Month: August 2022

Malware & Threats

Issued by: Security Week

Believed to be backed by the North Korean government, Lazarus has been active since at least 2009, orchestrating various high-profile attacks, including numerous assaults on cryptocurrency entities. Also referred to as Hidden Cobra, Lazarus is believed to comprise multiple subgroups, the activities of which often overlap, the same as their tools. Over the past couple…

Network Security

Issued by: Security Week

Media coverage of data breaches (e.g., Cisco, Flagstar Bank, South Denver Cardiology Associates) often puts a spotlight on the tail end of the cyberattack life cycle, focusing on the exfiltration points rather than how the threat actor got there. Post-mortem analysis has repeatedly found that the most common source of a hack is compromised credentials…

Vulnerabilities

Issued by: Dark Reading

Researchers have discovered a vulnerability in the remote procedure calls (RPC) for the Windows Server service, which could allow an attacker to gain control over the domain controller (DC) in a specific network configuration and execute remote code. Malicious actors could also exploit the vulnerability to modify a server’s certificate mapping to perform server spoofing….

Malware & Threats

Issued by: Security Week

Also referred to as APT27, Bronze Union, Emissary Panda, Lucky Mouse, and TG-3390 (Threat Group 3390), Iron Tiger has been active since at least 2010, targeting hundreds of organizations worldwide for cyberespionage purposes. As part of recent attacks, the advanced persistent threat (APT) group abused the compromised servers of MiMi – an instant messaging application…

Malware & Threats

Issued by: Help Net Security

Avast released a report revealing a significant increase in global ransomware attacks, up 24% from Q1/2022. Researchers also uncovered a new zero-day exploit in Chrome, as well as signals how cybercriminals are preparing to move away from macros as an infection vector. Ransomware attacks increase After months of decline, global ransomware attacks increased significantly in…

Network Security

Issued by: Trend Micro Blog

As ransomware and BEC cyberattacks continue to increase, organizations are acquiring cyber insurance in record numbers to reduce cyber risk. According to Zurich, 83% of organizations have cyber insurance, the highest percentage in over a decade. However, there is some debate around the clarity of cyber insurance policy requirements and what security tools CISOs and…

Malware & Threats

Issued by: Kaspersky Blog

Our experts investigated the activity of Andariel, believed to be a subgroup of the Lazarus APT group. Cybercriminals use DTrack malware and Maui ransomware to attack businesses worldwide. As it’s typical for Lazarus, the group attacks for financial gain — this time through ransom demands. Targets of Andariel attacks Our experts concluded that, instead of…

Vulnerabilities

Issued by: Security Week

Acquired by Belden earlier this year, NetModule provides IIoT and industrial routers, vehicle routers, and other types of wireless M2M connectivity products. All of NetModule’s routers run the Linux-based NRSW by default, and can be managed remotely using a remote management platform. According to Flashpoint, its researchers recently identified two critical flaws in NetModule’s router…