Security News > 2022 > January

Threat actors are actively incorporating public cloud services from Amazon and Microsoft into their malicious campaigns to deliver commodity remote access trojans such as Nanocore, Netwire, and AsyncRAT to siphon sensitive information from compromised systems. "From the use of cloud infrastructure to host malware to the abuse of dynamic DNS for command-and-control activities. Additionally, the layers of obfuscation point to the current state of criminal cyber activities, where it takes lots of analysis to get down to the final payload and intentions of the attack."

The latest Windows Server updates are causing severe issues for administrators, with domain controllers having spontaneous reboots, Hyper-V not starting, and inaccessible ReFS volumes until the updates are rolled back. The most serious issue introduced by these updates is that Windows domain controllers enter a boot loop, with servers getting into an endless cycle of Windows starting and then rebooting after a few minutes.

Scammers are taking full advantage of the launch of Google's new TikTok competitor, YouTube Shorts, which has turned out to be an awesome tool for feeding billions of engaged viewers stolen content. Narang analyzed 50 different YouTube channels and found as of December, they had racked up 3.2 billion views across at least 38,293 videos stolen from TikTok creators.

Microsoft is now rolling out redesigned hardware indicator flyouts that align with Windows 11's design to all Windows Insiders in the Dev Channel. "We have updated the flyout design for the hardware indicators for brightness, volume, camera privacy, camera on/off and airplane mode, to align with Windows 11 design principles," Microsoft's Amanda Langowski and Brandon LeBlanc said.

As you can imagine, some classes of RCE bug are considered much more wormable than others, especially bugs that can be triggered directly via a simple network interaction. HTTP.sys is part of Windows and is available to any program that uses ASP.NET. HTTP.sys works on Windows 7 clients and later.

A Nottingham man was imprisoned this week for more than two years after hacking the computers and phones of dozens of victims, some of them underage, and spying on them using remote access trojans. 32-year-old Robert Davies used fake online social media profiles and Skype accounts for catfishing his victims and hacking their devices by sending links that allowed him to infect them with RATs obfuscated using crypters.

New York Attorney General Letitia James reported 1.1 million credentials tied to 17 "Well known" state businesses were compromised in recent cyberattacks. According to the alert, many of the firms were unaware that that their customer's passwords had been compromised.

A ransomware attack is not a smash and grab operation. You should also put in place a zero trust approach across your organisation, as well as analytics capabilities to work out what data has been affected in an attack.

The Magniber ransomware has been spotted using Windows application package files signed with valid certificates to drop malware pretending to be Chrome and Edge web browser updates. APPX files are Windows application package files created for streamlined distribution and installation, and have been abused by various threats in the past for malware distribution.

Organizations need to be vigilant for such attacks and make sure they have the means to prevent or combat them. "The advisory doesn't mention the current Russian-Ukraine tensions, but if the conflict escalates, you can expect Russian cyber threats to increase their operations," said Rick Holland, chief information security officer at Digital Shadows.