stolen from the company when it was hit with a ransomware attack on December 9, 2021. It is not entirely clear what type of data was extracted, but the company says it is warning partners and customers to double check their communications with it, as a precaution. Criminals could use the leaked data to make social engineering attacks more believable, so Hellmann is asking people that do business with it to look out for fraudulent mails and calls.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Apache’s New Security Update for HTTP Server Fixes Two Flaws
Date: 2021-12-23

Apache HTTP Server is the second most widely used web server on the internet behind Nginx, according to W3Techs, which estimates it's used by 31.4% of the world's websites. UK security firm Netcraft estimates 283 million websites used Apache HTTP Server in December 2021, representing 24% of all web servers. The Apache Software Foundation has released an update to address a critical flaw in its hugely popular web server that allows remote attackers to take control of a vulnerable system.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Alibaba Suffers Government Crackdown Over Log4j
Date: 2021-12-23

Chinese tech giant Alibaba has reportedly been shunned by China’s top tech regulator for failing to report the infamous Log4j vulnerability quickly enough. Local media claimed that the firm’s Alibaba Cloud business, which has a large team of security researchers, failed to report the issue to the Ministry of Industry and Information Technology (MIIT)

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Crooks Bypass a Microsoft Office Patch for CVE-2021-40444 to Spread Formbook Malware
Date: 2021-12-23

Cybercriminals have found a way to bypass the patch for a recent Microsoft Office vulnerability tracked as CVE-2021-40444 (CVSS score of 8.8). The bad news is that threat actors are using it to distribute the Formbook malware.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Russia and Ukraine: avoiding war
Date: 2021-12-23

As 2021 draws to a close, there are increasing fears around the world that Russia is planning to invade Ukraine in an effort to prevent its former ally from moving further towards the West and possibly even joining the NATO military alliance. The tensions between these two former Soviet states are now at a critical point, with the potential to evolve into further, more widespread conflict between Russia and the West.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

The Pysa Ransomware Strain Just Started Targeting Lots More Businesses
Date: 2021-12-22

The relatively new Pysa ransomware was the dominant strain behind file-encrypting attacks in November and saw a 400% rise in attacks on government organizations, according to an analysis by security company NCC Group. Pysa is one of the ransomware gangs utilizing double extortion to pressure victims to pay an extortion demand and dump leaks from 50 previously compromised organizations last month. Overall in November, the number of Pysa attacks increased 50%, which means it overtook Conti to join Lockbit in the top two most common versions of the malware. Conti and Lockbit have been the dominant strains since August, according to NCC Group.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Russian National Extradited to US for Trading on Stolen Information
Date: 2021-12-22

The Russian national Vladislav Klyushin (41) was extradited to the United States from Switzerland to face charges for his alleged role in a scheme whose participants traded on information stolen from U.S. companies. The man was arrested in Switzerland on March 21, 2021, along with four other accomplices he conspired to gain unauthorized access to computers and to commit wire fraud and securities fraud.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

New joint advisory from CISA, FBI, NSA, and the other Five Eyes (Australia, Canada, New Zealand, UK)
Date: 2021-12-22

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), National Security Agency (NSA), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), the Computer Emergency Response Team New Zealand (CERT NZ), the New Zealand National Cyber Security Centre (NZ NCSC), and the United Kingdom’s National Cyber Security Centre (NCSC-UK) are releasing this joint Cybersecurity Advisory (CSA) to provide mitigation guidance on addressing vulnerabilities in Apache’s Log4j software library: CVE-2021-44228 (known as “Log4Shell”), CVE-2021-45046, and CVE-2021-45105. Sophisticated cyber threat actors are actively scanning networks to potentially exploit Log4Shell, CVE-2021-45046, and CVE-2021-45105 in vulnerable systems. According to public reporting, Log4Shell and CVE-2021-45046 are being actively exploited. CISA, in collaboration with industry members of CISA’s Joint Cyber Defense Collaborative (JCDC), previously published guidance on Log4Shell for vendors and affected organizations in which CISA recommended that affected organizations immediately apply appropriate patches (or apply workarounds if unable to upgrade), conduct a security review, and report compromises to CISA or the FBI. CISA also issued an Emergency Directive directing U.S. federal civilian executive branch (FCEB) agencies to immediately mitigate Log4j vulnerabilities in solution stacks that accept data from the internet. This joint CSA expands on the previously published guidance by detailing steps that vendors and organizations with IT and/or cloud assets should take to reduce the risk posed by these vulnerabilities. These steps include:
  • Identifying assets affected by Log4Shell and other Log4j-related vulnerabilities,
  • Upgrading Log4j assets and affected products to the latest version as soon as patches are available and remaining alert to vendor software updates, and
  • Initiating hunt and incident response procedures to detect possible Log4Shell exploitation.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Four Bugs in Microsoft Teams Left Platform Vulnerable Since March
Date: 2021-12-22

