%term

Cloud Threats Memo: Understanding the Dead Drop Resolver Technique

Dec 13, 2022 By Paolo Passeri In Netskope

If I asked you what the common ways to exploit a cloud app for malicious purposes are, I bet your answer would probably be either to use it to distribute malicious content (such as malware or phishing pages), or to host the command and control (C2) infrastructure. In reality another frequent technique is the dead drop resolver, where a legitimate service is abused by threat actors to host the information related to the C2 infrastructure rather than the C2 infrastructure itself.

Read Post

Netskope

Read more about Cloud Threats Memo: Understanding the Dead Drop Resolver Technique

PyPI malware creators are starting to employ Anti-Debug techniques

Dec 13, 2022 By Andrey Polkovnychenko In JFrog

The JFrog Security Research team continuously monitors popular open-source software (OSS) repositories with our automated tooling, and reports any vulnerabilities or malicious packages discovered to repository maintainers and the wider community.

Read Post

JFrog

Read more about PyPI malware creators are starting to employ Anti-Debug techniques

Threat Actors use Google Ads to Deploy VIDAR Stealer

Dec 13, 2022 By Kroll In Kroll

Kroll has observed threat actors abusing Google Ads to deploy malware masquerading as legitimate downloads or software that has been “cracked” or modified to remove or disable features such as copy protection or adware. As part of our analysis of this trend and threat, we have identified specifically that VIDAR malware, an information-stealing trojan, is using Google Ads to advertise spoofed domains and redirect users to fraudulent sites or malware downloads.

Read Post

Kroll

Read more about Threat Actors use Google Ads to Deploy VIDAR Stealer

Using a Ransomware Assessment to Identify Gaps & Risks

Dec 13, 2022 By SafeBreach In SafeBreach

FSIs face a myriad of challenges, and the impact has resulted in a 1,318% increase in ransomware attacks in 2021. Given the increasing sophistication of these attacks, there is a growing need for FSI’s to understand their level of risk and to implement a proactive approach to defending themselves.

View Video

SafeBreach

Read more about Using a Ransomware Assessment to Identify Gaps & Risks

The Simply Cyber Report: December 12, 2022

Dec 12, 2022 By LimaCharlie In LimaCharlie

Unfortunately a novel technique has been developed by Or Yair, a security researcher to weaponize the file deletion functionality of most enterprise quality EDR solutions to include SentinelOne and Microsoft. If you're running or you support small business that runs F5 BIG-IP, Zyxel firewalls, Totolink and D-Link routers, and Hikvision cameras be on the lookout for a Go-based malware named Zerobot in the wild.

View Video

LimaCharlie

Read more about The Simply Cyber Report: December 12, 2022

Take the Uncertainty Out of Ransomware Recovery | Rubrik Winter Release 2022

Dec 9, 2022 By Rubrik In Rubrik

At Winter Release 2022, we announced a new part of Rubrik Security Cloud, Rubrik Cyber Recovery, which delivers two new capabilities to help organizations better prepare for attacks and minimize operational downtime. We also announced today that Ransomware Monitoring & Investigation and Sensitive Data Monitoring & Management will support Microsoft OneDrive, SharePoint, NAS Cloud Direct, and Azure Virtual Machines.

View Video

Rubrik

Read more about Take the Uncertainty Out of Ransomware Recovery | Rubrik Winter Release 2022

Trojanized OneNote Document Leads to Formbook Malware

Dec 8, 2022 By Trustwave In Trustwave

Cybercriminals have long used Microsoft documents to pass along malware and they are always experimenting with new ways to deliver malicious packages. As defenders, Trustwave SpiderLabs’ researchers are always looking out for new or unusual file types, and through this ongoing research, we uncovered threat actors using a OneNote document to move Formbook malware, an information stealing trojan sold on an underground hacking forum since mid-2016 as malware-as-a-service.

Read Post

Trustwave

Read more about Trojanized OneNote Document Leads to Formbook Malware

Rubrik Named a Leader in Data Resilience Solution Suites

Dec 8, 2022 By Rubrik In Rubrik

Today, we’re thrilled to announce that Rubrik has been named a Leader in The Forrester Wave™: Data Resilience Solutions, Q4 2022. The report evaluated nine vendors based on 40 criteria, which were grouped into three categories: current offering, strategy, and market presence.

Read Post

Rubrik

Read more about Rubrik Named a Leader in Data Resilience Solution Suites

Discovered new BYOF technique to cryptomining with PRoot

Dec 5, 2022 By Biagio Dipalma In Sysdig

The Sysdig Threat Research Team (TRT) recently discovered threat actors leveraging an open source tool called PRoot to expand the scope of their operations to multiple Linux distributions and simplify their necessary efforts. Typically, the scope of an attack is limited by the varying configurations of each Linux distribution. Enter PRoot, an open source tool that provides an attacker with a consistent operational environment across different Linux distributions, such as Ubuntu, Fedora, and Alpine.

Read Post

Sysdig

Read more about Discovered new BYOF technique to cryptomining with PRoot

The troubles of being on Cloud9: Why your browsers are not safe

Dec 1, 2022 By Browser Security Plus In ManageEngine

With the new browser botnet, Cloud9, waiting to penetrate your browsers remotely to access and steal your sensitive and confidential data, it can be challenging to stay safe while browsing the internet. As reported by Bleeping Computer, this Remote Access Trojan named Cloud9 allows cyberattackers to execute commands remotely to steal your data. This malicious extension is not found in the Chrome store, but has been reported to be installed by other means. What’s the story of Cloud9?

Read Post