The Simply Cyber Report: December 12, 2022

The Simply Cyber Report: December 12, 2022

Unfortunately a novel technique has been developed by Or Yair, a security researcher to weaponize the file deletion functionality of most enterprise quality EDR solutions to include SentinelOne and Microsoft.

If you're running or you support small business that runs F5 BIG-IP, Zyxel firewalls, Totolink and D-Link routers, and Hikvision cameras be on the lookout for a Go-based malware named Zerobot in the wild.

Be mindful of a wireless access point splash pages that could be delivering malware. Android malware dubbed "Zombinder" is infecting Android and Windows devices in a Just-in-time Trojan style malware.

MuddyWater, an Iranian based APT, has been pushing hard with remote administration tooling as an initial payload to ease compromise and establishing of persistence on victim machines.

Source articles:

https://www.securityweek.com/wafs-several-major-vendors-bypassed-generic-attack-method

https://www.bleepingcomputer.com/news/security/antivirus-and-edr-solutions-tricked-into-acting-as-data-wipers/

https://www.bleepingcomputer.com/news/security/hacked-corporate-email-accounts-used-to-send-msp-remote-access-tool/

https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/

https://www.bleepingcomputer.com/news/security/new-zerobot-malware-has-21-exploits-for-big-ip-zyxel-d-link-devices/