Researchers from Positive Technologies, a leading global provider of enterprise security solutions for vulnerability and compliance management, incident and threat analysis, and application protection, discovered four vulnerabilities in Microsoft Teams that could be leveraged for various malicious purposes. Microsoft Teams is a collaboration tool that helps people working in different geographic locations work together online. For this reason, Team's usage of the platform has risen during the pandemic, making it an increasingly attractive target for threat actors.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

2easy Now a Significant Dark Web Marketplace for Stolen Data
Date: 2021-12-22

This particular dark web marketplace has grown significantly over the past few years; by automating processes, owners have increased sales volume and overall customer satisfaction. They have removed the one-on-one interaction with sellers and posters of stolen data altogether; anyone can create an account, add money to their wallet, and make purchases without interacting with the sellers directly.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Threat Actors Continue to Leverage Log4J
Date: 2021-12-21

The Conti ransomware gang, which became the first professional crimeware outfit to adopt and weaponize the Log4J Shell vulnerability last week, has built up a holistic attack chain. The sophisticated Russia-based Conti group – which Palo Alto Networks has called "one of the most ruthless" of dozens of ransomware groups currently known to be active – was in the right place at the right time with the right tools when Log4 Shell hit the scene 10 days ago, security firm Advanced Intelligence (AdvIntel) said in a report shared with Threatpost on Thursday.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

FBI: Hackers Are Actively Exploiting This Flaw on Manageengine Desktop Central Servers
Date: 2021-12-21

We received an alert from the FBI last Friday regarding a Zero-Day vulnerability in Zoho ManageEngine Desktop Central, CVE-2021-44515. ManageEngine is the enterprise IT management software division of Zoho, a company well known for its software-as-a-service products. The flaw affects Desktop Central software for both enterprise customers and the version for managed service provider (MSP) customers.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Alleged APT Implanted a Backdoor in the Network of a US Federal Agency
Date: 2021-12-20

Experts spotted a backdoor in the network of an unnamed U.S. federal government commission associated with international rights. The backdoor allowed the threat actors to achieve complete control over the infected networks; experts described the compromise as a “classic APT-type operation.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Third Log4J Bug Can Trigger DoS; Apache Issues Patch
Date: 2021-12-20

No, you’re not seeing triple: On Friday, Apache released yet another patch – version 2.17 – for yet another flaw in the ubiquitous log4j logging library, this time for a DoS bug. Trouble comes in threes, and this is the third one for log4j. The latest bug isn’t a variant of the Log4Shell remote-code execution (RCE) bug that’s plagued IT teams since Dec. 10, coming under active attack worldwide within hours of its public disclosure, spawning even nastier mutations and leading to the potential for denial-of-service (DoS) in Apache’s initial patch.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Ukrainian War Games Test Electricity Grid
Date: 2021-12-20

Hundreds of Ukrainian cyber experts have taken part in a large-scale incident response exercise against the country’s energy grid as geopolitical tensions with Russia continue to escalate. President Putin on Friday issued a series of security demands, including that NATO limits deployments of troops and weapons to Ukraine’s eastern border with Russia and that the country commits to never joining the military alliance. It warned of a military crisis in the region if its demands weren’t met. Russia has already massed 100,000 troops, alongside missiles and artillery, on its side of the border

