Current Active Threats
Russian Cybercrime Gang Targets Finance Firms With Stealthy Macros Date: 2021-10-15
The actors behind the campaign appear to be ‘TA505,’ an active Russian threat group that has a long history of creativity in the way they place Excel documents in malspam campaigns.
CISA Issues Warning On Cyber Threats Targeting Water and Wastewater Systems Date: 2021-10-15
The U.S. Cybersecurity Infrastructure and Security Agency (CISA) on Thursday warned of continued ransomware attacks aimed at disrupting water and wastewater facilities (WWS), highlighting five incidents that occurred between March 2019 and August 2021.
BlackByte: Free Decryptor Released for Ransomware Strain Summary Date: 2021-10-15
Security researchers were able to crack the malwares encryption algorithm and produce a decryptor victim organizations can use for file and system recovery, “Trustwave, a Chicago-based cybersecurity and managed security services provider owned by Singaporean telecommunications company Singtel Group Enterprise, on Friday announced the release of the free decryptor, available for download from GitHub
HP Wolf Report Highlights Widespread Exploitation of MSHTML, Typosquatting and Malware Families Host Date: 2021-10-15
HP released its latest Wolf Security Threat Insights Report, finding evidence that cybercriminals are moving even faster in taking advantage of zero-day vulnerabilities and exploiting specific problems like CVE-2021-40444 -- the remote code execution vulnerability targeting the MSHTML browser engine through Microsoft Office documents.
This Malware Botnet Gang Has Stolen Millions with a Surprisingly Simple Trick Date: 2021-10-15
A prominent botnet known as MyKings has made $24.7 million using it’s network of compromised computers to mine and steal cryptocurrency.
MyKings, also known as Smominru and Hexmen, is the world's largest botnet dedicated to mining cryptocurrencies by free-riding off its victims desktop and server CPUs. It's a lucrative business that gained attention in 2017 after infecting more than half a million Windows computers to mine about $2.3 million of Monero in a month.
Over 90% of Firms Suffered Supply Chain Breaches Last Year Date: 2021-10-15
Some 93% of global organizations have suffered a direct breach due to weaknesses in their supply chains over the past year, according to BlueVoyant.
BlueVoyant surveyed 1200 IT and procurement managers responsible for supply chain and cyber risk management. Their research found that the number of breaches experienced in the past 12 months grew from “2.7 in 2020 to 3.7 in 2021, a 37% increase.
Three More Ransomware Attacks hit Water and Wastewater Systems in 2021 Date: 2021-10-15
A joint cybersecurity advisory published today by the FBI, NSA, CISA, and the EPA revealed three more attacks launched by Ransomware gangs against US water and wastewater treatment facilities (WWS) this year.
The advisory marks the first time these attacks have been publicly disclosed. The three facilities hit by ransomware were located in Nevada, Maine, and California in March, July, and August respectively. The attacks were the result of compromised SCADA industrial control systems.
Chinese Hackers Use Windows Zero-day to Attack Defense, IT Firms Date: 2021-10-13
A Chinese speaking threat actor called IronHusky has been exploiting a zero-day vulnerability in the Windows Win32k driver to deploy a new remote access trojan (RAT). The RAT is called MysterySnail and was discovered by Kaspersky researchers in August and September of 2021 after being seen on multiple Microsoft servers. The researchers found an elevation of privilege exploit tracked as CVE-2021-40449 being used to install MysterySnail. The vulnerability was patched in this month’s Patch Tuesday.
Medium - Microsoft Mitigates Largest DDoS Date: 2021-10-13
Microsoft announced that its Azure cloud service mitigated a 2.4 terabytes per second (Tbps) DDoS attack at the end of August, it represents the largest DDoS attack recorded to date. The attack was aimed at an Azure customer in Europe, but Microsoft did not disclose the name of the victim. This is the largest DDoS against an Azure customer since August 2020 when experts observed a 1 Tbps attack
High - CISA Names 3 ‘Exceptionally Dangerous’ Behaviors to Avoid Date: 2021-10-13
CISA has released the most common three bad practices that can potentially expose organizations to cyber attacks. After reviewing them, they correlate directly to large-scale breaches that we typically see and share every week. Devices and infrastructure impacted by some of these misconfigurations or ‘bad-practices,’ per se, range from products and platforms that are both cloud-based or locally maintained on-prem.
