‘More_eggs’ is a backdoor sold as a “malware-as-a-service” (MaaS) by a threat group known as “Golden Chickens” and predominantly used by three criminal groups: FIN6, Cobalt Group, and Evilnum. In the latest campaign, unearthed by researchers from eSentire and targeting a professional working in the healthcare technology industry, a threat actor is exploiting fake job offers on LinkedIn to deploy the ‘More_eggs’ backdoor on the victim’s machine.

As of late, cyber threats have only grown in velocity and volume, with cybercriminals taking advantage of every new capability to grow and prosper. Couple that with a global pandemic and a sudden increase in remote working in the cloud, and you open the door to countless new vulnerabilities.

Several healthcare entities have reported data breaches after being notified of a “privacy incident” by Med-Data, a vendor providing revenue cycle services to hospitals, healthcare systems, and their patients. This privacy incident involves a leaky cloud service and has exposed the personal information of thousands of individuals, since at least December 2020.

The COVID-19 pandemic caused a dramatic shift to remote work that placed many who previously worked in the office at home working alongside their families. We saw an increase in personal usage of company laptops, including personal web browsing, gaming, media consumption, and online shopping. In this blog post, we will take a look at the personal usage of managed devices from a different angle: data security. In 2020, 83% of users accessed personal app instances from managed devices each month.

The biggest fundamental shift in the era of digital transformation is that data is no longer on a CPU that the enterprise owns. Security teams focused on cloud must invest in the right technology to achieve more complete data protection, and we all need to ensure Zero Trust principles are applied everywhere data needs protection. At Netskope, we describe this as Zero Trust Data Protection. In its simplest form, Zero Trust means: Don’t trust the things you do not need to trust.

On March 2, Microsoft released patches to address four zero-day vulnerabilities in Microsoft Exchange Server software. Those vulnerabilities, known collectively as ProxyLogon, affect on-premises Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019. (Exchange Online, which is part of Microsoft 365, has not been affected.)

Cloud-native threats have multiple implications. We are used to seeing legitimate cloud applications exploited within sophisticated kill chains, and we forget the basics: such as the risks posed by Shadow IT, like when personal email accounts are used to improperly handle corporate data. This is a very real risk right now, when users are working almost completely from home and the line between the professional and personal use of work devices is blurred.

As we address a number of anniversaries related to the COVID-19 pandemic, you’re likely reminded of a lot of the uncertainty you were feeling coming into an indefinite work from home scenario. I know I certainly am.

Not even seven days after its public release, the American Rescue Plan Act has already been exploited by cybercriminals. This is the latest example of using a relief measure as bait for phishing or malware delivery.

In the summer of 2020, there was a big, short-lived spike in malicious Office documents. The Emotet crew had been quiet in the spring and began leveraging their botnet to send extremely convincing phishing emails to their victims, often with a link to download an invoice or other document from a popular cloud service. Those documents contained malicious code that installed backdoors, ransomware, bankers, and other malware on unsuspecting victims’ computers.