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

A New Attack Vector Exploits the Log4Shell Vulnerability on Servers Locally
Date: 2021-12-20

Researchers from cybersecurity firm Blumira devised a new attack vector that relies on a Javascript WebSocket connection to exploit the Log4Shell vulnerability on internal and locally exposed unpatched Log4j applications. Experts pointed out that this new attack vector significantly expands the attack surface and can impact services even running as localhost which were not exposed to any network.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

APT Actors Exploiting Newly-Identified Zero Day in ManageEngine Desktop Central
Date: 2021-12-17

APT Actors Exploiting Newly-Identified Zero Day in ManageEngine Desktop Central Summary Since at least late October 2021, APT actors have been actively exploiting a zero-day, now identified as CVE-2021-44515, on ManageEngine Desktop Central servers. The APT actors were observed compromising Desktop Central servers, dropping a webshell that overrides a legitimate function of Desktop Central, downloading post-exploitation tools, enumerating domain users and groups, conducting network reconnaissance, attempting lateral movement and dumping credentials.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Conti Ransomware Leverages log4j Bug to Exploit VMWare vCenter Servers
Date: 2021-12-17

The Conti ransomware operation uses the critical Log4 Shell exploit to gain rapid access to internal VMware vCenter Server instances and encrypt virtual machines. The group did not waste much time adopting the new attack vector and is the first "top-tier" operation known to weaponize the Log4j vulnerability.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Holiday White House Letter Emphasizes the Importance of a Sense Heightened Security
Date: 2021-12-16

The holidays are an opportunity to spend time with our loved ones and enjoy some well-earned rest. Unfortunately, malicious cyber actors are not taking a holiday – and they can ruin ours if we’re not prepared and protected. Historically we have seen breaches around national holidays because criminals know that security operations centers are often short-staffed, delaying the discovery of intrusions. Beyond the holidays, though, we’ve experienced numerous recent events that highlight the strategic risks we all face because of the fragility of digital infrastructure and the ever- present threat of those who would use it for malicious purposes.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Hackers Begin Exploiting Second Log4j Vulnerability as a Third Flaw Emerges
Date: 2021-12-16

Microsoft and Cloudflare on Wednesday revealed that threat actors are actively attempting to exploit the Log4j vulnerabilities, "MSTIC has observed PHOSPHORUS, an Iranian actor that has been deploying ransomware, acquiring and making modifications of the Log4j exploit. We assess that PHOSPHORUS has operationalized these modifications. In addition, HAFNIUM, a threat actor group operating out of China, has been observed utilizing the vulnerability to attack virtualization infrastructure to extend their specific targeting. In these attacks, HAFNIUM-associated systems were observed using a DNS service typically associated with the testing activity to fingerprint systems.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Log4j Flaw: Now State-Backed Hackers Are Using Bugs as Part of Attacks, Warns Microsoft
Date: 2021-12-15

State-sponsored hackers from China, Iran, North Korea and Turkey have started testing, exploiting and using the Log4j bug to deploy malware, including ransomware, according to Microsoft. As predicted by officials at the US Cybersecurity and Infrastructure Security Agency (CISA), more sophisticated attackers have now started exploiting the so-called Log4Shell bug (CVE-2021-44228), which affects devices and applications running vulnerable versions of the Log4j Java library. It's a potent flaw that allows remote attackers to take over a device after compromise.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

CISA: Immediate Steps to Strengthen Critical Infrastructure against Potential Cyberattacks
Date: 2021-12-15

In the lead up to the holidays and in light of persistent and ongoing cyber threats, CISA urges critical infrastructure owners and operators to take immediate steps to strengthen their computer network defenses against potential malicious cyber attacks. Sophisticated threat actors, including nation-states and their proxies, have demonstrated capabilities to compromise networks and develop long-term persistence mechanisms. These actors have also demonstrated capability to leverage this access for targeted operations against critical infrastructure with potential to disrupt National Critical Functions.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Billion-dollar Natural Gas Supplier Superior Plus Hit with Ransomware
Date: 2021-12-15