Patch Apache HTTP Servers Now to Avoid Zero Day Exploit Date: 2021-10-06
CVE-2021-41773 is described as a path traversal flaw in version 2.4.49, which was itself only released a few weeks ago. An attacker could use a path traversal attack to map URLs to files outside the expected document root,” a description of the bug noted. “If files outside of the document root are not protected by ‘require all denied’ these requests can succeed. Additionally, this flaw could leak the source of interpreted files like CGI scripts.
New Python Ransomware Targets Virtual Machines, ESXi Hypervisors to Encrypt Disks Date: 2021-10-05
A new strain of Python-based malware has been used in a "sniper" campaign to achieve encryption on a corporate system in less than three hours. The attack, one of the fastest recorded by Sophos researchers, was achieved by operators who "precision-targeted the ESXi platform" in order to encrypt the virtual machines of the victim
Karakurt: potential new ransomware group emerges Date: 2021-09-30
According to its site, Karakurt is a “hacking team” that compromises an organisation's data and then extorts them for its return. It is unclear if Karakurt utilises ransomware or if it only steals data. Based on Karakrut's claims, organisations will be notified of the compromise, and will then have to choose whether to pay an unspecified fee or have their data leaked via the Karakurt site.
CISA releases Insider Risk Mitigation Self-Assessment Tool Date: 2021-09-30
The US Cybersecurity and Infrastructure Security Agency (CISA) has released the Insider Risk Mitigation Self-Assessment Tool, a new tool that allows organizations to assess their level of exposure to insider threats
Bandwidth[.]com Is Latest Victim of DDoS Attacks Date: 2021-09-28
Bandwidth is a voice over Internet Protocol (VoIP) services company that provides voice telephony over the Internet to businesses and resellers. Recent reporting suggests that they have become the latest victim of distributed denial of service attacks targeting VoIP providers this month, as a result there have been nationwide voice outages across the globe.
Microsoft Warns: Active Directory Foggyweb Malware Being Actively Used by Nobelium Gang Date: 2021-09-28
Nobelium is believed to be linked to the Russian government and has been attributed to the 2020 attack on Solarwinds, Orion IT Monitoring platforms. They pivoted from Solarwinds to infiltrate US government networks – including United States Court Systems.
A complete PoC exploit for CVE-2021-22005 in VMware vCenter is available online Date: 2021-09-28
We reported last week that VMware had released updates to address critical vulnerabilities in their vSphere and Cloud Foundation software where a remote attacker could take control of an affected device over port 443. These types of platforms often store mission-critical data in the form of virtual machines, which could include domain controllers, proprietary applications, as well as data centers.
SonicWall Critical Vulnerability Should Be Patched ASAP Date: 2021-09-27
A security notice related to a SonicWall critical vulnerability in SMA 100 series devices has been issued by the company. The flaws are classified as CVE-2021-20034. If successfully exploited, it could allow a cybercriminal to delete random files from (SMA 200, 210, 400, 410, 500v) products and achieve administrative rights. The company is urging users to patch it as soon as possible.
Readiness Pro: Privacy/Security Assessment & Policy Development Tool
Network Perimeter Security - Firewalls
Security Awareness Training
Network Security, Monitoring & Patching
Cloud Based Backup & Recovery
Backup Tape Vaulting & Rotation Services
Air Gap, Data Storage & Archiving
Data Destruction Services
Security Operations Center (SOC)
Data Storage and Media Updating
Server & Data Center Relocation Services
Breach Investigation & Notification Services
Forensic & Legal Investigations