Security News > 2022 > February

Microsoft says threat and vulnerability management support for Android and iOS has reached general availability in Microsoft Defender for Endpoint, the company's enterprise endpoint security platform."Threat and vulnerability management in Microsoft Defender for Endpoint continuously monitors and identifies impacted devices, assesses associated risks in the environment, and provides intelligent prioritization and integrated workflows to seamlessly remediate vulnerabilities."

An Iranian state-backed hacking group tracked as APT35 is now deploying a new backdoor called PowerLess and developed using PowerShell. "The toolset analyzed includes extremely modular, multi-staged malware that decrypts and deploys additional payloads in several stages for the sake of both stealth and efficacy. At the time of writing this report, some of the IOCs remained active delivering new payloads," the Cybereason researchers said.

A new and powerful malware named 'Mars Stealer' has appeared in the wild, and appears to be a redesign of the Oski malware that shut down development abruptly in the summer of 2020. Mars Stealer is an information-stealing malware that steals data from all popular web browsers, two-factor authentication plugins, and multiple cryptocurrency extensions and wallets.

That's why databases are at the top of the hit list for ransomware gangs, and why organisations need to consider their data operation as very much in the front line when it comes to defending against disaster. Given that it's not a question of if but when you'll be hit with ransomware and other threats, it stands to reason that protecting the database AND ensuring rapid recovery in the event of a disaster is essential to your organisation's survival.

Two companies owned by Hamburg-based company fuel group Marquard & Bahls are battling cyberattackers, with loading and unloading systems at the German arm of petrol tank terminal provider Oiltanking affected. The company this afternoon confirmed to The Register that Oiltanking GmbH's terminals - which provide Shell service stations, among others - are "Operating with limited capacity" and that Mabanaft GmbH had "Declared force majeure for the majority of its inland supply activities in Germany."

It's time for threat hunters and IT security staff to familiarize themselves with how these are used in the attack chains of some of the most common enterprise malware. Malware families like the Mirai botnet use wget to download the second stage of the malware in the C2 phase of its attack lifecycle.

More than 100,000 files with student records belonging to British Council were found exposed online. British Council promotes the study of British culture and the English language around the world and is known for administering the IELTS standardized language exam.

Oiltanking GmbH, a German petrol distributor who supplies Shell gas stations in the country, has fallen victim to a cyberattack that severely impacted its operations. On Saturday, January 29th 2022, Oiltanking GmbH Group and Mabanaft GmbH & Co. KG Group discovered we have been the victim of a cyber incident affecting our IT systems.

In a sign that threat actors continuously shift tactics and update their defensive measures, the operators of the SolarMarker information stealer and backdoor have been found leveraging stealthy tricks to establish long-term persistence on compromised systems. The first set, reported in April, took advantage of search engine poisoning techniques to trick business professionals into visiting sketchy Google sites that installed SolarMarker on the victim's machines.

A Russian naval exercise in the Atlantic, near several submarine cables between Britain, France and the US, is more likely to be sabre-rattling than an attempt to sabotage critical communication links. In its original location the exercise caught the eye of many more people - because it sat right on top of two existing submarine cables and a third due to be commissioned in the next couple of months.