Major natural gas supplier Superior Plus announced on Tuesday that it is suffering from a ransomware attack. The billion-dollar propane seller said the incident started on December 12 but did not answer questions about which ransomware group was behind the attack or which systems were affected.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Adobe Addresses over 60 Vulnerabilities in Multiple Products
Date: 2021-12-15

Adobe has issued critical warnings for more than 60 vulnerabilities in multiple products running on Windows and macOS machines. The vulnerabilities can be exploited by threat actors for code execution, privilege escalation and denial-of-service attacks.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Second log4j Vulnerability Discovered, Patch to version 2.16
Date: 2021-12-15

A second vulnerability involving Apache Log4j was found on Tuesday after cybersecurity experts spent days attempting to patch or mitigate CVE-2021-44228. The description of the new vulnerability, CVE 2021-45046, says the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was "incomplete in certain non-default configurations." "This could allow attackers... to craft malicious input data using a JNDI Lookup pattern resulting in a denial of service (DOS) attack," the CVE description says.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Google Fixed the 17th Zero-day in Chrome Since the Start of the Year
Date: 2021-12-14

Google released security updates to address five vulnerabilities in the Chrome web browser, including a high-severity zero-day flaw, tracked as CVE-2021-4102, exploited in the wild.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Phishing Campaign Uses PowerPoint Macros to Drop Agent Tesla
Date: 2021-12-14

A new variant of the Agent Tesla malware has been spotted in an ongoing phishing campaign that relies on Microsoft PowerPoint documents laced with malicious macro code.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

‘Seedworm’ Attackers Target Telcos in Asia, Middle East
Date: 2021-12-14

Attackers targeting telcos across the Middle East and Asia for the past six months are linked to Iranian state-sponsored hackers, according to researchers. The cyberespionage campaigns leverage a potent cocktail of spear phishing, known malware and legitimate network utilities that are leveraged to steal data and potentially disrupt supply-chains.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Hackers Exploit Log4j Vulnerability to Infect Computers with Khonsari Ransomware
Date: 2021-12-14

Romanian cybersecurity technology company Bitdefender on Monday revealed that attempts are being made to target Windows machines with a novel ransomware family called Khonsari as well as a remote access Trojan named Orcus by exploiting the recently disclosed critical Log4j vulnerability. The attack leverages the remote code execution flaw to download an additional payload, a .NET binary, from a remote server that encrypts all the files with the extension ".khonsari" and displays a ransom note that urges the victims to make a Bitcoin payment in exchange for recovering access to the files.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Western Digital Sandisk Secureaccess Flaws Allow Brute Force and Dictionary Attacks
Date: 2021-12-14

Western Digital has released updates for its SanDisk SecureAccess software to fix multiple vulnerabilities that can be exploited to access user data by carrying out brute force and dictionary attacks. The SanDisk SecureAccess software, now rebranded SanDisk PrivateAccess, allows storing and protecting critical and sensitive files on SanDisk USB flash drives. The access to the user's private vault is protected by a personal password, and all the files are automatically encrypted.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Kronos Ransomware Attack May Cause Weeks of HR Solutions Downtime
Date: 2021-12-14

Workforce management solutions provider Kronos has suffered a ransomware attack that will likely disrupt many of their cloud-based solutions for weeks. Kronos is a workforce management and human resources provider who provides cloud-based solutions for managing timekeeping, payroll, employee benefits, analytics, and more. In 2020, Kronos merged with Ultimate Software to create a new company named UKG.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Log4j Vulnerability Information
Date: 2021-12-13

We are starting up this thread and making it available to everyone, whether a member of the CompTIA ISAO or not, due to the widespread severity of this issue.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Apache Releases Log4j Version 2.15.0 to Address Critical RCE Vulnerability Under Exploitation
Date: 2021-12-10

The Apache Software Foundation has released a security advisory to address a remote code execution vulnerability (CVE-2021-44228) affecting Log4j versions 2.0-beta9 to 2.14.1. A remote attacker could exploit this vulnerability to take control of an affected system. Log4j is an open-source, Java-based logging utility widely used by enterprise applications and cloud services.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Researchers Explore Microsoft Outlook Phishing Techniques
Date: 2021-12-10

Some of the tools built into Outlook to boost productivity and collaboration could also make it easier to launch effective social engineering campaigns, researchers say.
In early December, researchers with Avanan discovered a way in which Outlook's features could be used to make an attacker appear more credible in a phishing or business email compromise (BEC) attack. Their attack started with a spoofed email. If an attacker had a private server, they could launch a domain impersonation attack with an email pretending to come from another sender

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Kali Linux 2021.4 Released with 9 New Tools, Further Apple m1 Support
Date: 2021-12-10

Kali Linux 2021.4 was released today by Offensive Security and includes further Apple M1 support, increased Samba compatibility, nine new tools, and an update for all three main desktops.
Kali Linux is a Linux distribution allowing cybersecurity professionals and ethical hackers to perform penetration testing and security audits against internal and remote networks. With this release, the Kali Linux Team introduces a bunch of new features, including: Apple M1 support for the VMware Fusion Public Tech Preview Wide compatibility is enabled for Samba Making it easier to switch to Cloudflare's package manager mirror Kaboxer updated with support for window themes and icon theme Updates to the Xfce, GNOME and KDE desktops Raspberry Pi Zero 2 W + USBArmory MkII ARM images Nine more tools

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

CISA Releases Advisory on Five Apache HTTP Server Vulnerabilities Affecting Cisco Products
Date: 2021-12-10

“CISA has released a second advisory about several Apache HTTP server vulnerabilities. In November, Cisco sent out a notice about the vulnerabilities, explaining that the Apache Software Foundation disclosed five vulnerabilities affecting the Apache HTTP Server (httpd) 2.4.48 and earlier releases on September 16.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

A Zero-day Exploit for Log4j Java Library Could Have a Tsunami Impact on IT Giants
Date: 2021-12-10

Experts publicly disclose Proof-of-concept exploits for a critical remote code execution zero-day vulnerability, tracked a CVE-2021-44228 (aka Log4Shell), in the Apache Log4j Java-based logging library. The Chinese security researcher p0rz9 who publicly disclosed the PoC exploit code revealed that the CVE-2021-44228 can only be exploited if the log4j2.formatMsgNoLookups option is set to false.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

ALPHV BlackCat - This Year's Most Sophisticated Ransomware
Date: 2021-12-10

“The new ALPHV ransomware operation, aka BlackCat, launched last month and could be the most sophisticated ransomware of the year, with a highly-customizable feature set allowing for attacks on a wide range of corporate environments.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Vulnerability Alert: Elevated Ransomware Risk in Unpatched, EOL SonicWall SRA and SMA 8.x Products
Date: 2021-12-08

Mandiant (previously FireEye) and Sonicwall joined forces and discovered that ransomware actors are currently leveraging previously disclosed Sonicwall vulnerabilities to deploy ransomware on networks. As in the past, threat actors are actively targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life (EOL) 8.x firmware in and using stolen credentials.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Line Pay Leaks Data from Approximately 133,000 Users to Github of All Places
Date: 2021-12-08

LINE Pay, a smartphone payment provider, announced yesterday that between September and November of this year, approximately 133,000 users’ payment details were inadvertently published on GitHub. A research group employee accidentally uploaded files detailing participants in a LINE Pay promotional programme staged between late December 2020 and April 2021 to the collaborative coding crèche.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Was Threat Actor KAX17 De-anonymizing the Tor Network?
Date: 2021-12-08

A mysterious threat actor has run thousands of malicious servers in entry, middle, and exit positions of the Tor network. Tracked as KAX17, the threat actor ran at its peak more than 900 malicious servers part of the Tor network, which typically tends to hover around a daily total of up to 9,000-10,000. Servers added to the Tor network typically must have contact information included in their setup, such as an email address, so Tor network administrators and law enforcement can contact server operators in the case of a misconfiguration or file an abuse report.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Arrow RAT: new malware launched on darknet forums
Date: 2021-12-08

A new remote access Trojan (RAT) known as Arrow RAT has been promoted on the darknet forum XSS by the user Mega_Knight. According to @Mega_Knight, Arrow RAT contains numerous features that are typical of RATs. This includes: Keylogging, Registry modification, Extraction of passwords stored in browsers, Hide files or folders. Arrow RAT also contains a hidden virtual network computing (hVNC) module, enabling the attacker to launch a hidden virtual desktop on an infected device.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Sonicwall ‘Strongly Urges’ Customers to Patch Critical SMA 100 Bugs
Date: 2021-12-08

SonicWall 'strongly urges' organizations using SMA 100 series appliances to immediately patch them against multiple security flaws rated with CVSS scores ranging from medium to critical. The bugs (reported by Rapid7's Jake Baines and NCC Group's Richard Warren) impact SMA 200, 210, 400, 410, and 500v appliances even when the web application firewall (WAF) is enabled.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Canadian Indicted for Launching Ransomware Attacks on Orgs in US, Canada
Date: 2021-12-08

Officials from the Ontario Provincial Police held a press conference on Tuesday to announce the charges and Philbert's arrest in Ottawa. In a statement, US Attorney Bryan Wilson of the District of Alaska said Philbert "conspired with others known and unknown to the United States to damage computers, and in the course of that conspiracy did damage a computer belonging to the State of Alaska in April 2018." Wilson and Canadian officials noted that they received help in the case from Dutch authorities and Europol

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Emotet Directly Drops Cobalt Strike Beacons Without Intermediate Trojans
Date: 2021-12-07

Emotet malware now directly installs Cobalt Strike beacons to give the attackers immediate access to the target network and allow them to carry out malicious activities, such as launching ransomware attacks. In a classic attack chain, the Emotet malware would install the TrickBot or Qbot trojans on infected devices, which in turn would deploy Cobalt Strike on an infected system. Emotet research group Cryptolaemus recently noticed a switch in the tactics of Emotet operators, which now are directly installing Cobalt Strike beacons on infected devices without installing the above intermediate Trojans.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Unitrends Security Advisory
Date: 2021-12-07

Multiple vulnerabilities were recently reported to Unitrends and Kaseya within the Unitrends Recovery Series and Unitrends Agent Software. Unitrends and Kaseya gave high priority to these reports, as the company does with any report of a potential security issue, and has addressed the following vulnerabilities with the 10.5.5 software release.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

98% of orgs with Office 365 harbor malicious emails inside their mailboxes. Threats like ransomware, spear phishing, and account takeover put your organization and employees at significant risk. Find out what’s hiding in your inbox.


Via security assessment, we can quickly identify security gaps, patches and software updates that are out of date, then advise steps to fix.


Via short questionnaire, we'll help you determine whether weakness exist in the way you protect your confidential data. In a few minutes, we'll produce a comprehensive profile of strengths and vulnerabilities of your IT security. Let us show you where protections should be placed before those vulnerabilities are exploited.


LA-Cyber can directly submit suspicious URLs and files through the ISAO’s Cyber Forum for rapid analysis to determine if they are known or zero-day cybersecurity threats.



Suggested Pages

Readiness Pro: Privacy/Security Assessment & Policy Development Tool

Network Perimeter Security - Firewalls

Email Security

Security Awareness Training

Network Security, Monitoring & Patching

Cloud Based Backup & Recovery

Backup Tape Vaulting & Rotation Services

Air Gapping as a Service

Data Archiving

Data Destruction Services

Security Operations Center (SOC)

Data Storage and Media Updating

Server & Data Center Relocation Services

Breach Investigation & Notification Services

Forensic & Legal Investigations

Contact LACyber

LACyber's main office is located at 155 Great Arrow, Buffalo New York. Our main office phone number is (716) 871-7040.

Location:

155 Great Arrow, Buffalo, NY 14207

Call:

+1 716 871-7040

Loading
Your message has been sent. Thank you!